03-13-2008 09:52 PM
I have a content filter that goes like this :
If attachment==exe then
1. Quarantine - duplicate-quarantine("Policy")
2. Strip Attachment by File Info - drop-attachments-by-filetype("Executable")
It seems to be working fine. The recipient get the email without attachment and there's a copy of the original email with the attachment in the quarantine. My problem is when I try to release the original message I never get it. If I use the "send a copy" option in the quarantine, the user gets a copy. But releasing doesn't seem to work. Message tracking in Exchange 2003 doesn't find anything.
Anyone have any idea what's going on?
Here's a snippet of the mail_logs :
Thu Mar 13 15:39:27 2008 Info: MID 1600484 antivirus negative
Thu Mar 13 15:39:27 2008 Info: MID 1600484 queued for delivery
Thu Mar 13 15:39:27 2008 Info: Delivery start DCID 504524 MID 1600484 to RID [0]
Thu Mar 13 15:39:27 2008 Info: Message done DCID 504524 MID 1600484 to RID [0]
Thu Mar 13 15:39:27 2008 Info: MID 1600484 RID [0] Response '2.6.0 <f4aed9e81f2dd> Queued mail for delivery'
Thu Mar 13 15:39:27 2008 Info: Message finished MID 1600484 done
03-21-2008 12:01 AM
When something gets released from the Policy quarantine, the entry in the "mail_logs" should look something like this:
Thu Mar 20 22:54:59 2008 Info: MID 530 released from quarantine "Policy" (manual) t=331
Thu Mar 20 22:54:59 2008 Info: MID 530 released from all quarantines
Thu Mar 20 22:54:59 2008 Info: MID 530 matched all recipients for per-recipient policy DEFAULT in the outbound table
Thu Mar 20 22:54:59 2008 Info: MID 530 queued for delivery
Search for this on your command line:
grep -i "released from quarantine \"Policy\"" mail_logs
10-16-2008 10:33 AM
I had the same problem. The Problem is, if the Message is released from Quarantine the same Message-ID is used. The Exchange Server doesn't recognize that a new mail has been send.
To solve that Problem you have to strip Message-ID in the E-Mail Header first with an Action Rule like strip-header("Message-ID") before you Quarantine the mail. Now the Mail gets a new Message-ID and the Exchange-Server will send the released Mail properly.
Hope that will help you.
Regards,
Andreas
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide