If attachment==exe then 1. Quarantine - duplicate-quarantine("Policy") 2. Strip Attachment by File Info - drop-attachments-by-filetype("Executable")
It seems to be working fine. The recipient get the email without attachment and there's a copy of the original email with the attachment in the quarantine. My problem is when I try to release the original message I never get it. If I use the "send a copy" option in the quarantine, the user gets a copy. But releasing doesn't seem to work. Message tracking in Exchange 2003 doesn't find anything.
Anyone have any idea what's going on?
Here's a snippet of the mail_logs :
Thu Mar 13 15:39:27 2008 Info: MID 1600484 antivirus negative Thu Mar 13 15:39:27 2008 Info: MID 1600484 queued for delivery Thu Mar 13 15:39:27 2008 Info: Delivery start DCID 504524 MID 1600484 to RID  Thu Mar 13 15:39:27 2008 Info: Message done DCID 504524 MID 1600484 to RID  Thu Mar 13 15:39:27 2008 Info: MID 1600484 RID  Response '2.6.0 <f4aed9e81f2dd> Queued mail for delivery' Thu Mar 13 15:39:27 2008 Info: Message finished MID 1600484 done
When something gets released from the Policy quarantine, the entry in the "mail_logs" should look something like this:
Thu Mar 20 22:54:59 2008 Info: MID 530 released from quarantine "Policy" (manual) t=331 Thu Mar 20 22:54:59 2008 Info: MID 530 released from all quarantines Thu Mar 20 22:54:59 2008 Info: MID 530 matched all recipients for per-recipient policy DEFAULT in the outbound table Thu Mar 20 22:54:59 2008 Info: MID 530 queued for delivery
Search for this on your command line:
grep -i "released from quarantine \"Policy\"" mail_logs
I had the same problem. The Problem is, if the Message is released from Quarantine the same Message-ID is used. The Exchange Server doesn't recognize that a new mail has been send.
To solve that Problem you have to strip Message-ID in the E-Mail Header first with an Action Rule like strip-header("Message-ID") before you Quarantine the mail. Now the Mail gets a new Message-ID and the Exchange-Server will send the released Mail properly.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...