PureMessage for UNIX: Quarantine information (when and how to use it)

  • Article ID: 16525
  • Rating:
  • 2 customers rated this article 1.0 out of 6
  • Updated: 07 Jun 2012

Quarantine information is metadata about quarantined messages. When a message is quarantined, quarantine information is added at the end of the message before getting filed into a directory under /opt/pmx/qdir/cur/[0-9] (by indexing processes). The same quarantine information is added to the database (by pmx-qmeta-index).

Because quarantine information is stored in two places, there are three viewing methods:

  1. Use the PureMessage Manager.
  2. View the quarantined message file under qdir/cur/.
  3. Use pmx-qman to view the quarantine information stored in the quarantined message file.

The first method is reading from the database. The second and third methods are reading from quarantined message files.

PureMessage Manager

Normally, quarantined messages are handled via the PureMessage Manager (Quarantine >Manage Quarantine). When you click on an envelope icon in the list of quarantined messages, a pop-up window with three tabs is displayed. The quarantine information is on the second tab.

The Quarantine Info tab:

  • Shows all spam rules hit, regardless of spam probability for each hit.
  • Does not show the corresponding weight, probability adjust %, nor spam probability for each hit.
  • Sorts spam rules alphabetically.

Quarantine information in quarantined message files and pmx-qman

At the end of each quarantined message file found under /opt/pmx/var/qdir/cur/[0-9]:

  • Show all spam rules hit, regardless of spam probability for each hit.
  • Does not show the corresponding weight nor probability adjust % for each hit.
  • Sort spam rules as:

    1. Spam rules with customized weight and/or probability adjust % come first.
      • Higher customized weight comes first.
      • Equally weighted spam rules are then sorted by probability adjust %.
      • Spam rules with equal spam probability are then sorted alphabetically.
    2. Spam rules with default weight and probability adjust % come next.
    3. Higher default weight comes first.
    4. Spam rules with equal spam probability are then sorted alphabetically.

This form of presentation helps when you are looking for the primary contributing spam rules for a given quarantined message. It is most useful when troubleshooting false-positive spam. You can determine whether the high spam probability is caused by any customized weight and/or probability adjust % and/or which spam rules are triggering the false-positive.

If an email user sends the false-positive spam message without the quarantine information, then the quarantine information can be obtained by doing the following steps:

  1. Log in or ssh or `su - pmx to a PureMessage test server.
  2. Copy the message to the test server and run:

    pmx-policy inject messageFileName --dry-run --relay anywhere.local

  3. Follow what the directions proved in the output, and run:

    pmx-qman --qdir '/opt/pmx/var/policy/test_store'

    The above is based on default installation location of /opt/pmx/.
  4. In the pmx-qman interactive prompt, press 'l' (L) to show a message list. It should be the last message in the list. Then, press 'i x' (where x is the number of that message in message list) to view the quarantine information on this message.

pmx-spam scan command

Note: pmx-spam scan does not use customized weight and probability adjusted %; only default values are used. If

pmx-spam scan messageFileName

returns a different spam probability than

pmx-policy inject messageFileName --dry-run --relay anywhere.local

does, then look for any spam rules hit with customized weight and/or probability adjust %.

 
If you need more information or guidance, then please contact technical support.

Rate this article

Very poor Excellent

Comments