Notifications?

[Derek Winkler]

I would definitely be interested in contributing to/writing this.

I'll defer to Julian as to what would be useful in the log but a syslog-like
format would probably be useful...

Date/time hostname message-id path-to-message recipient sender subject

If this log could make multiple entries for each recipient it could save
some parsing on scripts using the log.

I'd probably attach the original message to a new message with one recipient
in order to avoid the inadvertant sending to all recipients.

It might not be too diffcult to write two methods of
retrieveing/whitelisting/learning these messages, one via email and the
other via a web interface.

Thanks,

Derek Winkler
Security Administrator
Algorithmics Inc., Toronto
Tel: (416) 217-4107
Fax: (416) 971-6263
www.algorithmics.com


-----Original Message-----
From: Julian Field [mailto:mailscanner at ecs.soton.ac.uk]
Sent: Friday, August 08, 2003 11:36 AM
To: MAILSCANNER at jiscmail.ac.uk
Subject: Re: Notifications?


If someone else wants to write it, I'll happily add some extra logging for
them to use.

At 15:49 08/08/2003, you wrote:
>I think the idea to quarantine spam and allow users to release it if they
>desire might be a nice, low-admin-overhead way of letting users search for
>false positives on their own, but wouldn't it also require splitting
>messages before MS sees them?  Otherwise I would expect that there may be
>issues with one user releasing a spam expecting it to come only to him and
>inadvertantly sending it to other recipients of the original message.  I
>really like the idea though.
>
> > -----Original Message-----
> > From: Ken Anderson [mailto:ka at PACIFIC.NET]
> > Sent: Friday, August 08, 2003 9:40 AM
> > To: MAILSCANNER at JISCMAIL.AC.UK
> > Subject: Re: Notifications?
> >
> >
> > Julian Field wrote:
> >
> > > You cannot currently do this. Wouldn't it generate an
> > /awful/ lot of mail?
> >
> > It would. But if it could be a daily (or configurable) digest sent to
> > the end user of spam quarantined with a nice link to release the
> > individual emails? That would be nice. I'm sure this has occurred to
> > others on this list.. Anyone put any work into such a thing?
> >
> > Other Anti-Spam solutions have this; Postini, active-state's new
> > anti-spam product - I saw it at linuxworld tuesday - very cool, but I
> > can't remember the name of the product!
> >
> > The result would be that the end user wouldn't have to d/l
> > 50-80% {SPAM}
> > tagged email and filter it locally. The impression by the end
> > user would
> > be that we were taking care of that for them. :-)
> >
> > This may not be a MailScanner feature, maybe an addon script or two?
> > MailScanner could help by writing out a log of what it has quarantined
> > when and where it has put it. I would expect this could be done with
> > some simple logging code in MailScanner at the same points it
> > currently
> > logs quarantine info to the maillog.
> > Then a perl script run from cron could read the "quarantine log" and
> > generate emails to end users on a regular basis. Another script could
> > handle releasing the quarantined email when an end user clicked a link
> > in the email.
> >
> > Ken
> > Pacific.Net
> >
> >
> > > At 04:51 08/08/2003, you wrote:
> > >
> > >> I was reading through the documentation and I stumbled
> > across the actions
> > >> section for SPAM.  I was playing with the settings and
> > rules files (which
> > >> make all of our lives easier) when I finally ended up with "store"
> > >> being the
> > >> action I opted for SPAM and "delete" for HIGH SPAM.
> > >>
> > >> This is working well, (after learning the hard way that quarantine
> > >> directory
> > >> has to be owned by postfix:postfix :)) exepct that I don't get
> > >> notified when
> > >> a message is received and "stored".  I assume this is by
> > design, however,
> > >> I'm curious about whether the system can notify AND store
> > the message
> > >> with a
> > >> notification such as the one used to notify of "stored"
> > messages that are
> > >> identified as viruses/filename?
> > >>
> > >> I suppose I'm looking for a SPAM equilvalent for the "Stored Virus
> > >> Message
> > >> Report" variable that is ONLY sent to the ADMIN identified
> > by "Notices
> > >> To"...

--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20030808/99cad1ea/attachment.html