Spam Quarantine report by user?

Sat Sep 4 02:19:28 IST 2004

> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK] On
> Behalf Of Michael R. Dilworth (E-mail)
> Sent: Friday, September 03, 2004 8:07 PM
> To: MAILSCANNER at JISCMAIL.AC.UK
> Subject: Spam Quarantine report by user?
>
>         I've googled around (maybe I just can't come up with
>         the right query!)
>
>         Has any one written (and would like to share) a script
>         to scan the "qf" files in the spam quarantine, emailing
>         the user with the qid, sender and subject?
>
>         I would like to run this daily (cron) to allow my users
>         to look for false positives, I've been doing it, and
>         would like to stop! (5000 a week).
>
>         Any thing close would be a help and I will share the
>         result.
>
>         Hoping to avoid re-inventing the wheel...
>         Thanks Michael.
>

We will be testing such a script for one of our customers early next week.
While they have paid us to develop this script, they are allowing us to
release the script as open source software.

The script will look at the quarantine directories and email daily to each
user that has email(s) in quarantine something like:

(For each email in quarantine)

        Subject: Grow whatever
        From: trusty at slezball.com

        Click here to view message
        Click here to release message

The program relies on Steve Freegard's (excellent) MailWatch program code to
"view" and "release" messages (why re-invent the wheel - but there are some
security issues with this approach :)

The intent of our customer is to:

        1. Delete the real junk (SA score > 10)
        2. Store the probable, but a few false positives (SA score >5 & <10)
        3. Send this email out once a day.

Some Caveats:

Our customer's site used LDAP lookups to reject email for unknown users on
the mail hub. If you can't establish valid email addresses on the gateway,
you will have problems can't running our (or any other) program that
attempts to perform similar function since mail for invalid users on the
mail hub will be stored in quarantine on the gateway :(

Having stated this, it should be possible to establish (in near real time)
valid "relay for" addresses by continually looking at the successful relays
in the mail log files (Anyone want to try???).

Since our program can use a list of email address as the criteria to send
the "you have mail in quarantine" emails, it should be possible to use our
program even on relatively "dumb" gateways. (once someone come up with the
". Anyone want to try??? Script solution). Seriously we'll eventually write
it but the solution will be available sooner if someone else jumps on the
problem. I'll be happy to discuss some thoughts on how to actually do this
off list.

I'll release the name of our customer as soon as I have their OK. This is
the way Open Source should work - a good idea - a solution - a user who is
willing to share their solution!

Comments, flames and other thoughts are always welcomes.

Have a great weekend.

Steve

Steve Swaney
President
Fortress Systems Ltd.
www.fsl.com
steve.swaney at fsl.com

--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

Fortress Systems Ltd.
www.fsl.com

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).