<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<META NAME="Generator" CONTENT="MS Exchange Server version 5.5.2655.35">
<TITLE>RE: Notifications?</TITLE>
</HEAD>
<BODY>
<P><FONT SIZE=2>I would definitely be interested in contributing to/writing this.</FONT>
</P>
<P><FONT SIZE=2>I'll defer to Julian as to what would be useful in the log but a syslog-like format would probably be useful...</FONT>
</P>
<P><FONT SIZE=2>Date/time hostname message-id path-to-message recipient sender subject</FONT>
</P>
<P><FONT SIZE=2>If this log could make multiple entries for each recipient it could save some parsing on scripts using the log.</FONT>
</P>
<P><FONT SIZE=2>I'd probably attach the original message to a new message with one recipient in order to avoid the inadvertant sending to all recipients.</FONT></P>
<P><FONT SIZE=2>It might not be too diffcult to write two methods of retrieveing/whitelisting/learning these messages, one via email and the other via a web interface.</FONT></P>
<P><FONT SIZE=2>Thanks,</FONT>
</P>
<P><FONT SIZE=2>Derek Winkler</FONT>
<BR><FONT SIZE=2>Security Administrator </FONT>
<BR><FONT SIZE=2>Algorithmics Inc., Toronto </FONT>
<BR><FONT SIZE=2>Tel: (416) 217-4107 </FONT>
<BR><FONT SIZE=2>Fax: (416) 971-6263 </FONT>
<BR><FONT SIZE=2>www.algorithmics.com </FONT>
</P>
<BR>
<P><FONT SIZE=2>-----Original Message-----</FONT>
<BR><FONT SIZE=2>From: Julian Field [<A HREF="mailto:mailscanner@ecs.soton.ac.uk">mailto:mailscanner@ecs.soton.ac.uk</A>]</FONT>
<BR><FONT SIZE=2>Sent: Friday, August 08, 2003 11:36 AM</FONT>
<BR><FONT SIZE=2>To: MAILSCANNER@jiscmail.ac.uk</FONT>
<BR><FONT SIZE=2>Subject: Re: Notifications?</FONT>
</P>
<BR>
<P><FONT SIZE=2>If someone else wants to write it, I'll happily add some extra logging for</FONT>
<BR><FONT SIZE=2>them to use.</FONT>
</P>
<P><FONT SIZE=2>At 15:49 08/08/2003, you wrote:</FONT>
<BR><FONT SIZE=2>>I think the idea to quarantine spam and allow users to release it if they</FONT>
<BR><FONT SIZE=2>>desire might be a nice, low-admin-overhead way of letting users search for</FONT>
<BR><FONT SIZE=2>>false positives on their own, but wouldn't it also require splitting</FONT>
<BR><FONT SIZE=2>>messages before MS sees them? Otherwise I would expect that there may be</FONT>
<BR><FONT SIZE=2>>issues with one user releasing a spam expecting it to come only to him and</FONT>
<BR><FONT SIZE=2>>inadvertantly sending it to other recipients of the original message. I</FONT>
<BR><FONT SIZE=2>>really like the idea though.</FONT>
<BR><FONT SIZE=2>></FONT>
<BR><FONT SIZE=2>> > -----Original Message-----</FONT>
<BR><FONT SIZE=2>> > From: Ken Anderson [<A HREF="mailto:ka@PACIFIC.NET">mailto:ka@PACIFIC.NET</A>]</FONT>
<BR><FONT SIZE=2>> > Sent: Friday, August 08, 2003 9:40 AM</FONT>
<BR><FONT SIZE=2>> > To: MAILSCANNER@JISCMAIL.AC.UK</FONT>
<BR><FONT SIZE=2>> > Subject: Re: Notifications?</FONT>
<BR><FONT SIZE=2>> ></FONT>
<BR><FONT SIZE=2>> ></FONT>
<BR><FONT SIZE=2>> > Julian Field wrote:</FONT>
<BR><FONT SIZE=2>> ></FONT>
<BR><FONT SIZE=2>> > > You cannot currently do this. Wouldn't it generate an</FONT>
<BR><FONT SIZE=2>> > /awful/ lot of mail?</FONT>
<BR><FONT SIZE=2>> ></FONT>
<BR><FONT SIZE=2>> > It would. But if it could be a daily (or configurable) digest sent to</FONT>
<BR><FONT SIZE=2>> > the end user of spam quarantined with a nice link to release the</FONT>
<BR><FONT SIZE=2>> > individual emails? That would be nice. I'm sure this has occurred to</FONT>
<BR><FONT SIZE=2>> > others on this list.. Anyone put any work into such a thing?</FONT>
<BR><FONT SIZE=2>> ></FONT>
<BR><FONT SIZE=2>> > Other Anti-Spam solutions have this; Postini, active-state's new</FONT>
<BR><FONT SIZE=2>> > anti-spam product - I saw it at linuxworld tuesday - very cool, but I</FONT>
<BR><FONT SIZE=2>> > can't remember the name of the product!</FONT>
<BR><FONT SIZE=2>> ></FONT>
<BR><FONT SIZE=2>> > The result would be that the end user wouldn't have to d/l</FONT>
<BR><FONT SIZE=2>> > 50-80% {SPAM}</FONT>
<BR><FONT SIZE=2>> > tagged email and filter it locally. The impression by the end</FONT>
<BR><FONT SIZE=2>> > user would</FONT>
<BR><FONT SIZE=2>> > be that we were taking care of that for them. :-)</FONT>
<BR><FONT SIZE=2>> ></FONT>
<BR><FONT SIZE=2>> > This may not be a MailScanner feature, maybe an addon script or two?</FONT>
<BR><FONT SIZE=2>> > MailScanner could help by writing out a log of what it has quarantined</FONT>
<BR><FONT SIZE=2>> > when and where it has put it. I would expect this could be done with</FONT>
<BR><FONT SIZE=2>> > some simple logging code in MailScanner at the same points it</FONT>
<BR><FONT SIZE=2>> > currently</FONT>
<BR><FONT SIZE=2>> > logs quarantine info to the maillog.</FONT>
<BR><FONT SIZE=2>> > Then a perl script run from cron could read the "quarantine log" and</FONT>
<BR><FONT SIZE=2>> > generate emails to end users on a regular basis. Another script could</FONT>
<BR><FONT SIZE=2>> > handle releasing the quarantined email when an end user clicked a link</FONT>
<BR><FONT SIZE=2>> > in the email.</FONT>
<BR><FONT SIZE=2>> ></FONT>
<BR><FONT SIZE=2>> > Ken</FONT>
<BR><FONT SIZE=2>> > Pacific.Net</FONT>
<BR><FONT SIZE=2>> ></FONT>
<BR><FONT SIZE=2>> ></FONT>
<BR><FONT SIZE=2>> > > At 04:51 08/08/2003, you wrote:</FONT>
<BR><FONT SIZE=2>> > ></FONT>
<BR><FONT SIZE=2>> > >> I was reading through the documentation and I stumbled</FONT>
<BR><FONT SIZE=2>> > across the actions</FONT>
<BR><FONT SIZE=2>> > >> section for SPAM. I was playing with the settings and</FONT>
<BR><FONT SIZE=2>> > rules files (which</FONT>
<BR><FONT SIZE=2>> > >> make all of our lives easier) when I finally ended up with "store"</FONT>
<BR><FONT SIZE=2>> > >> being the</FONT>
<BR><FONT SIZE=2>> > >> action I opted for SPAM and "delete" for HIGH SPAM.</FONT>
<BR><FONT SIZE=2>> > >></FONT>
<BR><FONT SIZE=2>> > >> This is working well, (after learning the hard way that quarantine</FONT>
<BR><FONT SIZE=2>> > >> directory</FONT>
<BR><FONT SIZE=2>> > >> has to be owned by postfix:postfix :)) exepct that I don't get</FONT>
<BR><FONT SIZE=2>> > >> notified when</FONT>
<BR><FONT SIZE=2>> > >> a message is received and "stored". I assume this is by</FONT>
<BR><FONT SIZE=2>> > design, however,</FONT>
<BR><FONT SIZE=2>> > >> I'm curious about whether the system can notify AND store</FONT>
<BR><FONT SIZE=2>> > the message</FONT>
<BR><FONT SIZE=2>> > >> with a</FONT>
<BR><FONT SIZE=2>> > >> notification such as the one used to notify of "stored"</FONT>
<BR><FONT SIZE=2>> > messages that are</FONT>
<BR><FONT SIZE=2>> > >> identified as viruses/filename?</FONT>
<BR><FONT SIZE=2>> > >></FONT>
<BR><FONT SIZE=2>> > >> I suppose I'm looking for a SPAM equilvalent for the "Stored Virus</FONT>
<BR><FONT SIZE=2>> > >> Message</FONT>
<BR><FONT SIZE=2>> > >> Report" variable that is ONLY sent to the ADMIN identified</FONT>
<BR><FONT SIZE=2>> > by "Notices</FONT>
<BR><FONT SIZE=2>> > >> To"...</FONT>
</P>
<P><FONT SIZE=2>--</FONT>
<BR><FONT SIZE=2>Julian Field</FONT>
<BR><FONT SIZE=2>www.MailScanner.info</FONT>
<BR><FONT SIZE=2>MailScanner thanks transtec Computers for their support</FONT>
</P>
</BODY>
</HTML>