How to exclude particular email address from CA Random Sampling!
Created: 13 Aug 2012 | Updated: 04 Sep 2012 | 8 comments
This issue has been solved. See solution.
Hello Folks,
I am tring to find a way to exclude a particular email address from being captured in CA Randoming sampling.
I have tried Configuration --> Settings --> Random Capture --> Exclude items with this text in subject, but it doesn't seems to be working.
In the above option i have specified the exact subject like as the email i want to be excluded (without quotes), this email is a system generated by our spam filter with a specific subject line.. (xxx xxx - IronPort Spam Qurantine Notification). Also i restarted EVAMS after this modification.
Any thoughts?
Regards,
Satya
Discussion Filed Under:
Comments 8 Comments • Jump to latest comment
This might be your issue:
Subject line exclusions no longer work in Compliance Accelerator 10.0
If you have multiple items you need excluded you could look at Custom Filtering or DCS.
With Custom Filtering you could choose to not even archive those items.
Tony Sterling
www.bluesource.net or www.bluesource.co.uk
Offices in the US and the UK
I have added the subject keyword in custom filtering as well but doesn't seems to appear like its working :(
Can you attach your custom filtering rules? Also, do you see any events in the EV App log?
Also, have you seen this?
Message subject filters for custom filtering
Tony Sterling
www.bluesource.net or www.bluesource.co.uk
Offices in the US and the UK
This is what i have in my 'Filter Rules.xml' file. Is this file name correct or it should be 'Custom Filter Rules.xml'?
<?xml version="1.0"?>
<RULE_SET xmlns="x-schema:ruleset schema.xdr">
<!--This rule will hard delete items that match the subject criteria below -->
<!--
<RULE NAME="HardDeleteJournalItems" ACTION="HARD_DELETE">
<SUBJECTS INCLUDES="ANY">
<SUBJ MATCH="CONTAINS">Out of Office Autoreply</SUBJ>
<SUBJ MATCH="CONTAINS">IronPort Spam Quarantine Notification</SUBJ>
</SUBJECTS>
</RULE>
-->
It should be called Default Filter Rules.xml
You can review the relevant TN's
Configuring custom filtering
Article URL http://www.symantec.com/docs/HOWTO37055
or check the Configuring filtering section of the Setting up Exchange Archiving.pdf
Tony Sterling
www.bluesource.net or www.bluesource.co.uk
Offices in the US and the UK
I am getting this error when using the default filter rules.xml, i am setting the filter to use just 2 subject keywords to exclude specific email from being journaled.
Event Type: Error
Event Source: Enterprise Vault
Event Category: Journal Task
Event ID: 45315
Description:
An error has occurred when adding a custom rule set.
This error may be caused by incorrect XML syntax.
Error: 0xc00ce011
Internal References:
Element cannot be empty according to the DTD/Schema.
Details:
Source: C:\Program Files\Enterprise Vault\Custom Filter Rules\Default Filter Rules.xml
Line: 15
Position: 3
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
<?xml version="1.0"?>
<RULE_SET xmlns="x-schema:ruleset schema.xdr">
<!--This rule will hard delete items that match the subject criteria below -->
<!--
<RULE NAME="HardDeleteJournalItems" ACTION="HARD_DELETE">
<SUBJECTS INCLUDES="ANY">
<SUBJ MATCH="CONTAINS">IronPort Spam Quarantine Notification</SUBJ>
<SUBJ MATCH="CONTAINS">Undeliverable</SUBJ>
</SUBJECTS>
</RULE>
-->
</RULE_SET>
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
I don't believe this --> should be there above </RULE_SET>.
So like this
<?xml version="1.0"?>
<RULE_SET xmlns="x-schema:ruleset schema.xdr">
<!--This rule will hard delete items that match the subject criteria below -->
<RULE NAME="HardDeleteJournalItems" ACTION="HARD_DELETE">
<SUBJECTS INCLUDES="ANY">
<SUBJ MATCH="CONTAINS">IronPort Spam Quarantine Notification</SUBJ>
<SUBJ MATCH="CONTAINS">Undeliverable</SUBJ>
</SUBJECTS>
</RULE>
</RULE_SET>
Tony Sterling
www.bluesource.net or www.bluesource.co.uk
Offices in the US and the UK
Thanks Tony! That was it i had to remove <!-- and --> and restarted JC and didn't get error anymore.
Next thing is to validate if this works and doesn't samples the notification email anymore.
This is after correction!
<?xml version="1.0"?>
<RULE_SET xmlns="x-schema:ruleset schema.xdr">
<!--This rule will hard delete items that match the subject criteria below -->
<RULE NAME="HardDeleteJournalItems" ACTION="HARD_DELETE">
<SUBJECTS INCLUDES="ANY">
<SUBJ MATCH="CONTAINS">IronPort Spam Quarantine Notification</SUBJ>
<SUBJ MATCH="CONTAINS">Undeliverable</SUBJ>
</SUBJECTS>
</RULE>
</RULE_SET>
Would you like to reply?
Login or Register to post your comment.