Messaging Gateway

I'm running a Symantec Brightmail Gateway version 8.0.2-12, and one thing that has annoyed me is the lack of a message log (or at least I can't find it). I'm used to the Barracudas, where you go to the "Message Log" and you get a list of every message that has come through the Barracuda, both inbound and outbound, and it allows you to mark messages that made it through as spam, whitelist messages that it thought where spam, etc. Is there a way to get a similar listing in the Brightmail Gateway, and if it's not already done (it doesn't appear to be), set it up so all messages that don't make it through are sent to the local quarantine, then deleted after however many days? I think the way mine is configured is very plain, out of the box, so messages that it thinks are spam are deleted, and other messages get forwarded on to my Exchange server.

Thanks,
Dave

Hi,

1) Message logs
See "Message Audit Logs" for mails going trough Brightmail. Marking mails as you desribed is in the logs not possible and i do not know another way of doing this except for the spam quarantine to release mails.

2) Spam quarantine
Use "Spam > Policies > Email" and a default like "Spam or Suspected Spam: Quarantine message" or create your own. Then apply this setting to groups you created.
Configure spam Quarantine: "Spam > Settings > Quarantine Settings > Spam Quarantine Expunger"


Frank

That can be accomplished by just putting a period in the search field and seting the mandatory filter to email address.

I suspect that we don't have a defautl option to do this becuase we expected people to have a reason or specific item they are looking for instead of just taking a look at the most current items or such.

Thanks TSE-JDAvis, That answers that question, but the question still remains: Where are the messages that where classified as spam or where from a sender with a bad reputation that where configured to be held in Quarantine, and are reported as such, but the Quarantine is reported as empty?

They will be in the message audit logs if they came through the appliance. If they are not, they were not marked as spam by the appliance but possibly by another product.

Messages are showing in the Audit Logs, but the messages that are shown as spam and should be delivered to Quarantine aren't in the Quarantine. There are no other products filtering spam. It goes Internet > Brightmail Gateway Virtual Appliance > Exchange Server.

What does it list as the verdict and actions taken? Also, do you have a user quarantine set up or an administrator only quarantine?

Administrator Only. The actions are "Modify the subject line, Hold message in Spam Quarantine" for the various "Bad Sender" rules and "Hold message in Spam Quarantine" for "Spam" and "Suspected Spam".

Another thing that's come up since I started "playing" with the filter and trying to tweak it is I've started getting "Delivery Delayed" messages with my e-mail address as the delivery address. The body is below:

Can you provide a screen shot of  the details of a message in the audit log where the message that was supposed to be quarantined but it is not in there? This behaviour is not consistent with how the appliance software works.

Here is a shot of the relevant columns; Can't get the whole thing on my 12" screen.

And what is currently in the spam quarantine?

Absolutely nothing. It simply states "There are no messages"

Can I see a screenshot?

What settings do you have for the Spam Quarantine limits?

None, really. no max message size, no max number of mesages, Messages are deleted from Quarentine after 60 days.

At this point you might want to call is so someone can help you live, I am personally stumped as to why we say messages went to quarantine but they are not there, unless your hard drive has filled up in the past and your MySQL tables are broken.

It's never filled up as far as I know, but maybe I'll rebuld it from scratch and see if it gets fixed.

Is thre a firewall between the scanner and the CC with the Quarantine store?   Any blocked traffic between the scanner and CC?

Hi,

So, you gave part of the MAL screenshot above - if you click on the TO address for one of the records for a Quarantined email, you'll see a bunch more data.
What does it say under Delivery?



I just wonder if these messages are being held in the queue because they can't reach the Quarantine server.

//ian