Manually released mail moving from Policy Quarantine to SPAM Quarantine

Similar Messages

• Mail moved from .mac inbox to .mac server not updating on both machines

  this is a weird one. i have a .mac account which i use for my email and i run apple's mail app. on both my imac and my ibook. it used to be that if i read some new mail in my .mac inbox and then either deleted it or dragged it to one of my folders on the .mac server, when i went to my other machine, mail would recognize that i've done this and everything would look exactly as it did on the original machine - messages either deleted or moved. not so anymore. now i go to the other machine and the messages that i've either read or moved still appear as unread. when i ask this machine to go and look for new mail, it finds things so it's not as if it's not talking to the .mac server at all. don't even ask me what happens if i start moving those same files around on the second machine. i have no idea how it can think both exist. it's like quantum physics or something. it's this but it's that. very strange.

  What I did with moderate success:
  -- A backup from the SL server installation I had + another separate backup of /var/spool/imap/dovecot directory.
  -- Some other backups, for example Server Admin prefs, OD, Shared Files, etc.
  -- Since the server was a mess, formatted the disk and installed Lion Server from scratch.
  -- In my case, there was a mess with users and the way Mail was handled with virtual aliases, etc. I read about how the dovecot directory worked from the link provided before and decided to follow a similar approach, with some issues
  -------- Created the new users in Lion Server and used the Server app to get into the Directory app and find the new user's GUIDs (about 30 users so it took a while but weren't too many).
  -------- Looked up the old GUID for each user and pulled the corresponding mail directory from /var/spool/imap/dovecot/mail changing the directory name with the new name and
  -------- IMPORTANT: also changing the owner as suggested on the link (i.e., _dovecot=read/write, everyone=none). These permission modifications need to be applied recursively, which is easier using terminal.
  -- The issue with this method is that it seems to, sometimes(?), update the file modification dates, which in turn may cause Mail.app on OS X and on iOS Mail to show incorrect dates for each e-mail on the mail list.
  -------- I'm still reading about how to correct this issue I found with a particularly huge Inbox (50K+ mails, around 50GB, yikes).
  -------- In my case the rest of the config was pretty simple, I used the Server app the setup DNS and Server Admin + modified postfix config file to suit some other requirements.
  I hope I'm staying on topic on this thread and that my experience can be of help, in case others run into the same issues.
  Message was edited by: ajisolpa for some reason post formatting does not show up.

• How to manually retrieve mail messages from time machine in Lion?

  I just did a clean reinstall on Lion and want to import things from time machine piecemeal.  As far as I know, in order to access the mail documents on the computer's hard drive, in the Finder I need to go to Go-->Go to Folder... and then type ~/Library.  Then I have access to the "Mail" folder with the data.  How can I access this folder that's on my external harddrive?  I don't have the "Go" function and I don't know how to get there manually.  My hidden files are shown.

  Welcome to the Apple Support Communities
  The best way to restore mails is to use Time Machine.
  1. Open System Preferences > Time Machine > Select Disk, select the external disk and see > http://pondini.org/TM/E3.html
  2. Open Mail and open Time Machine. Navigate and restore the mails you want

• Mail moved from a different mailbox is not visible in my mailbox

  My  Partner has my Mailbox attached to his Outlook. He moves Mail in to my Inbox and he can see my mail and his moved mail.
  However I can not see the mail that he moved into my mailbox. I have tried to change the Permissions, but nothing has helped  so far.

  Hi Franz Amrehn,
  As Amit said, you could create a new profile and verify it.
  Additionally, have you checked it in OWA?
  If you have any further questions, please do not hesitate to post back.
  Best regards,
  Eric

• Incoming Mail Policy is not working - SPAM quarantine

  I have configured a Mail Policy that has the Antispam disabled. I have done this because of an specific mail user that wants to receive all the emails, including the ones the ESA consider spam.
  I usually works fine but now I have 4 emails in the spam quarantine.  All of them are from the same sender. I have the details and there is this one line that "explains" why the email is send to quarantine:
  "Remote procedure call connection (RCID 13) started for message 65161521 to local Spam Quarantine.".
  Can you please give me some advice in order to know what causes this Remote call procedure connection?
  Thanks!!
  MAIL POLICY "No-spam-check" MATCHED THESE RECIPIENTS: [email protected]
  19 Nov 2014 09:52:21 (GMT +05:00)
  Protocol SMTP interface in.perulng (IP 129.39.179.38) on incoming connection (ICID 59143385) from sender IP 104.200.16.96. Reverse DNS host mta11.avanzaperu.pe verified yes.
  19 Nov 2014 09:52:21 (GMT +05:00)
  (ICID 59143385) ACCEPT sender group UNKNOWNLIST match sbrs[none] SBRS unable to retrieve
  19 Nov 2014 09:52:24 (GMT +05:00)
  Start message 65161521 on incoming connection (ICID 59143385).
  19 Nov 2014 09:52:24 (GMT +05:00)
  Message 65161521 enqueued on incoming connection (ICID 59143385) from [email protected].
  19 Nov 2014 09:52:24 (GMT +05:00)
  Message 65161521 on incoming connection (ICID 59143385) added recipient ([email protected]).
  19 Nov 2014 09:52:24 (GMT +05:00)
  Message 65161521 contains message ID header '<6C67A08179394CEA891EBF61D105B938@User-PC>'.
  19 Nov 2014 09:52:24 (GMT +05:00)
  Message 65161521 original subject on injection: Envasado y Empaque de Alimentos y Bebidas
  19 Nov 2014 09:52:24 (GMT +05:00)
  Message 65161521 (29275 bytes) from [email protected] ready.
  19 Nov 2014 09:52:24 (GMT +05:00)
  Message 65161521 matched per-recipient policy No-spam-check for inbound mail policies.
  19 Nov 2014 09:52:24 (GMT +05:00)
  Message 65161521 scanned by Anti-Spam engine: SLBL. Interim verdict: Positive
  19 Nov 2014 09:52:24 (GMT +05:00)
  Message 65161521 scanned by Anti-Spam engine: SLBL. Final verdict: Positive
  19 Nov 2014 09:52:24 (GMT +05:00)
  Message 65161521 scanned by Anti-Virus engine Sophos. Interim verdict: CLEAN
  19 Nov 2014 09:52:24 (GMT +05:00)
  Message 65161521 scanned by Anti-Virus engine. Final verdict: Negative
  19 Nov 2014 09:52:25 (GMT +05:00)
  Message 65161521 scanned by Outbreak Filters. Verdict: Negative
  19 Nov 2014 09:52:25 (GMT +05:00)
  Message 65161521 queued for delivery.
  19 Nov 2014 09:52:27 (GMT +05:00)
  Remote procedure call connection (RCID 13) started for message 65161521 to local Spam Quarantine.
  19 Nov 2014 09:52:28 (GMT +05:00)
  Message 65161521 quarantined in Spam Quarantine.

  That message got spam checked, was declared spam, so the RPC call happens to put it in the Quarantine.
  19 Nov 2014 09:52:24 (GMT +05:00)
  Message 65161521 scanned by Anti-Spam engine: SLBL. Interim verdict: Positive
  19 Nov 2014 09:52:24 (GMT +05:00)
  Message 65161521 scanned by Anti-Spam engine: SLBL. Final verdict: Positive
  If you want to deliver this, either don't scan it by setting the Anti-Spam scanning to disabled, or set the action to Deliver, and maybe add something to the subject?

• Ironport C170 Unable to view the Spam Quarantine messages

  I'm new to the Ironport appliance. When I click on Monitor-->Spam Quarantine, then click on Messages a new window appears and I should see all of the emails that were marked "spam". For some reason when the second window opens, I receive a blank page. Everything works fine on my other C170 appliance.

  Hi Billy, if you move mouse cursor over the number of spam messages on page Monitor>Spam quarantine, what URL address you see?
  Something like https://www.domain.com:83/Search?auth=13900f1d2a029b017464c596a88bb7a8?
  Can you resove "www.domain.com" to correct IP address of your ESA server?
  Are Spam Quarantine>Spam Quarantine HTTP & Spam Quarantine HTTPS enabled at Network>IP Interfaces>Interface page? Do interface's IP address & spam quarantine ports match to URL address (does www.domain.com resolve to this IP address) at Monitor>Spam quarantine?
  Is there any firewall blocking this connection?

• Release specific messages from quarantine

  Hello All,
  I am fairly new to the IronPort email security appliances and was hoping someone could provide some guidance on how to accomplish the following. I need to configure exporting or providing access to our security team to directly export messages from the virus/malware quarantine for offline analysis.  Can this be accomplished, if so how? Is there a way to zip or encrypt messages in the quarantine and have them released to a spefic mailbox account which our security team owns?
  Thanks for the help in advance. 

  Hi,
  There are couple of methods you can achieve copy of messages however there no way of zip or encrypt message. You can open TAC case and log a feature request for zip or encrypt messages in quarantine.
  Option 1:
  To do this you would first need to modify your "anti spam policy" to add custom header and deliver the message
  (instead of setting the action to quarantine)
  Steps:
  1) Go under
  "Mail Policies" > Click the desired policy
  Under "Positively-Identified Spam Settings" - "Apply This Action to Message" set action to Deliver
  Now click on "Advanced" and locate "Add Custom Header".
  Enter X-Ironport-Quarantine in the text field located on the right side of "Header:"
  Submit changes
  2) Next navigate to
  "Mail Policies" >  "Incoming Content Filters"
  Click on "Add Filter ..." and create a filter with
  Conditions - "Other Header" - "Header Name" X-Ironport-Quarantine - "Header exists"
  Action - "Send Copy (BCC)" enter the bcc address
  Note: For virus quarantine copy of a message can be also achieve by keeping header same or different. In case of different headers, please add a second condition in above content filter.
  ++ if you would like to copy All type of messages (positive, suspected) then add headers option needs to be enable under all Actions in AnitSpam and Antivirus in incoming/outgoing mail policy.
  Option 2
  How to have a copy of all released messages from IPAS quarantine? (only if you choose to release messages)
  The quarantine has no option to add an email address for a bcc copy of the released message. The workaround is to save the configuration file on a local computer in order to open and edit it. In the configuration file, look for this tag under the Euq configuration:
      <euq_to_corpus_addr>[email protected]</euq_to_corpus_addr>
  email address [email protected] which is behind the quarantine option "Notify IronPort Upon Message Release", should be replaced This email address can be replaced with any email address where a copy of released messaged should be sent to. After saving the configuration and loading it back to the appliance, also make sure the "Notify IronPort Upon Message Release" is enabled in the spam quarantine's configuration on the GUI
  * The procedure described here should be used by customers who need to keep track about what is leaving their company, in terms of email messages.
  Hope that information helps.
  Thanks
  Nasir

• Finally using SPAM quarantine and want to know how many e-mails are being released

  We have two C660s and one M660 and we are finally using the SPAM quarantine functionality on the M660 and so far it has been awesome.   For my pilot group I have the spam thresholds set as low as recommended by the GUI at 50 (positive) and 25 (suspected)...   First off, if I change these numbers will I see noticiable differences in what is allowed through and what isn't?
  My real question is, is there an easy way to see what mail is being released by users from the SPAM quarantine?  Originally I had a content filter setup that was working..   but now it appears that when users are releasing e-mails from the quarantine it is skipping any type of content filtering..  From what I can tell, e-mails are still being routed from the M660 to one of the two C660s for delivery..  but in the mail logs I see information like:
  Wed Aug 15 09:34:32 2012 Info: ISQ: Delivering MID 1592784 to ISQ (skipping work queue)
  And in Message Tracking I see:
  15 Aug 2012 09:32:23 (GMT -05:00)
  Message 116381462 was released from Spam Quarantine, IP address 10.25.211.100.
  15 Aug 2012 09:32:23 (GMT -05:00)
  Message 116381462 released from Spam Quarantine. Work queue skipped.
  15 Aug 2012 09:32:23 (GMT -05:00)
  Message 116381462 queued for delivery.
  15 Aug 2012 09:32:23 (GMT -05:00)
  (DCID 40556495) Delivery started for message 116381462 to
  My outgoing content filter is setup like:
  Conditions
  Apply rule: If one or more conditions match Only if all conditions match
  Order
  Condition
  Rule
  Delete
  1
  Remote IP/Hostname
  remote-ip == XXXXXXXX
  2
  Envelope Sender
  mail-from !=XXXXXXXXXX
  Actions
  Order
  Action
  Rule
  Delete
  1
  Add Log Entry
  log-entry("ReleasedFromSpamQuarantine")
  XXXXXXX = the IP address of our M660..  
  XXXXXXXX = the e-mail address used by our M660 to send out reports/alerts etc..
  Appreciate any input/feedback...
  Jason

  Hello Jason,
  one thing about the trhesholds, the defaults are 50/90 for suspected and positive spam, and that usually works for most customers, in some cases if still spam gets trough we suggest to modify that to 40/80, but you should not get any lower, as this will just increase the number of false positives. In general, the antispam engine delivers a value way above or below the thresholds, means scores are always either below 10 (no spam) or above 90 (spam), very few are inbetween this range, so usually the default setting works.
  About the information of which user released a message, there is unfortunately no direct way to get this done. You might try this approach:
  1. mail_logs: Look for the MID of the message when its getting injected to the SMA, note that this is not the same MID as in message tracking.
  2. mail_logs: Look for the message getting released, and note the time stamp:
  6 Aug 2012 13:29:21 (GMT) Start Message 10054459 ICID 0 release from Spam Quarantine
  3. Do a
  CLI: grep timestamp euqgui_logs
  with the timestamp you retreived  from the mail logs (just use the Day, hour, and minute part), this should get you the log lines for the particular minute, check them for the name of the user who was accessing the GUI at that time.
  Hope that helps,
  Andreas

• 8830..Moving e-mail messages from Inbox to other folder

  On my 8830...When I move e-mail messages from my Inbox to a different folder (under Inbox), they disappear totally from my laptop e-mail rather than mirroring what I did on my BlackBerry.  On the flip side, if I move messages from my Inbox to another folder on my laptop, it does mirror on my BlackBerry.  My e-mail is Outlook 2003, running on my company's Microsoft Exchange Server.  Please help.

  Since you have folders under your Inbox, I can only assume you're on a BES (BlackBerry Enterprise Server) setup receiving your Corporate email.  If that's not the case, I can't figure out how you got folders under your Inbox, and have NO IDEA how you're getting the results you're getting as BIS (BlackBerry Internet Service) email accounts can't have folders!
  You most likely don't have reconciliation enabled for the folders you're moving your email to.
  Go into Messages, hit the [Menu] button and select Options --> Email Settings.  Hit the [Menu] button and select Folder Redirection. 
  You should see your Mailbox at the top with a + to the left of it.  Highlight that line, hit [Menu] --> Expand to display the main folders under your Mailbox.  Your Inbox should appear with a Box next to it either checked or filled in. 
  Highlight Inbox, and again hit [Menu] --> Expand to display the folders under your Inbox.  All the folders under your Inbox, and the boxes are probably unchecked or not "filled in".  Scroll to the folders you want reconciled with your BlackBerry and hit [Space] to check or fill the box next to it.  Use [Menu] --> Expand if there's a + to the left of the box to expand subfolders.
  Once all the folders you want reconciled are checked or filled, hit [Esc] and save.
  Now your email won't dissappear when you move it!  You should also notice in the Messages list that email in folders other than your Inbox have a folder icon rather than an Envelope icon.
  And before you ask...  The BlackBerry does NOT SYNCHRONIZE, it Reconciles.  Email is pushed to the device ONCE, and only changes to the status of messages are transmitted after that.  Moves will only be reflected after you've turned Reconciliation on for a given folder.  BTW - emails you moved that disappeared should have been in your Deleted Items folder.
  Reconciliation rather than Synchronization saves enormously on data transmission ($) as well as Battery life.  Believe me - we have both BlackBerries (Big Wigs only) and Windows Mobile (the rest of the 25,000 peons) devices at my company, and the most common complaint about the Windows devices is battery life, and HUGE costs when the device is overseas!
  Jerry

• I have an iPad 2 and receive e-mail through internet connection. When I delete e-mails, and clear my Trash folder, they re-appear. Setting are for remove from server when moved from Inbox. Any idea what I can do to actually delete them?

  I have an iPad 2 and receive e-mail through regular internet connection. Lately, when I delete e-mails, and clear my Trash folder, they re-appear, downloaded anew from the server and marked as unread. My e-mail Advanced Settings are selected for "Remove from server when moved from Inbox." Even when I access the e-mail accountfrom my desktop and delete the e-mails, the re-appear on my iPad. Does anyone have any idea what is causing this and what I can do to actually delete them?

  Sounds like you are looking in the wrong Administrative Group container which is why you are seeing your Exchange 2010 servers in there.
  When you install Exchange 2003 only you will see a container named by default as "CN=First Administrative Group" container. But this could be named anything if you changed the Organization Name on the installation when you installed the first
  Exchange 2003 server into the domain/forest. 
  You will notice that when you install Exchange 2010 part of the AD setup is to create a new configuration container and is named by default "CN=First Administrative Group (FYDIBOHF23SPDLT)".
  So it sounds like you are not looking in the right location within ADSIEdit. 
  You may find the following article also helpful for this issue which is the same resolution:
  http://blogs.technet.com/b/sbs/archive/2012/05/17/empty-cn-servers-container-causing-issues-with-public-folders-on-small-business-server-2011.aspx
  I recommend though that you ensure your Exchange 2003 servers are fully uninstalled or no longer present in your environment before you go deleting the Servers container though.. The following Microsoft article will help with this:
  http://technet.microsoft.com/en-gb/library/gg576862(v=exchg.141).aspx

• I moved from an old macbook to a new one.  I copied all my files onto a hard drive.  On trying to setup my mail, i went into documents, microsoft user identities, office 2011 and it shows the database but wont let me select it.  Urgent help pls

  I moved from an old macbook to a new one.  I have installed Office for Mac 2011. I copied all my files from my old notebook onto a hard drive.  On trying to setup my mail, i went into my hard drive and accessed microsoft user identities, office 2011 and it shows the database but wont let me select it.  Its almost as if the file is there but not accessable.  I desperately need to access my old mail.  How do I do this?  I am fairly confident that I copied all files off my old notebook.  Is there a way for me to search for the Database file?  Maybe I copied it to a different location?  Urgent help please.

  Hello mafrerichs and welcome to Apple Support Communities,
  Simplest way is to use Target Disk mode:
  How to use and troubleshoot FireWire target disk mode - Apple Support
  and hook to another Mac and use CCC or SuperDuper and clone your HD to another drive.
  You could also pull the drive out of your MBP and use an external USB case or SATA - USB dongle to hook it to another Mac.
  "MacBook Pro (15-inch Late 2011),... have a 15" 2012 Macbook pro with 2gb of ram, i7 processor"
  That's a little confusing?

• Moving mail data from mail to Outlook for Mac.

  I am moving old PC mail data (outlook 2007) to Mac. I used the mac mover, which was great but...  it has moved my old mail data to mac mail.  I am trying to export that data now (on the mac mail) to then import into Outlook for Mac, but not getting anywhere?  Outlook support says it will import the data as a mac export txt file, but whenever i try and import Outlook can not see the file.
  I have also tried to just export the mail data from one mac users mail app to another and that is also not working.  Import mail function reports format error, even though it is from the same version of mail on the same machine.
  any suggestion, links to info much appriciated.

  http://www.outlookimport.com/export-e-mails-from-apple-mail-and-import-to-ms-out look/
  more hits even if you have to skip the ones that describe the opposite
  http://www.google.dk/search?source=ig&hl=da&rlz=1G1TSEH_ENDK367&q=percent+of+the +world+that+believe+in+evolution&oq=percent+of+the+world+that+believe+in+evoluti on&aq=f&aqi=&aql=&gs_sm=e&gs_upl=1032792l1170990l0l1171230l56l55l0l35l35l2l281l3 626l0.12.7l19l0#sclient=psy-ab&hl=da&rlz=1G1TSEH_ENDK367&source=hp&q=import+mail +from+mac+mail+to+mac+outlook&pbx=1&oq=import+mail+from+mac+mail+to+mac+outlook& aq=f&aqi=&aql=&gs_sm=e&gs_upl=2887l3593l1l3847l4l4l0l0l0l0l347l1116l0.1.1.2l4l0& bav=on.2,or.r_gc.r_pw.r_cp.,cf.osb&fp=d1d65e2d1be363fb&biw=1848&bih=789

• My desktop icons mysteriously moved from the left to the right part of the screen. When I try to drag them back to the left, they pop back to the right when I release the mouse. What can I do?

  My desktop icons mysteriously moved from the left to the right of the screen, and scrambled the order. When I try to drag them back to the left, they pop right back to the right when I release the mouse. What can I do to place them where I want them on the screen?

  A LOT of them dont appear.
  What do you see in the window when you click on those?  A blank, black window?  An exclamation mark?  What?

• Iphone5 - lost my contacts when moving from BT Yahoo to BT Mail. I do not back up to iCloud and I did not use my mail account for contacts.  Can anyone help to find and restore my contacts?

  IPhone5. I have lost my contacts when moving from BT Yahoo to BT Mail. I do not backup to iCloud and do not use my mail account to store contacts.  Can anyone help find the contacts on my phone and restore them?

  Contacts are designed to be synced to a supported application on the computer or a cloud service like Gmail, iCloud, or an Exchange server.
  Have you failed to use the device as designed?

• After the recent update, my documents moved from Finder to Word.  When I moved the folders to Finder, I am unable to attach a file to an e-mail.  Any Suggestions?

  After the recent update, my documents moved from Finder to Word.  When I moved the folders to Finder, I am unable to attach a file to an e-mail.  Any Suggestions?

  Back up all data.
  Triple-click the line of text below to select it, the copy the selected text to the Clipboard (command-C):
  /Library/Internet Plug-ins
  In the Finder, select
  Go ▹ Go to Folder
  from the menu bar, or press the key combination shift-command-G. Paste (command-V) into the text box that opens, then press return.
  From the folder that opens, remove any items that have the letters “PDF” in the name. You may be prompted for your login password. Then quit and relaunch Safari, and test.
  I've seen an unconfirmed report that the "Silverlight" web plugin distributed by Microsoft can also interfere with PDF display in Safari, so you might need to remove it as well, if applicable.
  If you still have the issue, repeat with this line:
  ~/Library/Internet Plug-ins
  If you don’t like the results of this procedure, restore the items from the backup you made before you started. Relaunch Safari again.