Event Codes

The PMX_EVENT codes are used in the PMX_ENGINE::scan_message() callback. They indicate how the variable parameters are to be interpreted.

The engine reports that a rule or condition has been triggered. Parameter 1 is of type PMX_TYPE_STRING and contains the feature name. Parameter 2 is normally not used, but some plugins pass a PMX_TYPE_STRING parameter containing extra information about why the feature fired.

The engine determines the IP of the first untrusted relay by scanning the message headers and identifying the first connecting host that is not in its list of trusted relays. This event code only takes effect if the core.event.fur attribute has been specified and set to "1". For more information, see "Core Attributes" in the Anti-Spam Engine Attributes section.

In order for this data to be useful to SophosLabs, it is recommended that you append it to an informational header, so that the IP address of the first untrusted relay is included in all false positives and false negatives submitted to Sophos. This header should follow the format shown below:

      X-PMX-Version: product-name, Antispam-Engine:, Antispam-Data: 2009.2.13.62815, 

See also: plugin.net.trusted-relays under "net Attributes" in the Anti-Spam Engine Attributes section.

The engine generates this event when it has determined the probability of the message being spam. Parameter 1 will be of type PMX_TYPE_DOUBLE containing a probability between 0.0 and 1.0. Parameter 2 is not used.