Why didn't PureMessage quarantine a message that is spam?
There are a variety of reasons why a message containing spam characteristics is not identified as spam and treated accordingly. This may be due to aspects of PureMessage configuration described below.
- Anti-Spam Engine
- Ensure that PureMessage is using the latest anti-spam engine package by navigating to the Query, and checking that there is no update available for the PureMessage-AntiSpam-Engine. If there is, run pmx-setup at the command line to launch the installer and retrieve available update(s). page in the PureMessage Manager, clicking
- Anti-Spam Data
- Ensure that PureMessage is using the latest anti-spam data package by navigating to the PureMessage-AntiSpam-Data package. It should be the current day's date. If it isn't, check the page, as described above, and update the package by running pmx-setup at the command line. page in the PureMessage Manager, and examining the date of the
- Anti-Spam Opt-Outs
- If the recipient's address is included in the Anti-spam opt-outs list or the sender's address is included in the Whitelisted senders list, the message is exempt from anti-spam filtering. See "Editing Lists" in the Manager Reference for more information. Also check that MTA IP Blocking is enabled.
- Trusted Relay Configuration
- PureMessage includes the ability to specify the IP addresses of external relays that are known to be "safe". Ensure that trusted relays are configured and enabled. See the section of the Manager Reference for instructions.
- Network DNS Access
- A number of spam detection techniques rely on access to DNS servers. If DNS-based network checks are enabled (the default), ensure that the DNS server is functioning properly and communicating with the server(s) where PureMessage is running.
- Quarantine Threshold in Policy Script
- The PureMessage policy script performs actions on messages based on their spam probability. For example, the policy script can be configured to quarantine messages if they have a spam probability of 50% or greater. Changing probability-based actions in the policy script (via the pmx-policy command-line program or via the Policy tab in the PureMessage Manager) can possibly result in some spam not being detected.
- Email Headers
- If the message is subject to filtering but PureMessage has not identified it as spam, examine the message to see what headers were added by
PureMessage during processing. By default, the
X-PMX-Versionheader is added to all messages from external hosts. The absence of this header indicates that PureMessage has not processed the message. The default policy script also adds an
X-PerlMx-Spamheader to all messages with a spam probability. If the message's spam probability exceeds 50%, PureMessage not only adds the
<X-PerlMx-Spam>header, but also alters the subject line and copies the message to the quarantine. The presence of this header indicates that anti-spam processing was completed. See "Policy Configuration" in the Administrator's Reference for more information.
- If the message does not have an
X-PerlMx-Spamheader, you can check the message_log (by default,
/opt/pmx6/var/log/message_log) to see what spam score the message received. The log file can be analyzed to determine the message's interaction with the policy script.
- firstname.lastname@example.org for spam messages that escaped detection
- email@example.com for messages that were incorrectly identified as spam
You can also share your aggregated message statistics with Sophos by ensuring thatis enabled.