Performing a Advanced Quarantine Query

To perform an advanced query of the quarantine:

  1. Ensure that you are using the Advanced Mode query on the Manage Quarantine page.
    The Advanced Mode query contains over 15 query parameters.
  2. Enter search criteria in the Specify query parameters form:
    • Recipient: The value entered is tested against the contents of the following message headers: env_to, To, Cc, Bcc, Resent-To, Resent-Cc and Resent-Bcc. (The To value in the message content is not tested because this field is frequently forged.)

      You can use the % symbol as a wildcard to match any set of characters within an address component. When using wildcards, the address's "@" symbol must be specified. For example, the following searches return john.doe@example.com:

      %@example.com
      john.%@example.com
      %.doe@example.com
      john.doe@example.%
      %@%
      john.%@%.com
      john.doe@%
    • Sender: The value entered is tested against the contents of the following message headers: env_from, From, Sender, Reply-To, Resent-From and Resent-Sender. (The From value in the message content is not tested, as this field is frequently forged.)

      You can use the % symbol as a wildcard to match any set of characters within an address component. When using wildcards, the address's "@" symbol must be specified. For example, the following searches return john.doe@example.com:

      %@example.com
      john.%@example.com
      %.doe@example.com
      john.doe@example.%
      %@%
      john.%@%.com
      john.doe@%
    • ID: The value entered is tested against the following message components:
      • Queue ID: Each message in the quarantine is assigned a unique Queue ID. To view a message's Queue ID, click the envelope icon beside the message, and then click Quarantine Info. To view a specific message, enter the message's Queue ID in this text box.
      • Quarantine Digest ID: When PureMessage generates quarantine digests, each message listed in the digest is assigned an ID code.
      • Header Message ID: If the format of the search string resembles a header message ID (for example, by containing an "@" separator), the contents of this text box are tested against the value in the Message-ID header. To view a message's Message-ID header, click the envelope icon beside the message and then click Message Source.

      Wildcards are not supported in the ID text box.

    • Subject: The contents of this text box are tested against the subject of quarantined messages. If the search string is found anywhere within a message's subject line, the message will match.
    • Spam Rule: The contents of this text box are tested against the names of all spam rules violated by the message. If the search string is found anywhere within any of the spam rules, the message will match.
    • Custom Reason: The PureMessage policy can be configured to attach a reason to a message when it is quarantined. The default quarantine reasons can be specified in the Reason text box. If you have altered the default quarantine reasons in the policy, or added custom actions with non-default reasons, specify the custom reason in this text box. If the search string is found anywhere within a message's quarantine reason, the message will match.
    • Relay: To select messages based on a specific server that passed the message to the internal server (the "relay"), enter the relay's hostname or IP address. If the search string is found anywhere within a message's relay, the message will match.
    • Milter Host: If running multiple PureMessage servers and consolidating quarantined messages, select messages based on the PureMessage server that quarantined the message by entering the hostname in this text box. If the search string is found anywhere within a message's milter host, the message will match.
    • Maximum Age: Use this text box to select messages that were quarantined within the specified number of hours. If a Date Range is also specified, the value in this text box is ignored.
    • Reason: Select whether to display all messages, or only messages quarantined for a specific reason. With one exception, reasons included in the drop-down list correspond to reasons defined in versions of the default PureMessage policy. Although it is not used in the default policy, select the reason Queue to search for messages that have been approved but have yet to be delivered by pmx-queue. This applies to messages that have been approved by a user response to a Quarantine Digest, approved manually via the End User Web Interface, or approved through use of the Deliver immediately for action in the PureMessage policy script. Use the Custom Reason text box to specify reasons not included in the Reason drop-down list.

      These reasons correspond to the reasons defined in the policy. Use the Custom Reason text box to specify a reason other than those available in this text box.

    • Order By: Select the order in which the list is sorted. The Probability and Probability (desc.) sort options sort in ascending or descending order, according to the message's spam score. (Note that a message quarantined for a non-spam reason, such as a message containing a virus, could still have a spam score.)
    • Group By: To collapse multiple messages with similar characteristics into a single line, select a grouping value from this text box. Normalized Subject strips the numbers and spaces from the beginning and end of the subject line, and group by the first fifteen characters; Recipient and Sender group by the sender and recipient stored in the message header (not the env_from and env_to values).
    • Spam Probability: To select messages within a range of spam probabilities, enter the range in these text boxes.
    • Display: Select the number of messages to display per page. The default is 20 messages.
    • Date Range: Use these text boxes to select messages based on the date they were quarantined. If the Date Range check box is selected, any value selected in the Maximum Age text box is ignored.
  3. Click Run Query.

    Either a list of messages that match your query parameters is displayed, or a message is displayed indicating that "No indexed messages matched this query." If there are no matches to your query, change the parameters of your query and try again.