My Oracle Support Banner

Is it Possible to Hold Suspicious Messages for 20 Minutes for Later Rescanning? (Doc ID 1536577.1)

Last updated on SEPTEMBER 01, 2017

Applies to:

Oracle Communications Messaging Server - Version 7.0.0 and later
Information in this document applies to any platform.

Goal

Is it possible to configure the MTA to hold suspect messages for some time and run them thru malware scanning again later?

In one possible scenario, a spam filter (configured via milter) adds a header to a message indicating it is suspicious.

In another scenario, you might want to rate limit senders and recheck if they have become known as a phishing source.

In this discussion, when we say "hold" the message, we are talking about the message being in an MTA channel queue and its initial delivery attempt scheduled for some time in the future. We are not talking about the MTA's feature which causes a message to become .HELD which then requires administrative action to "release". Although that would be easy to accomplish with $H in a mapping table result, it results in the message remaining in the originally intended destination queue and therefore when it is released, it is simply delivered rather than going thru another scan.

 

Solution

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Goal
Solution
 Scan the messages after delivery
 If the scanner added a header indicating suspicion
 Suspicion based on sender rate limiting
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.