Is it Possible to Hold Suspicious Messages for 20 Minutes for Later Rescanning?
(Doc ID 1536577.1)
Last updated on NOVEMBER 15, 2022
Applies to:
Oracle Communications Messaging Server - Version 7.0.0 and laterInformation in this document applies to any platform.
Goal
Is it possible to configure the MTA to hold suspect messages for some time and run them thru malware scanning again later?
In one possible scenario, a spam filter (configured via milter) adds a header to a message indicating it is suspicious.
In another scenario, you might want to rate limit senders and recheck if they have become known as a phishing source.
In this discussion, when we say "hold" the message, we are talking about the message being in an MTA channel queue and its initial delivery attempt scheduled for some time in the future. We are not talking about the MTA's feature which causes a message to become .HELD which then requires administrative action to "release". Although that would be easy to accomplish with $H in a mapping table result, it results in the message remaining in the originally intended destination queue and therefore when it is released, it is simply delivered rather than going thru another scan.
Solution
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
Goal |
Solution |
Scan the messages after delivery |
If the scanner added a header indicating suspicion |
Suspicion based on sender rate limiting |
References |