Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 0 subscribers
  • Views 13775 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

need help interpreting message_log

PierreE

Hello. I need to find out why a particular message was quarantined. I got the following snippet from the message_log.

2010-02-18T10:43:38 q=o1I2harw009087 f=<luke@rebels.com> t=<vader@evilempire.com> h=RDNS_SUSP_MSGID h=MSGID_SPAM_5 h=HTML_70_90 h=BODY_SIZE_5000_5999 h=BODY_SIZE_7000_LESS h=INVALID_MSGID_NO_FQDN h=RDNS_NXDOMAIN h=RDNS_SUSP h=RDNS_SUSP_GENERIC h=__BOUNCE_CHALLENGE_SUBJ h=__BOUNCE_NDR_SUBJ_EXEMPT h=__CT h=__CTYPE_HAS_BOUNDARY h=__CTYPE_MULTIPART h=__CTYPE_MULTIPART_ALT h=__HAS_HTML h=__HAS_MSGID h=__HAS_X_MAILER h=__HTML_FONT_BLUE h=__MIME_HTML h=__MIME_VERSION h=__OUTLOOK_MSGID_1 h=__OUTLOOK_MUA h=__OUTLOOK_MUA_1 h=__SANE_MSGID h=__STYLE_RATWARE h=__STYLE_RATWARE_2 h=__TAG_EXISTS_HTML h=__TO_MALFORMED_2 h=__USER_AGENT_MS_GENERIC Size=7853 fur=0.0.0.0 vs p=0.825 pmx_action=quarantine,-,-,vader@evilempire.com,vader@evilempire.com r=[111.11.11.11] tm=0.81 a=d/eom

I don't know how to interprete this. Can some one help me with this? Or if you point me to some documentation, that would be great too. Thank you.

- Pierre

:1442


This thread was automatically locked due to age.
Parents
  • 0

    Hi,

    Look in your pmx home dir. There is a file called .pmx_sh_vars that you need to source after you su to the pmx user:

    pmx@somehostname ~ $ . .pmx_sh_vars (if you use the csh there is one for calle .pmx_csh_vars)

    Look closely because there is a period followed by the .pmx_sh_vars file. This is not a typo and it's how the shell reads that file.

    To make this happen automagically on log in, you could add the . .pmx_sh_vars line to your .bashrc and the call your .bashrc from .bash_profile

    Erric

    :1490
Reply
  • 0

    Hi,

    Look in your pmx home dir. There is a file called .pmx_sh_vars that you need to source after you su to the pmx user:

    pmx@somehostname ~ $ . .pmx_sh_vars (if you use the csh there is one for calle .pmx_csh_vars)

    Look closely because there is a period followed by the .pmx_sh_vars file. This is not a typo and it's how the shell reads that file.

    To make this happen automagically on log in, you could add the . .pmx_sh_vars line to your .bashrc and the call your .bashrc from .bash_profile

    Erric

    :1490
Children
No Data