There are a variety of reasons why a message containing spam characteristics is not identified
as spam and treated accordingly. This may be due to aspects of PureMessage configuration described below.
- Anti-Spam Engine
- Ensure that PureMessage is using the latest
anti-spam engine package by navigating to the page in the PureMessage Manager,
clicking Query, and checking that there is no update available for the
PureMessage-AntiSpam-Engine. If there is, run
pmx-setup at the command line to launch the installer and retrieve available
update(s).
- Anti-Spam Data
- Ensure that PureMessage is using the latest
anti-spam data package by navigating to the page in the PureMessage Manager, and
examining the date of the PureMessage-AntiSpam-Data package. It should
be the current day's date. If it isn't, check the page, as described above, and update the package by running
pmx-setup at the command line.
- Anti-Spam Opt-Outs
- If the recipient's address is included in the Anti-spam opt-outs list or the sender's
address is included in the Whitelisted senders list, the message is exempt from anti-spam
filtering. See "Editing Lists" in the Manager Reference for more information.
Also check that MTA IP Blocking is enabled.
- Trusted Relay Configuration
- PureMessage includes the ability to specify the IP
addresses of external relays that are known to be "safe". Ensure that trusted relays are
configured and enabled. See the section of the Manager Reference for instructions.
- Network DNS Access
- A number of spam detection techniques rely on access to DNS servers. If DNS-based network
checks are enabled (the default), ensure that the DNS server is functioning properly and
communicating with the server(s) where PureMessage is
running.
- Quarantine Threshold in Policy Script
- The PureMessage policy script performs actions on
messages based on their spam probability. For example, the policy script can be configured to
quarantine messages if they have a spam probability of 50% or greater. Changing
probability-based actions in the policy script (via the pmx-policy
command-line program or via the Policy tab in the PureMessage Manager) can possibly result in some spam not being
detected.
- Email Headers
- If the message is subject to filtering but PureMessage has not identified it as spam, examine the message to see what headers were added by
PureMessage during processing. By default, the
X-PMX-Version header is added to all messages from external hosts. The
absence of this header indicates that PureMessage has
not processed the message. The default policy script also adds an
X-PerlMx-Spam header to all messages with a spam probability. If the message's
spam probability exceeds 50%, PureMessage not only adds
the <X-PerlMx-Spam> header, but also alters the subject line and
copies the message to the quarantine. The presence of this header indicates that anti-spam
processing was completed. See "Policy Configuration" in the Administrator's
Reference for more information.
- message_log
- If the message does not have an X-PerlMx-Spam header, you can check the
message_log (by default, /opt/pmx/var/log/message_log)
to see what spam score the message received. The log file can be analyzed to determine the
message's interaction with the policy script.
Note: You can help
Sophos in its
continuing efforts to improve the accuracy of
PureMessage
spam heuristics by forwarding misidentified items as attachments to:
You can also share your aggregated message statistics with Sophos by ensuring that is enabled.