Quarantine

orion

Hi there,

I have a problem understanding the principles of quarantine. Earlier I thought that the message is quarantined when it has a high score but all the time I see situations in which same message sent to two different recipients causes different action. For example the message is rejected at one recipient. At the second recipient, the message is quarantined. Same message, same score, identical settings for both recipients.

Could a good man tell me how it works?

diekuh

You need to post the messages, scores and full logs.

diekuh

Reject is quarantine by the way. We do reject, when we put it in quarantine, because it sucks to have a quarantine people do not check. People will never know if you read their mail… your server accepts it and it will be lost in the quarantine forever. 🙁

Messages that are probable spam will be put into the Junk folder instead.

Our quarantine is for the user to check for rejected mail.

orion

diekuh
Thank you for your answer. It explained a little to me. Regarding quarantine: people suck, not technology. If message goes to quarantine and employee forgets about it and lose it in the end - it’s his fault. If message is rejected immediately (e.g. sender’s server is incorrectly configured) - it’s in the employee’s opinion my fault. It makes a big difference to me 🙂

diekuh

Rejected mail has a very high score and is almost always junk.

Mail that is spammy but not high enough to be rejected is put into “Junk”. That’s where users should check for probable spam. Not in an external quarantine system. That’s just a usability fail in itself. I won’t copy that mistake from other systems. It is just stupid.

Probable spam => Junk folder (move it out of there to train it)
Spam / Bad mail => Reject and put into a quarantine to be reviewed

If you start to accept every mail, you commit yourself to read ALL that mail. You accepted it! A mail is seen as delivered by your sender! That’s a big NO for mailcow. 🙂

orion

diekuh
On average, 10 messages are quarantined daily per user with a total of ₁₀₀₀₀₀ messages a day. This is not so much messages to get lost.

diekuh

That’s 10 rejected mail. And I am sure all of those 10 were spam. 😉 All other mail that was LIKELY spam was put into the Junk folder (you seem to miss the point, that the Junk folder exists for probable spam 🙂).

So our system worked fine. 10 spam mails rejected and put into quarantine for review. All others put into Junk and delivered. No need to to check a quaratine daily or hourly for false-positives and perhaps miss an important mail, that was just probable spam (because the sender was informed about a non-delivery in this case).

I think that speaks for the system as it is.

A general quarantine for PROBABLE spam is stupid. As I said earlier, not everyone will be able to check those mail every hour and no one will continue to do that every day. I wouldn’t either. That’s why we put it into “Junk”.
SPAM is rejected though, as it SHOULD be. And it is put into quarantine to review if you like to. There is no need to do that, as the sender does not think their mail was delivered.

Putting probable spam into quarantine is madness. If you want to do that and rely on your users to check for important mail - that might have been a false-positive - ever other minute; go ahead.

There is no way I would ever for something like that on every malicow user.

orion

diekuh And I am sure all of those 10 were spam.

And here I will surprise you - NO. The problem is that these few false positives are very important. I checked the scores of today’s false positives in quarantine: 23.4, 1969.54, 18.56, 19.72, 19.88
There is also a lot of real spam with scores between 15 and 20.

I understand your point of view…but why then in Mailcow there is such an option as quarantine? Remove it if it’s pure evil 😉

pkernstock

If a mail is being rated with 1969 points, there is something else wrong for sure - and that’s not the Quarantine functionality on mailcow. You might want to check what’s being rated and causes that high negative rating. Maybe the sender’s mail/mailserver is awful configured.

You can disable the quarantine, if you don’t want to use it. Actually, as far as I remember, the functionality is disabled by default anyway. You can also increase the points when mailcow starts considering a mail as spam - but most likely you will end up having noticeable more real spam within your inbox then.

If you ever end up figuring out a filtering solution how to detect junk with a 100% correctness, you could be a very rich person. Even Google Mail, with their indeed awesome spam filtering, does have false-positives.

orion

pkernstock If a mail is being rated with 1969 points, there is something else wrong for sure

Nothing is wrong with this email… except it has an attachment with encrypted Excel file with macros. 🙂 Some of our business partners are sending something like that. This is a new installation of Mailcow so I haven’t succeeded yet to catch all such domains and add them to the whitelist.

orion

pkernstock Maybe the sender’s mail/mailserver is awful configured.

The rest of the quarantined messages are for this reason. But I have no influence on this. I contacted the postmasters of those servers but they are not going to change anything because of a lack of knowledge or willingness.