The first time a message is quarantined for a user they should immediately recieve a notification that they can now bookmark the link to view the messages. This is a one time message per expiration period, so they should only see it once if the expiration is set to "never". If the expiration is set to "never" and users are still recieving multiple bookmark links then this should be considered a bug and you should call into support to verify.
Sorry if my explanation has caused some confusion. Primary issue is that the users are not getting End User Quarantine Notification which is set to 4 hrs.
So in my case I sent test SPAM from my gmail account to the corporate account. I got the mail with bookmark URL. On clicking it I could see the SPAM mail in quarantine and had the option of Delete, Release, Whitelist. But on sending more test SPAM mails Mail gateway is not sending me notification even after 4 hrs. On clicking the Bookmark I see the mails are there in quarantine. In fact users are complaining that the only mail (if at all received) is the Bookmark email and after that there is no notification email. Is there any other way in terms of notifying the users?? As initially the period configured was 24 hrs but since users were not getting any quarantine mail notification it was reduced to 4 hrs for testing but with no success.
There may be an issue here, but first check to make sure, under End User Quarantine -> User List, that the emails are being quarantined to the queues that were specified under "Quarantine Type", and also make sure that "Type" is set to recipient. If you are applying the rule(s) to a group(s) make sure that the recipients are actually in the group (Compliance -> Compliance Advanced -> Group Manager)
Thanks for the suggestion. The settings you have mentioned are there. In the process to troubleshoot I have created a test account for myself and I got the bookmark mail and the end user quarantine notification. I could verify it by going to Queue Manager --> Queue search --> Processed --> to (my email ID). I see a mail with subject "Alert: Your link to access quarantined messages has changed - <Date and time>" with no sender email address, which is fine. Now the problem is a user reported that she did not receive any bookmark / notification email. I repeated the query with her email address and dont see any mail sent to her. I then generated a new request for her by going to Anti-Spam --> Anti-Spam Advanced --> End USer Quarantine --> Configure --> Entered her email address in EUQ Link Refresh and selected "Refresh for Specific Users" Clicked Refresh. User hasnt got the email and i repeated the same for myself and I get it immediately.
So I am sure something is broken in the Mail Gateway.
What should I grep in the CLI to compare the behaviour.
i have the same trouble as you. do you have any update of this ?
Yes I have the answer to your problem -- thanks to Fred in McAfee Mail Support.
Point to note:
(1) If there is no mail in the Qurantine for the user, McAfee Mail Gateway (MMG) will never send that 1st URL (Bookmark URL).
(2) Point 1 answers why not everyone got the bookmark URL
So for the others who have not got the URL -- for them to receive the URL they have to wait for the SPAM mail to be Qurantined in their name before the system sends out the IRL.
Or you can send them a Test SPAM mail from external account (like gmail, hotmail, yahoo etc). Signature for test SPAM mail is as follows -- put this in the mail body (http://spamassassin.apache.org/gtube/)
This will trigget the Bookmark URL.
You can check this by searching the Queue manager for Processed mail / Outbound mail. Refer to details in my above post. You will find the mail in one of the filters. Capture mail ID if is it stuck in outbound queue and is not delivered for furthure analysis from CLI.
On the CLI enter the following command as it is but replace the msgid (264964) with your message ID captured from GUI. You can also replace -d head with -d tail.
showevents -s cfile="/conf/scevents.ini" -s "ifile=/log/scmail-logs.bin" -d head -g module=smtpo -g msgid=264964
You can use the following to filter specific event id, i am filtering eid 4139
showevents -s cfile="/conf/scevents.ini" -s "ifile=/log/scmail-logs.bin" -d tail -g module=smtpo -g eid=4139
look for the command help for other functions.
I am sure this helps as it did to me.