In recent weeks we contracted McAfee Professional Services for assistance in upgrading our email appliance from IronMail v6.7.2 to MEG 7.6 and also switched to a clustered environment. In the old system it was possible to provide end users access to inbound messages that were quarantined as the result of compliance dictionary matches by quarantined both spam and compliance to the same user accessible quarantine queue. Also, end user whitelist submissions could bypass compliance on inbound messages. In the new system, it does not appear to be possible to allow end users the ability to view, release, and/or whitelist messages that are quarantined as the result of compliance dictionary matches.
We utilize a custom dictionary that was migrated from the old system and is used to combat phishing schemes. Ideally, I would like to see this dictionary utilized in the spam category for contribution as "Spam Terms". I suspect this would solve the problem of users being completely unware of messages destined for them that are blocked as the result of the dictionary being in compliance. However, this custom dictionary is weighted and it does not appear to be possible to specify a dictionary threshold when adding a dictionary to "Spam Terms".
It looks like KB83041 might be the solution I'm looking for but I don't see "Add score to spam score (Monitor)" as an option when creating a compliance rule in my environment. I have already submitted a Product Enhancement Request for the addition of a dictionary threshold feature in spam; however, what options are available as a workaround for this problem? Our executives are having legitimate messages blocked in compliance without any knowledge of the message that is being withheld from them. At this time, I've had no choice but to discontinue the use of this valuable custom dictionary.
Thanks for taking the time to read my post. Any feedback would be greatly appreciated!