Solved

Allow intranet users to search a SPAM.NSF database for false positives

Posted on 2006-07-12
11
260 Views
Last Modified: 2013-12-18

Our firewall flags potential spam by placing '[SPAM]' in the subject field of an incoming email.

A SMTP rule on the Domino server routes flagged email to a SPAM.NSF database.

I’m wanting to allow end users to be able to look for false positives against their name only.

Can someone suggest how this could possibly be achieved?

Also, we have a Windows 2003 IIS based intranet which users authenticate to; could a ASP session variable which contains the users email address be used to interrogate the NSF database?

0
Comment
Question by:ajosephson
11 Comments
 
LVL 46

Expert Comment

by:Sjef Bosman
Comment Utility
Difficult, unless you want to modify those mail: you'd have to add Reader-fields. Not very practical. You migth allow some sort of Search, I'd say through a browser on your Intranet. You can hide more Notes-features using the HTTP-server.

Furthermore, how is Mark Johnson going to find mail that was addressed to Marc Johanson? I think it's a job for some poor person, under the supervision of the HR department?
0
 
LVL 63

Expert Comment

by:SysExpert
Comment Utility
I agree that this is going to be difficult due to authentification issues. Web based for sure, with just a script that automatically searches based on login name. No direct connect to the DB itself, just a search agent.

the IIS based mail name may not be the same as for Notes, so Sjef is correct that you would need a translation table that would need to be maintained.

I hope this helps !

0
 

Author Comment

by:ajosephson
Comment Utility
Thank you for the input.

I’m surprised it is not as straightforward as I though it would be; thinking some kind of .NET database connector would be able to do the job.

Maybe the database can be exported then searched? Or surely a notes script itself  on the clients could do the job?

Or  a ODBC -> NOTES  driver ( http://www.csc.fi/cschelp/sovellukset/stat/sas/sasdoc/sashtml/win/z0624057.htm#z0624673) to allow IIS to access the database?

0
 
LVL 46

Expert Comment

by:Sjef Bosman
Comment Utility
We can think of lots of ways to get this done, but tell us first how you are going to prevent that the wrong user reads the wrong mail?
0
 

Author Comment

by:ajosephson
Comment Utility
Domino is configured with ‘full name  lookup’ & ‘address must exist in domino directory’ so only valid email addresses should get to the router; to then be redirected to SPAM.nsf.

When I user logs into the Intranet a session variable is set with their email address. I was thinking this variable could be used to search the database.
0
Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 46

Expert Comment

by:Sjef Bosman
Comment Utility
These users are also authenticating on the Domino server, when they use that server from the Intranet? I think the only way is to build an application that searches for only their name. If you can pass the name in the URL, so much the easier.
0
 
LVL 20

Expert Comment

by:brwwiggins
Comment Utility
We tried this with a notes DB and performance was horrible. We tried to have an agent that updated the readers fields on new messages but took a long time to run.

We use brightmail quarantine where I am at now and basically it is a MYSQL database the messages get e-mailed into via SMTP and then a program runs to look at the SMTP address and compare it with those in a User table. Then it copies items from the body, subject and other fields into a table and inserts the user key. Then when they log in use just do normal SQL queries.

But as mentioned above we still have issues with the app maintaining the user's table and seeing other names when logging in
0
 
LVL 18

Expert Comment

by:marilyng
Comment Utility
Agree with brwwiggins.. familiar with SPAMJAM, that does allow users to find their quarantined spam, but this spam protector allows all spam in and then filters it per user to allow users to manage their own spam.  So it was a performance killer.  

However, I found the separate boxes to be really helpful in curtailing spam, with minimal cost and administration:
http://www.gessworks.com/WebSite.nsf/page/mimeshield
http://www.trimmail.com/products/
http://www.barracudanetworks.com/ns/products/

Or integration with SpamAssassin
http://www.openntf.org/Projects/pmt.nsf/ProjectHome?ReadForm&Query=SpamAssassin%20Integration
0
 

Author Comment

by:ajosephson
Comment Utility
Sorry for the delay. I’d like to avoid using a separate appliance - WatchGuard is OK.

sjef_bosman users are only authenticating against the Active Directory not domino.

The email address could easily be passed in a URL to the domino server. I simply do not know domino to understand how this could be used / domino scripts to execute etc.

I appreciate your help.

0
 

Author Comment

by:ajosephson
Comment Utility

i'm keen to get your advice on this pls?
0
 
LVL 46

Accepted Solution

by:
Sjef Bosman earned 250 total points
Comment Utility
Ok, this might be the way to do it:
- enable full-text search on the database
- use an URL to search the database

From the Designer Help db:

Use SearchView URLs to limit a search to documents displayed in one database view.
This URL is useful for views that display all documents (so you can have a full-database search) or for views in which you can predict what users need to see, such as all documents whose status is "Completed."

Syntax
    http://Host/Database/View?SearchView[ArgumentList]

Some of the allowed argument:
The ArgumentList must contain the Query argument; in addition, it may contain any or all of the other arguments in any order.
Query=string
    Where string is the search string.
Count=[n]
    Where n is the number of results to display on each page until the
    SearchMax has been reached. For example Count=10 will display
    10 results per page.
SearchOrder=[1,2,3,4]
    Indicate 1 to "Sort by relevance," 2 to "Sort by date ascending,"
    3 to "Sort by date descending." The default is 1. SearchView
    also supports a SearchOrder value of 4 to "Keep current order,"
    which sorts the resulting set of documents in the order in which
    they appear in the view.
SearchMax=[n]
    Where n is the maximum number of entries returned. The default value is determined by the server.
Start=[n]
Where n is the number corresponding to the document that appears first in your list of results. For example, Start=10 begins your list of results with the 10th document found in the search. Start=0 means that paged results will not be returned.

If you can create an URL like
    http: //www.domain.com/spamdb.nsf/?SearchView&Query=mailaddress@domain.com&SearchOrder=3&Start=0
the spam database will be searched and the results will be presented to the user. But beware: any user with some Notes knowledge about creating URLs like this will be able to search the database on ANY user's mailaddress!

You might have to replace the @ by %40
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Domino Server 11 61
Lotus Domino server 11 55
Lotus notes - Follow up notes mail missing 15 61
Lotus Notes Calendar Help 6 93
You’ve got a lotus Domino web server, and you have been told that “leverage browser caching” is a must do. This means that we have to tell the browser everywhere in the web to use cache. In other words, we set (and send) an expiration date in the HT…
Notes Document Link used by IBM Notes is a link file which aids in the sharing of links to documents in email and webpages. The posts describe the importance and steps to create a Lotus Notes NDL file in brief.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
You have products, that come in variants and want to set different prices for them? Watch this micro tutorial that describes how to configure prices for Magento super attributes. Assigning simple products to configurable: We assigned simple products…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now