Solved

Allow intranet users to search a SPAM.NSF database for false positives

Posted on 2006-07-12
11
263 Views
Last Modified: 2013-12-18

Our firewall flags potential spam by placing '[SPAM]' in the subject field of an incoming email.

A SMTP rule on the Domino server routes flagged email to a SPAM.NSF database.

I’m wanting to allow end users to be able to look for false positives against their name only.

Can someone suggest how this could possibly be achieved?

Also, we have a Windows 2003 IIS based intranet which users authenticate to; could a ASP session variable which contains the users email address be used to interrogate the NSF database?

0
Comment
Question by:ajosephson
11 Comments
 
LVL 46

Expert Comment

by:Sjef Bosman
ID: 17097344
Difficult, unless you want to modify those mail: you'd have to add Reader-fields. Not very practical. You migth allow some sort of Search, I'd say through a browser on your Intranet. You can hide more Notes-features using the HTTP-server.

Furthermore, how is Mark Johnson going to find mail that was addressed to Marc Johanson? I think it's a job for some poor person, under the supervision of the HR department?
0
 
LVL 63

Expert Comment

by:SysExpert
ID: 17099943
I agree that this is going to be difficult due to authentification issues. Web based for sure, with just a script that automatically searches based on login name. No direct connect to the DB itself, just a search agent.

the IIS based mail name may not be the same as for Notes, so Sjef is correct that you would need a translation table that would need to be maintained.

I hope this helps !

0
 

Author Comment

by:ajosephson
ID: 17105478
Thank you for the input.

I’m surprised it is not as straightforward as I though it would be; thinking some kind of .NET database connector would be able to do the job.

Maybe the database can be exported then searched? Or surely a notes script itself  on the clients could do the job?

Or  a ODBC -> NOTES  driver ( http://www.csc.fi/cschelp/sovellukset/stat/sas/sasdoc/sashtml/win/z0624057.htm#z0624673) to allow IIS to access the database?

0
 
LVL 46

Expert Comment

by:Sjef Bosman
ID: 17106354
We can think of lots of ways to get this done, but tell us first how you are going to prevent that the wrong user reads the wrong mail?
0
 

Author Comment

by:ajosephson
ID: 17106927
Domino is configured with ‘full name  lookup’ & ‘address must exist in domino directory’ so only valid email addresses should get to the router; to then be redirected to SPAM.nsf.

When I user logs into the Intranet a session variable is set with their email address. I was thinking this variable could be used to search the database.
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 
LVL 46

Expert Comment

by:Sjef Bosman
ID: 17107204
These users are also authenticating on the Domino server, when they use that server from the Intranet? I think the only way is to build an application that searches for only their name. If you can pass the name in the URL, so much the easier.
0
 
LVL 20

Expert Comment

by:brwwiggins
ID: 17108798
We tried this with a notes DB and performance was horrible. We tried to have an agent that updated the readers fields on new messages but took a long time to run.

We use brightmail quarantine where I am at now and basically it is a MYSQL database the messages get e-mailed into via SMTP and then a program runs to look at the SMTP address and compare it with those in a User table. Then it copies items from the body, subject and other fields into a table and inserts the user key. Then when they log in use just do normal SQL queries.

But as mentioned above we still have issues with the app maintaining the user's table and seeing other names when logging in
0
 
LVL 18

Expert Comment

by:marilyng
ID: 17115677
Agree with brwwiggins.. familiar with SPAMJAM, that does allow users to find their quarantined spam, but this spam protector allows all spam in and then filters it per user to allow users to manage their own spam.  So it was a performance killer.  

However, I found the separate boxes to be really helpful in curtailing spam, with minimal cost and administration:
http://www.gessworks.com/WebSite.nsf/page/mimeshield
http://www.trimmail.com/products/
http://www.barracudanetworks.com/ns/products/

Or integration with SpamAssassin
http://www.openntf.org/Projects/pmt.nsf/ProjectHome?ReadForm&Query=SpamAssassin%20Integration
0
 

Author Comment

by:ajosephson
ID: 17127192
Sorry for the delay. I’d like to avoid using a separate appliance - WatchGuard is OK.

sjef_bosman users are only authenticating against the Active Directory not domino.

The email address could easily be passed in a URL to the domino server. I simply do not know domino to understand how this could be used / domino scripts to execute etc.

I appreciate your help.

0
 

Author Comment

by:ajosephson
ID: 17142447

i'm keen to get your advice on this pls?
0
 
LVL 46

Accepted Solution

by:
Sjef Bosman earned 250 total points
ID: 17144164
Ok, this might be the way to do it:
- enable full-text search on the database
- use an URL to search the database

From the Designer Help db:

Use SearchView URLs to limit a search to documents displayed in one database view.
This URL is useful for views that display all documents (so you can have a full-database search) or for views in which you can predict what users need to see, such as all documents whose status is "Completed."

Syntax
    http://Host/Database/View?SearchView[ArgumentList]

Some of the allowed argument:
The ArgumentList must contain the Query argument; in addition, it may contain any or all of the other arguments in any order.
Query=string
    Where string is the search string.
Count=[n]
    Where n is the number of results to display on each page until the
    SearchMax has been reached. For example Count=10 will display
    10 results per page.
SearchOrder=[1,2,3,4]
    Indicate 1 to "Sort by relevance," 2 to "Sort by date ascending,"
    3 to "Sort by date descending." The default is 1. SearchView
    also supports a SearchOrder value of 4 to "Keep current order,"
    which sorts the resulting set of documents in the order in which
    they appear in the view.
SearchMax=[n]
    Where n is the maximum number of entries returned. The default value is determined by the server.
Start=[n]
Where n is the number corresponding to the document that appears first in your list of results. For example, Start=10 begins your list of results with the 10th document found in the search. Start=0 means that paged results will not be returned.

If you can create an URL like
    http: //www.domain.com/spamdb.nsf/?SearchView&Query=mailaddress@domain.com&SearchOrder=3&Start=0
the spam database will be searched and the results will be presented to the user. But beware: any user with some Notes knowledge about creating URLs like this will be able to search the database on ANY user's mailaddress!

You might have to replace the @ by %40
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For users on the Lotus Notes 8 Standard client, this article provides information on checking the Java Heap size and adjusting it to half of your system RAM in attempt to get the Lotus Notes 8.x Standard client to run faster.  I've had to exercise t…
For beginners of Lotus Notes user this is important to know about the types of files and their location supported by IBM Notes. Mostly users are unaware about how many file types are created and what their usages are. This Article is fully dedicated…
This Micro Tutorial will give you a basic overview how to record your screen with Microsoft Expression Encoder. This program is still free and open for the public to download. This will be demonstrated using Microsoft Expression Encoder 4.
This Micro Tutorial demonstrates using Microsoft Excel pivot tables, how to reverse engineer competitors' marketing strategies through backlinks.

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now