• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 308
  • Last Modified:

Allow intranet users to search a SPAM.NSF database for false positives

Our firewall flags potential spam by placing '[SPAM]' in the subject field of an incoming email.

A SMTP rule on the Domino server routes flagged email to a SPAM.NSF database.

I’m wanting to allow end users to be able to look for false positives against their name only.

Can someone suggest how this could possibly be achieved?

Also, we have a Windows 2003 IIS based intranet which users authenticate to; could a ASP session variable which contains the users email address be used to interrogate the NSF database?

1 Solution
Sjef BosmanGroupware ConsultantCommented:
Difficult, unless you want to modify those mail: you'd have to add Reader-fields. Not very practical. You migth allow some sort of Search, I'd say through a browser on your Intranet. You can hide more Notes-features using the HTTP-server.

Furthermore, how is Mark Johnson going to find mail that was addressed to Marc Johanson? I think it's a job for some poor person, under the supervision of the HR department?
I agree that this is going to be difficult due to authentification issues. Web based for sure, with just a script that automatically searches based on login name. No direct connect to the DB itself, just a search agent.

the IIS based mail name may not be the same as for Notes, so Sjef is correct that you would need a translation table that would need to be maintained.

I hope this helps !

ajosephsonAuthor Commented:
Thank you for the input.

I’m surprised it is not as straightforward as I though it would be; thinking some kind of .NET database connector would be able to do the job.

Maybe the database can be exported then searched? Or surely a notes script itself  on the clients could do the job?

Or  a ODBC -> NOTES  driver ( http://www.csc.fi/cschelp/sovellukset/stat/sas/sasdoc/sashtml/win/z0624057.htm#z0624673) to allow IIS to access the database?

Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

Sjef BosmanGroupware ConsultantCommented:
We can think of lots of ways to get this done, but tell us first how you are going to prevent that the wrong user reads the wrong mail?
ajosephsonAuthor Commented:
Domino is configured with ‘full name  lookup’ & ‘address must exist in domino directory’ so only valid email addresses should get to the router; to then be redirected to SPAM.nsf.

When I user logs into the Intranet a session variable is set with their email address. I was thinking this variable could be used to search the database.
Sjef BosmanGroupware ConsultantCommented:
These users are also authenticating on the Domino server, when they use that server from the Intranet? I think the only way is to build an application that searches for only their name. If you can pass the name in the URL, so much the easier.
brwwigginsIT ManagerCommented:
We tried this with a notes DB and performance was horrible. We tried to have an agent that updated the readers fields on new messages but took a long time to run.

We use brightmail quarantine where I am at now and basically it is a MYSQL database the messages get e-mailed into via SMTP and then a program runs to look at the SMTP address and compare it with those in a User table. Then it copies items from the body, subject and other fields into a table and inserts the user key. Then when they log in use just do normal SQL queries.

But as mentioned above we still have issues with the app maintaining the user's table and seeing other names when logging in
Agree with brwwiggins.. familiar with SPAMJAM, that does allow users to find their quarantined spam, but this spam protector allows all spam in and then filters it per user to allow users to manage their own spam.  So it was a performance killer.  

However, I found the separate boxes to be really helpful in curtailing spam, with minimal cost and administration:

Or integration with SpamAssassin
ajosephsonAuthor Commented:
Sorry for the delay. I’d like to avoid using a separate appliance - WatchGuard is OK.

sjef_bosman users are only authenticating against the Active Directory not domino.

The email address could easily be passed in a URL to the domino server. I simply do not know domino to understand how this could be used / domino scripts to execute etc.

I appreciate your help.

ajosephsonAuthor Commented:

i'm keen to get your advice on this pls?
Sjef BosmanGroupware ConsultantCommented:
Ok, this might be the way to do it:
- enable full-text search on the database
- use an URL to search the database

From the Designer Help db:

Use SearchView URLs to limit a search to documents displayed in one database view.
This URL is useful for views that display all documents (so you can have a full-database search) or for views in which you can predict what users need to see, such as all documents whose status is "Completed."


Some of the allowed argument:
The ArgumentList must contain the Query argument; in addition, it may contain any or all of the other arguments in any order.
    Where string is the search string.
    Where n is the number of results to display on each page until the
    SearchMax has been reached. For example Count=10 will display
    10 results per page.
    Indicate 1 to "Sort by relevance," 2 to "Sort by date ascending,"
    3 to "Sort by date descending." The default is 1. SearchView
    also supports a SearchOrder value of 4 to "Keep current order,"
    which sorts the resulting set of documents in the order in which
    they appear in the view.
    Where n is the maximum number of entries returned. The default value is determined by the server.
Where n is the number corresponding to the document that appears first in your list of results. For example, Start=10 begins your list of results with the 10th document found in the search. Start=0 means that paged results will not be returned.

If you can create an URL like
    http: //www.domain.com/spamdb.nsf/?SearchView&Query=mailaddress@domain.com&SearchOrder=3&Start=0
the spam database will be searched and the results will be presented to the user. But beware: any user with some Notes knowledge about creating URLs like this will be able to search the database on ANY user's mailaddress!

You might have to replace the @ by %40
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now