Forum Discussion

Satyendra's avatar
Satyendra
Level 4
12 years ago

How to exclude particular email address from CA Random Sampling!

Hello Folks,

I am tring to find a way to exclude a particular email address from being captured in CA Randoming sampling.

I have tried Configuration --> Settings --> Random Capture --> Exclude items with this text in subject, but it doesn't seems to be working.

In the above option i have specified the exact subject like as the email i want to be excluded (without quotes), this email is a system generated by our spam filter with a specific subject line.. (xxx xxx - IronPort Spam Qurantine Notification). Also i restarted EVAMS after this modification.

Any thoughts?

Regards,
Satya

Compliance Accelerator
Configuring
Information Governance
  • TonySterling's avatar
    TonySterling
    12 years ago

    This might be your issue:

    Subject line exclusions no longer work in Compliance Accelerator 10.0

    Article:TECH186498  |  Created: 2012-04-14  |  Updated: 2012-05-15  |  Article URL http://www.symantec.com/docs/TECH186498

    If you have multiple items you need excluded you could look at Custom Filtering or DCS.

    With Custom Filtering you could choose to not even archive those items.

8 Replies

Sort By
Replies have been turned off for this discussion
  • TonySterling's avatar
    TonySterling
    Moderator
    12 years ago

    This might be your issue:

    Subject line exclusions no longer work in Compliance Accelerator 10.0

    Article:TECH186498  |  Created: 2012-04-14  |  Updated: 2012-05-15  |  Article URL http://www.symantec.com/docs/TECH186498

    If you have multiple items you need excluded you could look at Custom Filtering or DCS.

    With Custom Filtering you could choose to not even archive those items.

  • Satyendra's avatar
    Satyendra
    Level 4
    12 years ago

    I have added the subject keyword in custom filtering as well but doesn't seems to appear like its working :(

  • TonySterling's avatar
    TonySterling
    Moderator
    12 years ago

    Can you attach your custom filtering rules?  Also, do you see any events in the EV App log?

    Also, have you seen this?

    Message subject filters for custom filtering

    Article:HOWTO38170  |  Created: 2010-12-24  |  Updated: 2012-06-27  |  Article URL http://www.symantec.com/docs/HOWTO38170

     

  • Satyendra's avatar
    Satyendra
    Level 4
    12 years ago

    This is what i have in my 'Filter Rules.xml' file. Is this file name correct or it should be 'Custom Filter Rules.xml'?

    <?xml version="1.0"?>

    <RULE_SET xmlns="x-schema:ruleset schema.xdr">
     <!--This rule will hard delete items that match the subject criteria below -->

     <!--
     <RULE NAME="HardDeleteJournalItems" ACTION="HARD_DELETE">
      <SUBJECTS INCLUDES="ANY">
       <SUBJ MATCH="CONTAINS">Out of Office Autoreply</SUBJ>
       <SUBJ MATCH="CONTAINS">IronPort Spam Quarantine Notification</SUBJ>
      </SUBJECTS>
     </RULE>
     -->

  • TonySterling's avatar
    TonySterling
    Moderator
    12 years ago

    It should be called Default Filter Rules.xml

    You can review the relevant TN's

    Configuring custom filtering

    Article:HOWTO37055  |  Created: 2010-12-24  |  Updated: 2011-03-02  | 

    Article URL http://www.symantec.com/docs/HOWTO37055

    or check the Configuring filtering  section of the Setting up Exchange Archiving.pdf

  • Satyendra's avatar
    Satyendra
    Level 4
    12 years ago

    I am getting this error when using the default filter rules.xml, i am setting the filter to use just 2 subject keywords to exclude specific email from being journaled.

    Event Type: Error
    Event Source: Enterprise Vault
    Event Category: Journal Task
    Event ID: 45315
    Description:
    An error has occurred when adding a custom rule set.
    This error may be caused by incorrect XML syntax.
    Error: 0xc00ce011

    Internal References:
    Element cannot be empty according to the DTD/Schema.
    Details:
    Source: C:\Program Files\Enterprise Vault\Custom Filter Rules\Default Filter Rules.xml
    Line: 15
    Position: 3
    xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
    <?xml version="1.0"?>
    <RULE_SET xmlns="x-schema:ruleset schema.xdr">

     
     <!--This rule will hard delete items that match the subject criteria below -->

     <!--
     <RULE NAME="HardDeleteJournalItems" ACTION="HARD_DELETE">
      <SUBJECTS INCLUDES="ANY">
       <SUBJ MATCH="CONTAINS">IronPort Spam Quarantine Notification</SUBJ>
       <SUBJ MATCH="CONTAINS">Undeliverable</SUBJ>
      </SUBJECTS>
     </RULE>
     -->
    </RULE_SET>
    xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

  • TonySterling's avatar
    TonySterling
    Moderator
    12 years ago

    I don't believe this  --> should be there above </RULE_SET>.

    So like this

     

    <?xml version="1.0"?>
    <RULE_SET xmlns="x-schema:ruleset schema.xdr">

     
     <!--This rule will hard delete items that match the subject criteria below -->


     <RULE NAME="HardDeleteJournalItems" ACTION="HARD_DELETE">
      <SUBJECTS INCLUDES="ANY">
       <SUBJ MATCH="CONTAINS">IronPort Spam Quarantine Notification</SUBJ>
       <SUBJ MATCH="CONTAINS">Undeliverable</SUBJ>
      </SUBJECTS>
     </RULE>

    </RULE_SET>

  • Satyendra's avatar
    Satyendra
    Level 4
    12 years ago

    Thanks Tony! That was it i had to remove <!-- and --> and restarted JC and didn't get error anymore.

    Next thing is to validate if this works and doesn't samples the notification email anymore.

    This is after correction!

    <?xml version="1.0"?>
    <RULE_SET xmlns="x-schema:ruleset schema.xdr">


    <!--This rule will hard delete items that match the subject criteria below -->

    <RULE NAME="HardDeleteJournalItems" ACTION="HARD_DELETE">
    <SUBJECTS INCLUDES="ANY">
    <SUBJ MATCH="CONTAINS">IronPort Spam Quarantine Notification</SUBJ>
    <SUBJ MATCH="CONTAINS">Undeliverable</SUBJ>
    </SUBJECTS>
    </RULE>

    </RULE_SET>