08-13-2012 08:36 AM
Hello Folks,
I am tring to find a way to exclude a particular email address from being captured in CA Randoming sampling.
I have tried Configuration --> Settings --> Random Capture --> Exclude items with this text in subject, but it doesn't seems to be working.
In the above option i have specified the exact subject like as the email i want to be excluded (without quotes), this email is a system generated by our spam filter with a specific subject line.. (xxx xxx - IronPort Spam Qurantine Notification). Also i restarted EVAMS after this modification.
Any thoughts?
Regards,
Satya
Solved! Go to Solution.
08-13-2012 09:06 AM
This might be your issue:
Article:TECH186498 | | | Created: 2012-04-14 | | | Updated: 2012-05-15 | | | Article URL http://www.symantec.com/docs/TECH186498 |
If you have multiple items you need excluded you could look at Custom Filtering or DCS.
With Custom Filtering you could choose to not even archive those items.
08-13-2012 09:06 AM
This might be your issue:
Article:TECH186498 | | | Created: 2012-04-14 | | | Updated: 2012-05-15 | | | Article URL http://www.symantec.com/docs/TECH186498 |
If you have multiple items you need excluded you could look at Custom Filtering or DCS.
With Custom Filtering you could choose to not even archive those items.
08-20-2012 11:00 AM
I have added the subject keyword in custom filtering as well but doesn't seems to appear like its working :(
08-20-2012 11:45 AM
Can you attach your custom filtering rules? Also, do you see any events in the EV App log?
Also, have you seen this?
Article:HOWTO38170 | | | Created: 2010-12-24 | | | Updated: 2012-06-27 | | | Article URL http://www.symantec.com/docs/HOWTO38170 |
08-21-2012 09:56 AM
This is what i have in my 'Filter Rules.xml' file. Is this file name correct or it should be 'Custom Filter Rules.xml'?
<?xml version="1.0"?>
<RULE_SET xmlns="x-schema:ruleset schema.xdr">
<!--This rule will hard delete items that match the subject criteria below -->
<!--
<RULE NAME="HardDeleteJournalItems" ACTION="HARD_DELETE">
<SUBJECTS INCLUDES="ANY">
<SUBJ MATCH="CONTAINS">Out of Office Autoreply</SUBJ>
<SUBJ MATCH="CONTAINS">IronPort Spam Quarantine Notification</SUBJ>
</SUBJECTS>
</RULE>
-->
08-21-2012 10:57 AM
It should be called Default Filter Rules.xml
You can review the relevant TN's
Article:HOWTO37055 | | | Created: 2010-12-24 | | | Updated: 2011-03-02 | | |
Article URL http://www.symantec.com/docs/HOWTO37055 |
or check the Configuring filtering section of the Setting up Exchange Archiving.pdf
08-22-2012 11:17 AM
I am getting this error when using the default filter rules.xml, i am setting the filter to use just 2 subject keywords to exclude specific email from being journaled.
Event Type: Error
Event Source: Enterprise Vault
Event Category: Journal Task
Event ID: 45315
Description:
An error has occurred when adding a custom rule set.
This error may be caused by incorrect XML syntax.
Error: 0xc00ce011
Internal References:
Element cannot be empty according to the DTD/Schema.
Details:
Source: C:\Program Files\Enterprise Vault\Custom Filter Rules\Default Filter Rules.xml
Line: 15
Position: 3
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
<?xml version="1.0"?>
<RULE_SET xmlns="x-schema:ruleset schema.xdr">
<!--This rule will hard delete items that match the subject criteria below -->
<!--
<RULE NAME="HardDeleteJournalItems" ACTION="HARD_DELETE">
<SUBJECTS INCLUDES="ANY">
<SUBJ MATCH="CONTAINS">IronPort Spam Quarantine Notification</SUBJ>
<SUBJ MATCH="CONTAINS">Undeliverable</SUBJ>
</SUBJECTS>
</RULE>
-->
</RULE_SET>
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
08-22-2012 12:38 PM
I don't believe this --> should be there above </RULE_SET>.
So like this
<?xml version="1.0"?>
<RULE_SET xmlns="x-schema:ruleset schema.xdr">
<!--This rule will hard delete items that match the subject criteria below -->
<RULE NAME="HardDeleteJournalItems" ACTION="HARD_DELETE">
<SUBJECTS INCLUDES="ANY">
<SUBJ MATCH="CONTAINS">IronPort Spam Quarantine Notification</SUBJ>
<SUBJ MATCH="CONTAINS">Undeliverable</SUBJ>
</SUBJECTS>
</RULE>
</RULE_SET>
08-22-2012 01:22 PM
Thanks Tony! That was it i had to remove <!-- and --> and restarted JC and didn't get error anymore.
Next thing is to validate if this works and doesn't samples the notification email anymore.
This is after correction!
<?xml version="1.0"?>
<RULE_SET xmlns="x-schema:ruleset schema.xdr">
<!--This rule will hard delete items that match the subject criteria below -->
<RULE NAME="HardDeleteJournalItems" ACTION="HARD_DELETE">
<SUBJECTS INCLUDES="ANY">
<SUBJ MATCH="CONTAINS">IronPort Spam Quarantine Notification</SUBJ>
<SUBJ MATCH="CONTAINS">Undeliverable</SUBJ>
</SUBJECTS>
</RULE>
</RULE_SET>