Surprised.

[mthorne]

My UT server has been up for a couple days. An account manager forwarded an email from a customer who has been trying to send us email. It showed "Quarantine Digest for username@company.com" and how to release it. I wasn't expecting emails sent to people. Also, the link was for an internal address and not publicly accessible. It only confused and frustrated non technical people.

Maybe it is a good idea, but I'm just surprised.

I uninstalled my UT server because of this.

[dmorris]

No its not a good idea to do this. Thats why it isn't on by default.

I'd suggest turning it back off.

If you want to scan outbound mail with it set to "quarantine" then I'd atleast suggest you change your quarantinable addresses so it will only quarantine for your users and mark everything else.

[Xolo]

No its not a good idea to do this. Thats why it isn't on by default.

I'm mostly running defaults on my 5.3 install apart from enabling some more categories in the web filter, and I must note that I found the digest function is enabled by default.
I see these digests drop in on a daily basis.

[sky-knight]

Then you had it in bridge mode and you had it plugged in backwards. Quarantine messages do not go to outside domains by default. Heck outgoing SMTP traffic is bypassed!

[Xolo]

No, quite sure it is not plugged in 'backwards'.
It is however, using the default setting where UT uses it's own mailserver to send out mails, I did not choose to set up a route to our internal Exchange box because UT sits outside our ISA server. Bridge mode? Yes.

Each morning at around 6:05AM, Untangle mails out quarantine digests to my users on it's own. I did not configure it to do so.

[dmorris]

Each morning at around 6:05AM, Untangle mails out quarantine digests to my users on it's own. I did not configure it to do so.

As it should.

Note the OP is talking about quarantining for the "rest of the world" not his own users.
Quarantining for your own users is the default.

[sky-knight]

Yes, by default the UT server will quarantine all mail from any domain. It uses a no rack policy for outgoing SMTP traffic to prevent the unit from scanning mail that is leaving the network. If you have a bridge mode installation and it is plugged in backwards... thanks to the bypass rule you wont be scanning mail coming in and instead will be scanning mail going out. Then with the UT server also doing its own mail delivery any spam intercepted from the world will generate quarantine requests.

You have to make quadruple sure you have your UT servers plugged in the right way around. If you get it flipped all kinds of bad things will happen. We all know this, but it is so incredibly easy to get it wrong...

I just did it to myself again... last week. I know.

[Xolo]

@dmorris: Hmm, may have misread then. i'm not too old to learn though on another note, I removed the catch-all rule under Config > Email > Quarantine because the digests are useless to my users because they can't reach the UT machine internally. Wasn't set up that way.
@sky-knight: Oops, hehe yes, It happens! I really liked that hot swap network check during setup to verify which card was detected as what for that reason. Made it easy to label the interfaces beforehand

[sky-knight]

Yeah but watch those labels! When we went from 5.03 to 5.2 the kernel changed... when the kernel changed some people got their interfaces moved around!

[dmorris]

[quote=Xolo;30904]@dmorris: Hmm, may have misread then. i'm not too old to learn though on another note, I removed the catch-all rule under Config > Email > Quarantine because the digests are useless to my users because they can't reach the UT machine internally. Wasn't set up that way.

ah, I'd consider just "blocking" or "marking" spam instead.
Otherwise you're just wasting space and CPU on quarantining when the users can't actually use it anyway.