Email Security: Resending the Junk Summary
12/20/2019 1042 12267
Email Security: Resending the Junk Summary
Resending the Junk Summary
This solution describes how to force SonicWall Email Security to resend another junk summary.
The Junk Summary is not being received by the end user. The customer says that junk summaries are not being sent. You would like to test the junk summary process and verify that they are indeed being sent. The purpose of this testing is to confirm that the path in which junk summaries are being delivered is correct. Although this is done in the Monitoring page under Server Configuration, it is a good test to perform in order to verify sending of junk summaries.
This is an informational report that is sent to users containing summary information about emails that have been quarantined by the SonicWall Email Security product.
How the process works
The process that will send the junkmail summary mlfjunkn is run once per hour by the hourly.bat/sh file. While this process is running, it will parse the quarantine directories and find emails that need to be included in the summaries.
Files used in the Junkmail Summary process
1. Envelope.dat - A list of all of the emails in that day's quarantine.
2. resent_<servername>.dat - A list of unjunked or deleted messages.
3. notified.dat - A list of junk summary emails that have already been processed by a junk summary.
4. notifiedall.xml - contains the size of the envelope.dat.
As mlfjunkn runs, it will find all of the notifiedall.xml files, verify all of the envelope.dat sizes and determine whether or not a summary needs to be sent. If the envelope.dat is the same size as the mlfjunkn, the process will move to the next quarantine directory and continue parsing data for junk that needs to be reported. If the envelope.dat is larger than the size reported in notifiedall.xml then the mlfjunkn will parse information from the envelope.dat and compare that information with the notified.dat and the resent_<servername>.dat to generate the list of emails that have been unjunked, deleted, or included within other summaries.
These emails will be added to a list, that is stored in memory, until the process finishes going through all of the directories. Once it is finished with the sorting of emails, then it will start sending the summaries (via the mlfjunkn command) to the downstream server.
The process time is dependant upon organization size and the logs for this process are stored in the /opt/emailsecurity/data/commonlogs/junknotifications file.
Forcing the Sending of a Junkmail Summary
Send a junkmail to yourself that will be quarantined, if you are doing it through a telnet session, the easiest way is to place MLFJUNK in the subject line and it will be considered junk.
Now, edit the /data/lastnotifed.xml and remove your email address from this file. If you would like to have the junk summary sent out for all users in this file, merely rename the file.
Delete the /data/lastnotifed_race.xml. (This file is like a lock file indicating when the last time hourly.bat had run. This file will only be recreated when hourly.bat runs. Sometimes when this file is corrupted it can also get in the way of it being overwritten and cause errors with junk summaries to be sent out).
Finally, run mlfjunkn from the command prompt. This should force the lastnoftified.xml to be recreated or at least to have the user that you removed from it to be readded to the list. If you wish to not have to resend spam samples to be junked to run this test, you can also remove entries from the notified.dat file. Removing any entry of the relevant user from the notified.dat file will essentially erase any history of that particular junked message from being notified to its intended recipient. In other words, there will be no record that the user was ever notified by junk summaries of the quarantined messages that are sitting in their junkbox .
You can use mlfjunkn -sendtest (recipient's email address) (ip address of mailserver) to test for the relay path of junk summaries. This will output to your commandline as well as the junknotifications log the success or failure of the junk summary test.
mlfjunkn -sendtest email@example.com 192.168.6.51
In addition, be sure that the backup smtp server is set to the downstream mailserver as Email Security looks to send junk summaries to whichever server is specified in this field.