This article applies to:

• Trustwave MailMarshal (SEG)

Question:

Procedure:

The best way to handle this is to add the phrase [POSSIBLE SPAM] to the beginning of the subject line of the emails and allow them to pass through. This will allow users to create rules in their email client that can automatically move these messages to a particular folder.

To implement this:

1. Open the Block Spam Rule, or any other rule that this should apply to.
2. On the Actions tab or page, uncheck the Move message to action.
3. For SEG 8.2 and above, add a "Prepend text" action with your chosen text.
4. For earlier versions:
   • Add the action called Rewrite message headers using 'expressions'.
   • Click the expressions hyperlink in the rule description.
   • In the 'Header Rewrite' dialog, click New.
   • In the 'Field matching' screen:
     • Check 'Subject:'
     • Field parsing method should be set to Entire Line.
     • Match Case should not be checked.
     • Click Next.
   • In the 'Matching Options' screen:
     • Set the Field Search Expression to: (.+ )  [that is parenthesis, followed by a period, followed by a plus sign, followed by close parenthesis]
     • Set Substitute into field using expression to: [POSSIBLE SPAM] $1
     • Click Next.
     • Give the 'Header Rewrite' a name and click Finish.
     • Click OK.
     • Click Next, then Finish to close the 'Rule Wizard
5. Commit configuration.

Notes:

Unpredictable results can occur if Header Rewrite is not implemented correctly. If you are experiencing issues with the Header Rewrite, please contact Technical Support.

This article was previously published as:

NETIQKB35251