Why didn't PureMessage quarantine a message that is spam?

There are a variety of reasons why a message containing spam characteristics is not identified as spam and treated accordingly. This may be due to aspects of PureMessage configuration described below.

Anti-Spam Engine
Ensure that PureMessage is using the latest anti-spam engine package by navigating to the Support > Check for Updates page in the PureMessage Manager, clicking Query, and checking that there is no update available for the PureMessage-AntiSpam-Engine. If there is, run pmx-setup at the command line to launch the installer and retrieve available update(s).
Anti-Spam Data
Ensure that PureMessage is using the latest anti-spam data package by navigating to the Support > View Installed Packages page in the PureMessage Manager, and examining the date of the PureMessage-AntiSpam-Data package. It should be the current day’s date. If it isn't, check the Support > Check for Updates page, as described above, and update the package by running pmx-setup at the command line.
Anti-Spam Opt-Outs
If the recipient’s address is included in the Anti-spam opt-outs list or the sender’s address is included in the Whitelisted senders list, the message is exempt from anti-spam filtering. See “Editing Lists” in the Manager Reference for more information. Also check that MTA IP Blocking is enabled.
Trusted Relay Configuration
PureMessage includes the ability to specify the IP addresses of external relays that are known to be “safe”. Ensure that trusted relays are configured and enabled. See the Policy > Trusted Relay IPs section of the Manager Reference for instructions.
Network DNS Access
A number of spam detection techniques rely on access to DNS servers. If DNS-based network checks are enabled (the default), ensure that the DNS server is functioning properly and communicating with the server(s) where PureMessage is running.
Quarantine Threshold in Policy Script
The PureMessage policy script performs actions on messages based on their spam probability. For example, the policy script can be configured to quarantine messages if they have a spam probability of 50% or greater. Changing probability-based actions in the policy script (via the pmx-policy command-line program or via the Policy tab in the PureMessage Manager) can possibly result in some spam not being detected.
Email Headers
If the message is subject to filtering but PureMessage has not identified it as spam, examine the message to see what headers were added by PureMessage during processing. By default, the X-PMX-Version header is added to all messages from external hosts. The absence of this header indicates that PureMessage has not processed the message. The default policy script also adds an X-PerlMx-Spam header to all messages with a spam probability. If the message’s spam probability exceeds 50%, PureMessage not only adds the <X-PerlMx-Spam> header, but also alters the subject line and copies the message to the quarantine. The presence of this header indicates that anti-spam processing was completed. See “Policy Configuration” in the Administrator’s Reference for more information.
If the message does not have an X-PerlMx-Spam header, you can check the message_log (by default, /opt/pmx6/var/log/message_log) to see what spam score the message received. The log file can be analyzed to determine the message’s interaction with the policy script.
Note You can help Sophos in its continuing efforts to improve the accuracy of PureMessage spam heuristics by forwarding misidentified items as attachments to:

You can also share your aggregated message statistics with Sophos by ensuring that Support > Share data with Sophos is enabled.