â07-15-2022 04:46 AM
Hi,
Has anyone teste the Aggressive spam profile explained here:
https://docs.ces.cisco.com/docs/ironport-anti-spam-scanning-profile
I am curios if someone evaluated it in order to have expectations with false positives increase.
Unfortunately we haven't got any possibility to test it with some pilot users.
Kind Regards!
Solved! Go to Solution.
â07-25-2022 06:40 PM
You are correct it is indeed is a global level change and not per policy. These are some ways to test but not the affirmative methods,
1. If there are multiple devices in cluster, you can run machine level overrides on few ESA(s), setup the aggressive scanning profile and monitor the outcome.
2. Or you can setup SMTP routes so that emails are scanned by an ESA with default profile are then forwarded to another ESA with aggressive profile.
â07-18-2022 06:35 PM
A difficult question to answer in general. We have seen customers setup some aggressive settings which has done more harm than good while it worked out better for a few. There's a no baseline to state the increase in the false positives.
Best way to test is setup a new policy with these aggressive settings, configure antispam to add a new custom header for suspect and positive spam. Create a content filter to match the custom header with a simple action like "log-entry". Then you can run a content filter report to identify the number of times it was matched. You can dig into the emails later to understand if there were false positives
â07-19-2022 12:50 AM
Hi,
thank you for feedback.
It will be very good if we can test it. I still cant see how we can test for some users per mail policy as the spam profile is configured for global level. Could you please elaborate further.
Kind Regards!
â07-25-2022 06:40 PM
You are correct it is indeed is a global level change and not per policy. These are some ways to test but not the affirmative methods,
1. If there are multiple devices in cluster, you can run machine level overrides on few ESA(s), setup the aggressive scanning profile and monitor the outcome.
2. Or you can setup SMTP routes so that emails are scanned by an ESA with default profile are then forwarded to another ESA with aggressive profile.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide