Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5481
Views
0
Helpful
2
Replies

Anti-Spam in deep

Go to solution
Oscar Cardiel
Level 1
Level 1

‎03-30-2016 02:48 AM

Hi,

I can see through the message tracking that anti-spam engine is stopping some outgoing emails because Interim verdict Positive. How could I check the reason in deep to determine if it is a false o true positive?, which log could I check?, CLI mail_logs show me the same reasons than message GUI tracking.

29 Mar 2016 12:43:34 (GMT +02:00)

Protocol SMTP interface primari.diba.cat (IP 195.76.107.107) on incoming connection (ICID 6537063) from sender IP 195.77.200.210. Reverse DNS host None verified no.

29 Mar 2016 12:43:34 (GMT +02:00)

(ICID 6537063) RELAY sender group RELAYLIST match 195.77.200.210 SBRS -10.0

29 Mar 2016 12:43:34 (GMT +02:00)

Start message 1856619 on incoming connection (ICID 6537063).

29 Mar 2016 12:43:34 (GMT +02:00)

Message 1856619 enqueued on incoming connection (ICID 6537063) from testmailxtp@premiademar.cat.

29 Mar 2016 12:43:34 (GMT +02:00)

Message 1856619 on incoming connection (ICID 6537063) added recipient (saulinho85ms@gmail.com).

29 Mar 2016 12:43:34 (GMT +02:00)

Message 1856619 on incoming connection (ICID 6537063) added recipient (sistemes_xtp@osiatis.es).

29 Mar 2016 12:43:34 (GMT +02:00)

Message 1856619 contains message ID header '<64C2F2272AF9FC459D7D1D10FA436D1F9965EA@SWAJEX172.DIBAJ172.local>'.

29 Mar 2016 12:43:34 (GMT +02:00)

Message 1856619 original subject on injection: RE: bon dia

29 Mar 2016 12:43:34 (GMT +02:00)

Message 1856619 (3364 bytes) from testmailxtp@premiademar.cat ready.

29 Mar 2016 12:43:34 (GMT +02:00)

Message 1856619 matched per-recipient policy DEFAULT for outbound mail policies.

29 Mar 2016 12:43:34 (GMT +02:00)

Message 1856619 scanned by Anti-Spam engine: CASE. Interim verdict: Positive

29 Mar 2016 12:43:34 (GMT +02:00)

Message 1856619 scanned by Anti-Spam engine: CASE. Final verdict: Positive

29 Mar 2016 12:43:34 (GMT +02:00)

Message 1856619 aborted: Dropped by CASE

1 person had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Mathew Huynh
Cisco Employee
Cisco Employee

‎03-30-2016 05:41 PM

Hello Oscar,


The Interim and Final verdict deemed this as spam.

if it was a false positive i would strongly suggest to edit or create a new outgoing mail policy.

Add a policy for this user ID of testmailxtp@premiademar.cat

Change the anti-spam settings to 'deliver' rather than drop.

Then replicate this issue, once email is scanned and delivered to the destination addresses, retrieve this sample in it's original format and submit it to ham@access.ironport.com to have it checked under the automated system to recategorize it, if it still recurs then you would need to open a TAC case to have a human engineer review the false positive rules matching and correct it for you.

Regards,

Matthew

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Mathew Huynh
Cisco Employee
Cisco Employee

‎03-30-2016 05:41 PM

Hello Oscar,


The Interim and Final verdict deemed this as spam.

if it was a false positive i would strongly suggest to edit or create a new outgoing mail policy.

Add a policy for this user ID of testmailxtp@premiademar.cat

Change the anti-spam settings to 'deliver' rather than drop.

Then replicate this issue, once email is scanned and delivered to the destination addresses, retrieve this sample in it's original format and submit it to ham@access.ironport.com to have it checked under the automated system to recategorize it, if it still recurs then you would need to open a TAC case to have a human engineer review the false positive rules matching and correct it for you.

Regards,

Matthew

0 Helpful

Go to solution
Oscar Cardiel
Level 1
Level 1
In response to Mathew Huynh

‎03-31-2016 01:34 AM

Thank you very much for your reply, Mathew,

0 Helpful
Customers Also Viewed These Support Documents