Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
676
Views
0
Helpful
1
Replies

C170 ESA not processing "Suspected Spam" properly

UTGsysadmin
Level 1
Level 1

‎09-24-2015 04:47 AM

we're experiencing these conditions with a newly configured C170:

 

1. Regardless of Whitelist entries, ESA continues to hold items 

2. Not all held items are being sent to end user for review/release.

 

Obviously, if end users can't make the determination of SPAM/valid, and there are legitimate items being held, the unit has to be taken offline until this can be resolved.

 

Is there a root solution to this?

 

 

Labels:
0 Helpful
1 Reply 1

exMSW4319
Level 3
Level 3

‎09-25-2015 07:30 AM

I presume that by whitelisting you mean a sender group in your HAT whereby the mail passes through a mail flow policy with far fewer restrictions than usual. If so, a novice error is to confuse the domain of the sender with the domain of the equipment sending the mail.

So, for example, if you're trying to whitelist sender@bubbly.tld and the mail in question is actually being sent through scheissesturm.bendgrid.net then it's no good putting any permutation of bubbly into your HAT. No, that Bendgrid server must go into your list of trusted machines with all that this implies.

However, you mention the C170 "holding" items and that suggests that items are being caught by CASE (the anti-spam engine) or a content filter someone's put into your incoming policies. Do you have a policy that handles your whitelisted senders? If not, you'll need one if CASE is the problem. Policies do work by sender address so in our example you need to add Sender: @bubbly.tld to the policy users. You can then turn off anti-spam, anti-virus or any of the content filters as you need to.

Beware that if anyone impersonates a domain you've whitelisted by policy then they're going to sail through the defences you've turned off for that domain.

Finally, if that Bendgrid server in our example does get a very low Senderbase rating then no policy is going to save the mail, and the problem won't show up in message tracking; you'll have to read the connection log to see the rejection.

0 Helpful
Customers Also Viewed These Support Documents