cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2518
Views
4
Helpful
4
Replies

Can't report forwarded mail?

RSteveKadish
Level 1
Level 1

Hi,

I figured that with the IronPort Outlook Plug-in, I could have users forward spam to me as an attachment, and then report it to Cisco.  However, if I open a message that was forwarded as an attachment and press one of the reporting buttons, I get a dialog saying that Outook failed to report the item.  Can anyone confirm this behavior and tell me if there is a workaround?

Thanks,

- Steve

1 Accepted Solution

Accepted Solutions

Enrico Werner
Cisco Employee
Cisco Employee

Hi Steve,

in general it is be better if users can report Spam messages directly to Cisco IronPort as forwarding the message several times changes the headers, especially if Outlook is used.  In some cases it appears that Outlook even stripes headers which would be important for Cisco IronPort to analyze the messages. Without original email headers, submissions cannot be used to update Anti-Spam rules unfortunately.

However, you could verify a few samples at the user site and display the message source to check

availableheaders. Then forward the message to you and compare the source and headers. Then, in order to check basic connectivity to the IronPort reporting servers, run the following tests from the  machine:

- Open command line and check if the following commands succeed:

        telnet cas1-c604-nl.ironport.com 80

        telnet soma-c602-nl.ironport.com 80

        telnet cas1-c603-nl.ironport.com 80

- Use 'Ctrl + ]' (on Windows) to escape the telnet client.

The client machine will need to be able to establish successful port 80 connections to these servers, in order for the Plug-in tool to function. If these tests fail, check for local network and firewall issues.

If you prefer to forward Spam messages to Cisco IronPort yourself only, open a support case to have your submissions checked. This way you can make sure everything works as supposed to and submissions are valid.

Best regards,

Enrico

View solution in original post

4 Replies 4

Enrico Werner
Cisco Employee
Cisco Employee

Hi Steve,

in general it is be better if users can report Spam messages directly to Cisco IronPort as forwarding the message several times changes the headers, especially if Outlook is used.  In some cases it appears that Outlook even stripes headers which would be important for Cisco IronPort to analyze the messages. Without original email headers, submissions cannot be used to update Anti-Spam rules unfortunately.

However, you could verify a few samples at the user site and display the message source to check

availableheaders. Then forward the message to you and compare the source and headers. Then, in order to check basic connectivity to the IronPort reporting servers, run the following tests from the  machine:

- Open command line and check if the following commands succeed:

        telnet cas1-c604-nl.ironport.com 80

        telnet soma-c602-nl.ironport.com 80

        telnet cas1-c603-nl.ironport.com 80

- Use 'Ctrl + ]' (on Windows) to escape the telnet client.

The client machine will need to be able to establish successful port 80 connections to these servers, in order for the Plug-in tool to function. If these tests fail, check for local network and firewall issues.

If you prefer to forward Spam messages to Cisco IronPort yourself only, open a support case to have your submissions checked. This way you can make sure everything works as supposed to and submissions are valid.

Best regards,

Enrico

Hi Enrico,

Thanks for the feedback.  I guess my plan of reporting the spam that users forward to us (since they do it all the time anyway) isn't feasible.  However, I'm now confused because another user on this forum told me that since the plug-in reports spam by sending it to another email, that it wasn't necessary for Outlook to be able to access to access the Internet.  If the HTTP connections are necessary, I will need to have firewall changes made.  Could you please clarify?

Thanks,

- Steve

Hi Steve,

any plug-in before version 7.x used to connect via HTTPS whereas the newer plug-ins from version 7.x use the mail client and SMTP. So if you use the newer plug-in HTTP connections are not necessary.

Hope that helps.

Best regards,

Enrico

.

Enrico,

Thanks for clarifying.  We are using the latest plug-in.

Best,

- Steve

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: