|Product Support||Talos Support||Cisco Support||Reference +||Current Release|
|Gateway||Reputation Lookup||Open a support case||Secure Email Guided Setup|
|Cloud Gateway||Email Status Portal||Support & Downloads||docs.ces.cisco.com|
|Email and Web Manager||Web & Email Reputation||Worldwide Contacts||Product Naming Quick Reference|
|Cloud Mailbox||Notification Service|
Intermittent issues can occur for SBRS if it's for a new IP we haven't looked up yet and not cached; and there is a delay within DNS to resolve the SBRS score.
SBRS scores are retrieved in the DNS Lookup at the time of connection - so delays here can impact the SBRS score verdicts and you can get intermittent unable to retrieve.
If it's happening on ALL connections - then we have an issue there that needs to be looked at.
Thanks for the explanation on the SBRS, however as per checking on the SBRS Score in message details, I can see the email was hit HAT Overview -> UNKNOWNLIST and the SBRS Score shows that unable to retrieve ..... do you have any suggestion for me to further checking on this issue.
Unable to retrieve could be numerous potential issues.
First thing i would suggest is make sure SBRS is able to connect to senderbase side -> telnet phonehome.senderbase.org 443
If this works, then we can move to the next step.
Depending on version (before 13.x i believe) use repengstatus and make sure it's available; if you're on a latter version use talosstatus on the CLI and make sure ip reputation client is updated.
If either are not updated; repengupdate force or talosupdate force
After which do a grep "SBRS" -t mail_logs and see if it improves or results are working now.
If it's still failing after these checks - i would encourage you to open a TAC case for deep rooted troubleshooting.
Noted your advice to check before opening a TAC case. I want to verify that " phonehome.senderbase.org " is not hosted by Cisco right?
Currently, we just only allow URLs on this website " https://www.cisco.com/c/en/us/td/docs/security/esa/esa13-5-1/user_guide/b_ESA_Admin_Guide_13-5-1/b_ESA_Admin_Guide_12_1_appendix_0101111.html#Cisco_Concept.dita_4423beca-f7e2-41ed-9123-4a9c838bb754 " and seems that this URL " phonehome.senderbase.org " is not included.
Hi Ken Stieers,
May I know if this PDF is correct " https://www.cisco.com/c/en/us/td/docs/security/esa/esa11-1/user_guide/b_ESA_Admin_Guide_11_1/b_ESA_Admin_Guide_11_1_appendix_0101111.pdf " related to the phonehome.senderbase.org. Since I cannot proceed with this solution if there is no KB from Cisco.
Currently, we did not allow this URL for now.