07-12-2021 08:52 AM
Hi Team,
Is it possible intermittent were occur for SBRS setup in ESA?
07-21-2021 11:18 PM
Hey M.Aswad,
Intermittent issues can occur for SBRS if it's for a new IP we haven't looked up yet and not cached; and there is a delay within DNS to resolve the SBRS score.
SBRS scores are retrieved in the DNS Lookup at the time of connection - so delays here can impact the SBRS score verdicts and you can get intermittent unable to retrieve.
If it's happening on ALL connections - then we have an issue there that needs to be looked at.
Thanks,
Mathew
10-04-2021 11:58 PM
Hi Matthew,
Thanks for the explanation on the SBRS, however as per checking on the SBRS Score in message details, I can see the email was hit HAT Overview -> UNKNOWNLIST and the SBRS Score shows that unable to retrieve ..... do you have any suggestion for me to further checking on this issue.
Thanks,
Aswad
10-05-2021 03:55 PM
Hey Aswad,
Unable to retrieve could be numerous potential issues.
First thing i would suggest is make sure SBRS is able to connect to senderbase side -> telnet phonehome.senderbase.org 443
If this works, then we can move to the next step.
Depending on version (before 13.x i believe) use repengstatus and make sure it's available; if you're on a latter version use talosstatus on the CLI and make sure ip reputation client is updated.
If either are not updated; repengupdate force or talosupdate force
After which do a grep "SBRS" -t mail_logs and see if it improves or results are working now.
If it's still failing after these checks - i would encourage you to open a TAC case for deep rooted troubleshooting.
Thanks,
Mathew
10-07-2021 09:11 AM
Hi Mathew,
Noted your advice to check before opening a TAC case. I want to verify that " phonehome.senderbase.org " is not hosted by Cisco right?
Currently, we just only allow URLs on this website " https://www.cisco.com/c/en/us/td/docs/security/esa/esa13-5-1/user_guide/b_ESA_Admin_Guide_13-5-1/b_ESA_Admin_Guide_12_1_appendix_0101111.html#Cisco_Concept.dita_4423beca-f7e2-41ed-9123-4a9c838bb754 " and seems that this URL " phonehome.senderbase.org " is not included.
Thanks
Aswad
10-07-2021 01:05 PM
10-07-2021 11:56 PM
Hi Ken Stieers,
May I know if this PDF is correct " https://www.cisco.com/c/en/us/td/docs/security/esa/esa11-1/user_guide/b_ESA_Admin_Guide_11_1/b_ESA_Admin_Guide_11_1_appendix_0101111.pdf " related to the phonehome.senderbase.org. Since I cannot proceed with this solution if there is no KB from Cisco.
Currently, we did not allow this URL for now.
Thanks,
Aswad
10-08-2021 06:10 AM
I just checked the doc.
Page 3 in that doc, third entry on that page... phonehome.senderbase.org is listed.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide