Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2236
Views
0
Helpful
3
Replies

does this make sense? Logic check

johnny virgil_ironport
Level 1
Level 1

‎04-21-2005 05:23 PM

This is our current sender group order. Does it make sense?

Internal machines that are allowed to relay through IronPort

WHITELIST: TRUSTED Trusted senders have no Brightmail or rate limiting

ManualBlock: BLOCKED manual blocks, and really bad reputations (-8 to -10)

NoBrightMail: TRUSTEDBUTRATELIMITED Bypasses Brightmail Scanning for sending domains with SBRS of +5 or greater

SuspendThrottle: NOTHROTTLE For people that have a bad SBRS that whine

SenderBaseBlocked: SBRSBLOCKED Block senders with SenderBase Rep of -2 to -10

SenderBaseThrottled: SBRSTHROTTLED Throttle senders with SenderBase values of 0 to -1.9

Labels:
0 Helpful
3 Replies 3

atucker_ironport
Level 1
Level 1

‎04-21-2005 07:55 PM

Personally I would have the manually blocked domains first in the list (considering I usually have more blocked domains than whitelisted domains).

But it looks like you have everything set up fine. I am just guessing from your names, but are you rate limiting people with a hight sbrs score? Generally those are the people you can trust to nor flood your network.

Supposedly. :D

0 Helpful

johnny virgil_ironport
Level 1
Level 1

‎04-21-2005 08:02 PM

Kinda -- we have a problem with tons of NDRs coming in from Phishing expeditions. The sheer volume was overloading brightmail, even though the vast number of returns were to non-existent email addresses on our side, sent from respectable domains. What that rule does is allow them in without going through brightmail, but still allow us to rate limit things like if a large number were coming from AOL, for instance.

0 Helpful

atucker_ironport
Level 1
Level 1

‎04-22-2005 02:45 PM

Are you unable to use the ldap queries and DHAP?

Also, and I am sure someone will correct me if I am off base here, The SBRS score is based on the sending IP address. So if someone is forging an @aol.com email for phishing, the SBRS score will be from the sending IP address (not aols SBRS score). Of course if if the phishing is coming from actuall aol users or the varmits are forging ip addresses I guess that won't work. :)

0 Helpful
Customers Also Viewed These Support Documents