ESA | Stopped by Reputation Filtering

ccg-security · ‎10-06-2017

Hi Team:

I am trying to determine why a particular partner of ours is being blocked total attempted 500+ messages in.

Out of about 597 attempted messages, 384 are being stopped by reputation filtering. Is there something I can view in the logs to determine exactly and why they are being blocked?

error we recieved:

TLS_connect_failed:_error:14094418:SSL_routines:SSL3_READ_BYTES:tlsv1_alert_unknown_ca;_connected

dmccabej · ‎10-08-2017

Hello,

Stopped by Reputation Filtering means pretty much that. When we reviewed the SenderBase reputation of the connecting server, we provided it with a score, and based on that score was blocked by one of your Sender Groups. If the connecting server does indeed have a low/negative reputation score, the only way for you to then accept those connections would be to add the server(s) IP and/or hostname to a static Sender Group to explicitly accept them (IE: WHITELIST). You can read more about SenderBase Reputation Filtering within our User Guide: here. This can be done in the GUI under Mail Policies --> HAT Overview.

For the TLS error, it reads as though you're possibly trying to perform certificate verification, and we do not trust the sending host's certificate. This could possibly be because they're using a self-signed certificate or that we do not include the CA who had signed their certificate within our Certificate Authority list.

Do you know if you're trying to perform certificate verification on Incoming or Outgoing TLS connections? Or if the other party is perhaps trying to perform verification?

Thanks!

-Dennis M.