Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
6718
Views
5
Helpful
3
Replies

How to fix email dropped by CASE ?

Go to solution
Vinay babu
Level 1
Level 1

‎10-18-2021 01:24 PM

How to fix email dropped by CASE, please find the message tracking as below ?

I have safelisted the sender email address in recipients' spam safelist. But, still email blocking due to CASE. Any advice ? Thanks in advance.

 

Message 123456 scanned by Anti-Spam engine: CASE. Interim verdict: Positive
Message 123456 scanned by Anti-Spam engine: CASE. Final verdict: Positive
Message 123456 aborted: Dropped by CASE
Message 123456 Delivery Status: DROPPED

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
tsilveruits
Level 1
Level 1

‎10-21-2021 01:31 PM - edited ‎10-21-2021 01:35 PM

Your anti-spam settings are dropping positive spam. Review the anti-spam settings in your incoming mail policies. You could define an incoming mail policy for trusted senders (mail addresses or domain) or use the HAT to designate a TRUSTED group of external senders (IPs/domains) that you accept and do not perform a spam scan. Another option would be to adjust the positive spam score threshold, but that would apply to all senders, so that may not be ideal. I'd suggest starting with one of the other two options. And adding the address to safe senders isn't applicable because the anti-spam evaluation drops the email. If it were passing it through and the action were to send it to quarantine, not drop, then the safe senders would be applicable. Unfortunately, the email is dropped before it even gets to the quarantine in this case. Oh, and you could report the false positive to Cisco (ham@access.ironport.com) (see Document ID 214133).

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Ken Stieers
VIP
VIP

‎10-18-2021 01:40 PM

Check your processing of SPAM mails. You're probably telling it to drop all positively identified spam.
I'm pretty sure that the safelist get applied when stuff hits quarantine... if you don't quarantine, the safelist doesn't get processed.

Go to solution
Vinay babu
Level 1
Level 1
In response to Ken Stieers

‎10-22-2021 05:10 AM

Many thanks Ken and tsilveruits.

0 Helpful

Go to solution
tsilveruits
Level 1
Level 1

‎10-21-2021 01:31 PM - edited ‎10-21-2021 01:35 PM

Your anti-spam settings are dropping positive spam. Review the anti-spam settings in your incoming mail policies. You could define an incoming mail policy for trusted senders (mail addresses or domain) or use the HAT to designate a TRUSTED group of external senders (IPs/domains) that you accept and do not perform a spam scan. Another option would be to adjust the positive spam score threshold, but that would apply to all senders, so that may not be ideal. I'd suggest starting with one of the other two options. And adding the address to safe senders isn't applicable because the anti-spam evaluation drops the email. If it were passing it through and the action were to send it to quarantine, not drop, then the safe senders would be applicable. Unfortunately, the email is dropped before it even gets to the quarantine in this case. Oh, and you could report the false positive to Cisco (ham@access.ironport.com) (see Document ID 214133).

0 Helpful
Customers Also Viewed These Support Documents