cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Cisco Secure Email Support Community

Product Support Talos Support Cisco Support Reference + Current Release
Gateway Reputation Lookup Open a support case Secure Email Guided Setup
Gateway: 14.0.1-033
Cloud Gateway Email Status Portal Support & Downloads docs.ces.cisco.com
Email and Web Manager: 14.1.0-227
Email and Web Manager Web & Email Reputation Worldwide Contacts Product Naming Quick Reference
Reporting Plug-in: 1.1.0.136
Encryption Bug Search
Encryption Plug-in: 1.2.1.167
Cloud Mailbox Notification Service
Outlook Add-in(s): More info

464
Views
5
Helpful
3
Replies
Vinay babu
Beginner

How to fix email dropped by CASE ?

How to fix email dropped by CASE, please find the message tracking as below ?

I have safelisted the sender email address in recipients' spam safelist. But, still email blocking due to CASE. Any advice ? Thanks in advance.

 

Message 123456 scanned by Anti-Spam engine: CASE. Interim verdict: Positive
Message 123456 scanned by Anti-Spam engine: CASE. Final verdict: Positive
Message 123456 aborted: Dropped by CASE
Message 123456 Delivery Status: DROPPED

1 ACCEPTED SOLUTION

Accepted Solutions
tsilveruits
Beginner

Your anti-spam settings are dropping positive spam. Review the anti-spam settings in your incoming mail policies. You could define an incoming mail policy for trusted senders (mail addresses or domain) or use the HAT to designate a TRUSTED group of external senders (IPs/domains) that you accept and do not perform a spam scan. Another option would be to adjust the positive spam score threshold, but that would apply to all senders, so that may not be ideal. I'd suggest starting with one of the other two options. And adding the address to safe senders isn't applicable because the anti-spam evaluation drops the email. If it were passing it through and the action were to send it to quarantine, not drop, then the safe senders would be applicable. Unfortunately, the email is dropped before it even gets to the quarantine in this case. Oh, and you could report the false positive to Cisco (ham@access.ironport.com) (see Document ID 214133).

View solution in original post

3 REPLIES 3
Ken Stieers
Advocate

Check your processing of SPAM mails. You're probably telling it to drop all positively identified spam.
I'm pretty sure that the safelist get applied when stuff hits quarantine... if you don't quarantine, the safelist doesn't get processed.

Many thanks Ken and tsilveruits.

tsilveruits
Beginner

Your anti-spam settings are dropping positive spam. Review the anti-spam settings in your incoming mail policies. You could define an incoming mail policy for trusted senders (mail addresses or domain) or use the HAT to designate a TRUSTED group of external senders (IPs/domains) that you accept and do not perform a spam scan. Another option would be to adjust the positive spam score threshold, but that would apply to all senders, so that may not be ideal. I'd suggest starting with one of the other two options. And adding the address to safe senders isn't applicable because the anti-spam evaluation drops the email. If it were passing it through and the action were to send it to quarantine, not drop, then the safe senders would be applicable. Unfortunately, the email is dropped before it even gets to the quarantine in this case. Oh, and you could report the false positive to Cisco (ham@access.ironport.com) (see Document ID 214133).

View solution in original post

Create
Recognize Your Peers
Polls
Which of these topics should we host an event in the Community?

Top Choice: pxGrid (36%)

Content for Community-Ad