cancel
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
5277
Views
5
Helpful
3
Replies

How to fix email dropped by CASE ?

Vinay babu
Level 1
Level 1

How to fix email dropped by CASE, please find the message tracking as below ?

I have safelisted the sender email address in recipients' spam safelist. But, still email blocking due to CASE. Any advice ? Thanks in advance.

 

Message 123456 scanned by Anti-Spam engine: CASE. Interim verdict: Positive
Message 123456 scanned by Anti-Spam engine: CASE. Final verdict: Positive
Message 123456 aborted: Dropped by CASE
Message 123456 Delivery Status: DROPPED

1 Accepted Solution

Accepted Solutions

tsilveruits
Level 1
Level 1

Your anti-spam settings are dropping positive spam. Review the anti-spam settings in your incoming mail policies. You could define an incoming mail policy for trusted senders (mail addresses or domain) or use the HAT to designate a TRUSTED group of external senders (IPs/domains) that you accept and do not perform a spam scan. Another option would be to adjust the positive spam score threshold, but that would apply to all senders, so that may not be ideal. I'd suggest starting with one of the other two options. And adding the address to safe senders isn't applicable because the anti-spam evaluation drops the email. If it were passing it through and the action were to send it to quarantine, not drop, then the safe senders would be applicable. Unfortunately, the email is dropped before it even gets to the quarantine in this case. Oh, and you could report the false positive to Cisco (ham@access.ironport.com) (see Document ID 214133).

View solution in original post

3 Replies 3

Check your processing of SPAM mails. You're probably telling it to drop all positively identified spam.
I'm pretty sure that the safelist get applied when stuff hits quarantine... if you don't quarantine, the safelist doesn't get processed.

Many thanks Ken and tsilveruits.

tsilveruits
Level 1
Level 1

Your anti-spam settings are dropping positive spam. Review the anti-spam settings in your incoming mail policies. You could define an incoming mail policy for trusted senders (mail addresses or domain) or use the HAT to designate a TRUSTED group of external senders (IPs/domains) that you accept and do not perform a spam scan. Another option would be to adjust the positive spam score threshold, but that would apply to all senders, so that may not be ideal. I'd suggest starting with one of the other two options. And adding the address to safe senders isn't applicable because the anti-spam evaluation drops the email. If it were passing it through and the action were to send it to quarantine, not drop, then the safe senders would be applicable. Unfortunately, the email is dropped before it even gets to the quarantine in this case. Oh, and you could report the false positive to Cisco (ham@access.ironport.com) (see Document ID 214133).

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: