01-18-2011 06:46 AM
HI,
A lot of pornographic mails are passing through our C370 and users send them back to me in a special mailbox.
I would like to create an incoming mail policy and add all the incoming domain of the pornographic mail to drop them afterwards.
I think it's going to be a long list of domain after a while and I was wondering if the C370 was going to be able to handle this and also if that was a good way to do it.
Any advice
Thank you
Arnaud
Solved! Go to Solution.
01-25-2011 06:54 AM
Hello Arnaud,
You should be able to do this without too much difficulty however that is going to depend on how many domains your talking about. Placing the domains or a list of domain into a policy as you described would not create and form of extreme load on the appliance however if you have a very large list containing hundreds of domains this could become somewhat difficult to manage. The bigger question to ask here is why are the messages getting in to start with. It would be much for advantageous to let the appliance do the work for you. While image analysis does exist this method of scanning is somewhat new so relying upon that alone may not be the best option. Typically the messages that include this type of media originate from IP addresses that already have a poor SBRS score. These messages also typically include content that would be flagged as spam.
I would recommend a review of the messages your seeing using the mail logs and the message data, as well as your configuration. If this is not due to a configuration issue and your antispam signatures are up to date, the next step would be getting copies of these messages submitted to us for further analysis.
How do I report IronPort Anti-Spam false positives or missed spam?
To send a missed spam or message incorrectly marked as "not-spam" email to IronPort Systems for examination, there are a number of ways to submit messages.
Note: Unless submitted through a plug-in (MS Outlook, not MS Outlook Express), messages forwarded must be RFC-822 compliant attachments. Forwards of previously forwarded messages cannot be processed at this time.
Each message is reviewed by a team of human analysts and used to enhance the accuracy and effectiveness of the product.
Once we receive submissions from a customer or from other sources, these messages are passed through automated classification systems that makes use of our latest rule set. If these messages are tagged by the new rule-set as spam, they are classified as such. Due to a delay in receiving samples and generating rules, many of the missed-spam messages usually have rules published between the time they are received by our customers and reported to us.
There are some messages that are part of new spam trends or new variants that are sufficiently different or new spam strains that are not classified by automated systems. Basically, any messages that are held for classification due to some mitigating factors are held for human review. We attempt to get to these messages within 2-3 hours of them being injested into the corpus.
Note: Although every report sent as an RFC-822 attachment to this address will be reviewed, most submissions will not receive an actual physical reply from IronPort.
Christopher C Smith
CSE
Cisco IronPort Customer Support
01-25-2011 06:54 AM
Hello Arnaud,
You should be able to do this without too much difficulty however that is going to depend on how many domains your talking about. Placing the domains or a list of domain into a policy as you described would not create and form of extreme load on the appliance however if you have a very large list containing hundreds of domains this could become somewhat difficult to manage. The bigger question to ask here is why are the messages getting in to start with. It would be much for advantageous to let the appliance do the work for you. While image analysis does exist this method of scanning is somewhat new so relying upon that alone may not be the best option. Typically the messages that include this type of media originate from IP addresses that already have a poor SBRS score. These messages also typically include content that would be flagged as spam.
I would recommend a review of the messages your seeing using the mail logs and the message data, as well as your configuration. If this is not due to a configuration issue and your antispam signatures are up to date, the next step would be getting copies of these messages submitted to us for further analysis.
How do I report IronPort Anti-Spam false positives or missed spam?
To send a missed spam or message incorrectly marked as "not-spam" email to IronPort Systems for examination, there are a number of ways to submit messages.
Note: Unless submitted through a plug-in (MS Outlook, not MS Outlook Express), messages forwarded must be RFC-822 compliant attachments. Forwards of previously forwarded messages cannot be processed at this time.
Each message is reviewed by a team of human analysts and used to enhance the accuracy and effectiveness of the product.
Once we receive submissions from a customer or from other sources, these messages are passed through automated classification systems that makes use of our latest rule set. If these messages are tagged by the new rule-set as spam, they are classified as such. Due to a delay in receiving samples and generating rules, many of the missed-spam messages usually have rules published between the time they are received by our customers and reported to us.
There are some messages that are part of new spam trends or new variants that are sufficiently different or new spam strains that are not classified by automated systems. Basically, any messages that are held for classification due to some mitigating factors are held for human review. We attempt to get to these messages within 2-3 hours of them being injested into the corpus.
Note: Although every report sent as an RFC-822 attachment to this address will be reviewed, most submissions will not receive an actual physical reply from IronPort.
Christopher C Smith
CSE
Cisco IronPort Customer Support
02-14-2011 06:25 AM
Christopher,
Thanks for your answer.
I think I might use content filters associated with a dictionnary contening spécific words found in pornographic mails
Thanks
Regards
Arnaud
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide