09-30-2015 08:56 AM
I am receiving TONS of complaints since upgrading to 9.6.0-051 that SPAM is being allowed through dramatically. I am lowering the SPAM thresholds for our clients (MAIL POLICIES) all the time now (and we have hundreds of clients).
Has anything happened with the latest release of AsyncOS that has screwed up the SPAM scanning engine or is there something new that needs to be done? This is crazy how much SPAM is getting through now.
09-30-2015 09:03 AM
Hi Joshua,
Which version were you running before? I would suggest to open a TAC ticket as soon as possible, and to submit as much missed spam as you can. You can either use the Outlook Plugin to submit, or you can send missed spam as attachment to spam@access.ironport.com. Please don't just forward messages, as that doesn't include the headers and connection information our spam analysis engines need.
Thank you!
09-30-2015 09:06 AM
9.6.0-049 (previous official release). I keep them updated as they are released to the general public. I already have a TAC case open. I was more wondering if something changed fundamentally with the SPAM scanning engines or the rules. I download the rules often when I see they are out of date even though they are set to download and apply every hour.
09-30-2015 09:11 AM
No, nothing changed - usually it wouldn't change between two minor revisions. I would suspect something went wrong with your rulesets - I'm just speculating here, you should really talk to TAC and potentially ask for escalation to an Escalation Engineer.
09-30-2015 09:15 AM
Normally I would agree with you except I already have a TAC case open and went through the SPAM ruleset and no issues were found.
What seems to be fixing the issue is changing the 80/40 (Positively/Suspect) to 70/30 but its a pain to do for every client (over hundreds) on two clusters with the wonderful speed of the GUI (web frontend) taking 5 minutes to open each client.
09-30-2015 09:28 AM
That's definitely not normal behavior - make sure you get it thoroughly investigated and escalated as necessary. Reach out to your Cisco Security Consulting Systems Engineer for advice and monitoring of the ticket.
Thanks for your patience :)
09-30-2015 10:17 AM
Will do, thanks for the replies and taking the time to answer!
:)
09-30-2015 10:23 AM
I figured what the heck, and escalated the TAC case
09-30-2015 11:57 AM
TAC escalation did indeed find the SPAM CORE definitions were not in date EVEN though they show current in the GUI. Apparently they broke at point of upgrade and never actually applied since the upgrade even though they were going out to Cisco's site and pulling them down.
Thanks Cisco, another great job on your software!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide