Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1407
Views
0
Helpful
5
Replies

SBRS & DNS Verification order of inspection

Greg.Howley
Level 1
Level 1

‎10-13-2015 11:13 AM

I have a mailflow policy for mail with SBRS scores of < 0.0 called Suspect.

I also have a policy for SBRS >0.0 & <2.0  that also looks for Connecting host PTR record does not exist in DNS and
Connecting host reverse DNS lookup (PTR) does not match the forward DNS lookup (A). called Greylist.

Lastly, I have a third policy for anything >0.0 with no other criteria called Unknownlist.

 

It appears that any incoming mail that matches the DNS constraints gets the Greylist policy applied, regardless of SBRS score.

 

How can I make the SBRS the primary criteria?

Labels:
0 Helpful
5 Replies 5

Hrvoje (Harry) Dogan
Cisco Employee
Cisco Employee

‎10-13-2015 06:54 PM

Hi Greg,

Sender groups are matched top-down. You should place your Sender Group containing DNS matching *under* any other Sender Groups utilizing SBRS. Sender definitions in a sender group are "or"-ed, not "and"-ed. 

0 Helpful

Greg.Howley
Level 1
Level 1
In response to Hrvoje (Harry) Dogan

‎10-15-2015 01:09 PM

From top down, it goes Blacklist (sbrs<-3.0), suspect (-2.9 to -0.1) greylist (0 to 2, with DNS matching) and accept (>0.0, no matching).

 

An email with a -2.2 rating is getting the greylist policy applied, according to the logs:

(ICID 114750437) ACCEPT sender group GREYLIST match not.double.verified SBRS -2.2

 

We aren't taking any action on the greylist, it was supposed to be for reporting purposes first, then decide what action to take based on results.

 

0 Helpful

Mathew Huynh
Cisco Employee
Cisco Employee
In response to Greg.Howley

‎10-15-2015 06:16 PM

Hey Greg,

 

From the matching, it looks like it matched under the "DNS" not double verified instead of SBRS as per your setup you provided.

Can i please ask if you could share the configuration (you may remove certain sensitive information) or just print screen your GUI on the HAT screen so we can have a look.

 

Regards,

Matthew

0 Helpful

Greg.Howley
Level 1
Level 1
In response to Mathew Huynh

‎10-16-2015 05:41 AM

screencap attached.

Preview file
92 KB
0 Helpful

Mathew Huynh
Cisco Employee
Cisco Employee
In response to Greg.Howley

‎10-21-2015 10:11 PM

Hey Greg,


Interesting that you're seeing that, generally it would be top-down ; but from what I  can see and suspect is the DNS verification action takes part (before SBRS is retrieved) and as it was double unverified first this matched.

 

However I'll see if I can find some documentation on this.


Regards,

Matthew

0 Helpful
Customers Also Viewed These Support Documents