Hi Dear Support
I am using vESA C600v with AsyncOS 13.5.1-277 and the problem is, can't get SBRS Score from all email senders. Therefore, all emails match to the none, according to HAT configuration & goes to the Quarantine as a spams.
I check following items & everything seems ok:
-DNS via Dig & nslookup.
-Feature keys updated.
-Reputation engines ok & updated periodically.
-Firewall configuration for necessary IP's & Ports.
-DNS Parameters (MX, PTR, SPF, DMARC, DKIM) ok.
-TLS/SSL Also used.
Also I can send/receive emails without any problem. Please help me, how to diagnosis the problem & what to do for troubleshooting to find the reason and solve this problem.
Please refer to the firewall section in the ESA end user guide and ensure port 443 traffic is allowed as below.
For IP -based firewall:
These hosts are different starting Async OS 13.5.1.
If these are already allowed and you still see issues pulling a reputation score from Talos, I would recommend putting in a TAC case to look at any possible issues with the engine or services.
Thanks for your fast reply. I describe the situation for you & i hope you tell me, some basic diagnostic steps for better troubleshooting this problem like checking some IP Addresses by "traceroute" command or looking inside some Log files or trying to resolve some IP/Web Addresses via "dig" or "nslookup" command in CLI mode or some way for verification of the DNS service of ESA, before opening a TAC as your last recommendation.
By the way, is it possible i use "trace" command for simulating incoming email to my ESA for gathering more information to better understanding the problem?
Best Regards, Group2xxx
I would recommend using telnet to verify connectivity to the cloud servers.
telnet serviceconfig.talos.cisco.com 443
telnet grpc.talos.cisco.com 443
telnet email-sender-ip-rep-grpc.talos.cisco.com 443
Thanks for fast answer. I use Telnet as your recommendation for connecting to those IP Addresses via 443 & i connect successfully without any problem, but still i can't get Score for SBRS.
Since the connectivity is working, I would say put in a TAC case to get this checked further.
They may require remote access to the appliance to investigate further.