Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4000
Views
10
Helpful
5
Replies

SBRS Score: unable to retrieve

group2xxx
Level 1
Level 1

‎01-31-2021 10:41 AM - edited ‎01-31-2021 10:43 AM

 

Hi Dear Support

 
I am using vESA C600v with AsyncOS 13.5.1-277 and the problem is, can't get SBRS Score from all email senders. Therefore, all emails match to the none, according to HAT configuration & goes to the Quarantine as a spams.
I check following items & everything seems ok:


-DNS via Dig & nslookup.
-License validation.
-Feature keys updated.
-Reputation engines ok & updated periodically.
-Firewall configuration for necessary IP's & Ports.
-DNS Parameters (MX, PTR, SPF, DMARC, DKIM) ok.
-TLS/SSL Also used.

 

Also I can send/receive emails without any problem. Please help me, how to diagnosis the problem & what to do for troubleshooting to find the reason and solve this problem.

 

Best Regards

1 person had this problem
Labels:
5 Replies 5

Libin Varghese
Cisco Employee
Cisco Employee

‎02-01-2021 02:52 AM

Please refer to the firewall section in the ESA end user guide and ensure port 443 traffic is allowed as below.

 

serviceconfig.talos.cisco.com

grpc.talos.cisco.com

email-sender-ip-rep-grpc.talos.cisco.com

For IP -based firewall:

146.112.62.0/24

146.112.63.0/24

146.112.255.0/24

146.112.59.0/24

2a04:e4c7:ffff::/48

2a04:e4c7:fffe::/48

 

https://www.cisco.com/c/en/us/td/docs/security/esa/esa13-5-1/user_guide/b_ESA_Admin_Guide_13-5-1/b_ESA_Admin_Guide_12_1_appendix_0101111.html

 

These hosts are different starting Async OS 13.5.1.

If these are already allowed and you still see issues pulling a reputation score from Talos, I would recommend putting in a TAC case to look at any possible issues with the engine or services.

 

Regards,

Libin

0 Helpful

group2xxx
Level 1
Level 1

‎02-01-2021 07:44 AM

Hi Libin

Thanks for your fast reply. I describe the situation for you & i hope you tell me, some basic diagnostic steps for better troubleshooting this problem like checking some IP Addresses by "traceroute" command or looking inside some Log files or trying to resolve some IP/Web Addresses via "dig" or "nslookup" command in CLI mode or some way for verification of the DNS service of ESA, before opening a TAC as your last recommendation.

By the way, is it possible i use "trace" command for simulating incoming email to my ESA for gathering more information to better understanding the problem? 

 

Best Regards, Group2xxx

0 Helpful

Libin Varghese
Cisco Employee
Cisco Employee

‎02-02-2021 04:31 AM

I would recommend using telnet to verify connectivity to the cloud servers.

 

telnet serviceconfig.talos.cisco.com 443

telnet grpc.talos.cisco.com 443

telnet email-sender-ip-rep-grpc.talos.cisco.com 443

 

Regards,

Libin

0 Helpful

group2xxx
Level 1
Level 1
In response to Libin Varghese

‎02-05-2021 08:36 PM

Hi Libin

Thanks for fast answer. I use Telnet as your recommendation for connecting to those IP Addresses via 443 & i connect successfully without any problem, but still i can't get Score for SBRS.

 

Best Regards

0 Helpful

Libin Varghese
Cisco Employee
Cisco Employee

‎02-08-2021 03:10 AM

Since the connectivity is working, I would say put in a TAC case to get this checked further.

They may require remote access to the appliance to investigate further.

 

Regards,

Libin

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents