01-31-2021 10:41 AM - edited 01-31-2021 10:43 AM
Hi Dear Support
I am using vESA C600v with AsyncOS 13.5.1-277 and the problem is, can't get SBRS Score from all email senders. Therefore, all emails match to the none, according to HAT configuration & goes to the Quarantine as a spams.
I check following items & everything seems ok:
-DNS via Dig & nslookup.
-License validation.
-Feature keys updated.
-Reputation engines ok & updated periodically.
-Firewall configuration for necessary IP's & Ports.
-DNS Parameters (MX, PTR, SPF, DMARC, DKIM) ok.
-TLS/SSL Also used.
Also I can send/receive emails without any problem. Please help me, how to diagnosis the problem & what to do for troubleshooting to find the reason and solve this problem.
Best Regards
02-01-2021 02:52 AM
Please refer to the firewall section in the ESA end user guide and ensure port 443 traffic is allowed as below.
serviceconfig.talos.cisco.com
grpc.talos.cisco.com
email-sender-ip-rep-grpc.talos.cisco.com
For IP -based firewall:
146.112.62.0/24
146.112.63.0/24
146.112.255.0/24
146.112.59.0/24
2a04:e4c7:ffff::/48
2a04:e4c7:fffe::/48
These hosts are different starting Async OS 13.5.1.
If these are already allowed and you still see issues pulling a reputation score from Talos, I would recommend putting in a TAC case to look at any possible issues with the engine or services.
Regards,
Libin
02-01-2021 07:44 AM
Hi Libin
Thanks for your fast reply. I describe the situation for you & i hope you tell me, some basic diagnostic steps for better troubleshooting this problem like checking some IP Addresses by "traceroute" command or looking inside some Log files or trying to resolve some IP/Web Addresses via "dig" or "nslookup" command in CLI mode or some way for verification of the DNS service of ESA, before opening a TAC as your last recommendation.
By the way, is it possible i use "trace" command for simulating incoming email to my ESA for gathering more information to better understanding the problem?
Best Regards, Group2xxx
02-02-2021 04:31 AM
I would recommend using telnet to verify connectivity to the cloud servers.
telnet serviceconfig.talos.cisco.com 443
telnet grpc.talos.cisco.com 443
telnet email-sender-ip-rep-grpc.talos.cisco.com 443
Regards,
Libin
02-05-2021 08:36 PM
Hi Libin
Thanks for fast answer. I use Telnet as your recommendation for connecting to those IP Addresses via 443 & i connect successfully without any problem, but still i can't get Score for SBRS.
Best Regards
02-08-2021 03:10 AM
Since the connectivity is working, I would say put in a TAC case to get this checked further.
They may require remote access to the appliance to investigate further.
Regards,
Libin
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: