The last 3 days we have experinced some problems with email. I found that on Tuesday our IronPort C360 sent out about 600K emails. This was reported as a DHA. Today I have been trying to figure out how to stop the emails from going out. I'm not really sure where to start since this is new to me, but the emails are being sent from subdomains of the ".ru" domain:
I'm sure there are other variations of the domain, and I have even seen others. This has been going on for about 3 days now, and users are now seeing emails not going out. We just got blacklisted today. I sent 3 emails to my personal accounts and only recieved 1 of them about 1 hour later.
So, I was able to figure out how to expedite the process. The total messages to be processed was around 600k. In order to allow this to go quicker adnto get it over with, I changed the settings for the bounce profile to the lowest settings possible. This essentially stopped retrying any failed send requests and immediately sent notifications to users with failed requests. This allowed the process to complete in about 2 hours. After the DHA was complete I was able to set the bounce profile to it's defaults and it was business as usual.
Still I have an issue with being blacklisted, but we are on only 1 blacklist so it is not critical. Since this is our first blacklist the wait time is about 48 hours. The down side is that the host SORBS-SPAM is not very responsive so I am guessing I will have to wait the whole time. Also, you can optionally release the blacklist yourself, but it has to come from the same IP address that was blacklisted, and this is not possible from the IronPort.
@Rob Ingram @balaji.bandi @Marius Gunnerud Hi Guys, Does ASA saves any logs by default? logs means if some sort suspicious activity happen within network and we want to see what Firewall saw at that time.I...
Attackers will always target the "low hanging fruit": devices that have passed end-of-software maintenance and end-of-support. A few years ago, Cisco described the evolution of attacks against infrastructure devices. All of the attacks discussed in t...
I somehow stumbled upon Cisco's IBNS 2.0 Auto Identity (AI) templates in my CML/VIRL IOSv layer2 image (IOS 15.2(6)).
I find these templates great, because these are the best practices that we tend to hard-code manually - e.g there are...
Hello. Thanks in advance for any input. I have just spun up a Cisco ISE lab and having some issues with the certificates. I created a self-signed certificate to be used with EAP and admin. DNS name of ise1.example.local points to the ...
Cisco Identity Services Engine (ISE) gives you intelligent Integrated protection through intent-based policy and compliance solution. Cisco ISE supports posturing of endpoints with different Anyconnect deployment methods so far. With increas...