11-09-2017 03:06 AM - edited 03-08-2019 07:27 PM
This is an on-going problem with the ESA IronPort units over the last few years since it has been acquired. It used to work great, now we have ongoing periods where it is almost like the device isn't even on.
Image spam, viagra spam, get rich spam, drug and alcohol rehab, and weight loss message come in fast and furious. I have had multiple teams at Cisco do an analysis on our devices and say it is as suggested. Yet we constantly get these periods where for 2-4 days we get flooded with spam. It goes away, and a month later all happens again.
The amount of funding, lending, and fake invoice emails is dizzying.
On a regular basis, we get far more spam than we used to under the IronPort brand, it has been getting so bad I am seriously considering other solutions.
11-09-2017 04:49 AM
Sorry to hear you are having issues. What version of AsyncOS is running on your appliance(s)? Do you have a past case (SR) that was opened with Cisco TAC that I can review for you, get a little further background on? Have you submitted samples into our Corpus (spam@access.ironport.com)?
Also see - ESA FAQ: How to submit email messages to Cisco
Are you running multiple inbound mail policies? Do you have IPAS, Cloudmark, or Multiscan enabled for antispam? Running default rules, or adjusted to try and combat incoming spam?
Feel free to message me direct with SR info.
11-09-2017 05:46 AM
This sudden surge of spam waves is annoying, sometimes we have only about 10k mails/24 hours, sometimes it's increasing to 150k/24 hours with no obvious reason.
I would recommend using Geolocation blocking (new in v11). You could block many countries if you're not doing business there (we blocked most countries from Eastern Europe, Middle East, South/Middle America and Africa.
Plus we have a dictionary of SPAM words (about 600 entries), which catches obvious spam.
11-09-2017 06:00 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide