Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
I have a virtual ESA with a geolocation inbound content filter as the 3rd filter from the top of the list. It doesn't work and only sporadically when it does. Since we are a community-based firm, we would like to quarantine all email that isn't com...
I want to block all domains that end in .bid, .top and others. I'm ok if they never make it to the various engines for processing and are dropped during the initial SMTP handshake. How best to accomplish?
I put .bid in the RAT with a reject, but I'...
I have a phishing training vendor who wants to send us email with file attachments. The attachments contain VB code that makes my Ironport's AMP service think they are malicious. The attachments get uploaded to a sandbox for analysis, test positive...
I am constantly getting this warning on my C170 ESA:
The Warning message is:
75% of the disk quota for Miscellaneous services(logs, configuration file, and so on) is used. You can either increase the disk quota for Miscellaneous services or manuall...
C170 ESA Ironport:So I created a disclaimer on our inbound network listener that brands every email coming thru that listener with a warning that it comes from outside the org.However, that now breaks smime encrypted email that I get from my IPS/IDS ...
Another and better way to accomplish the same goal - thanks. If I may ask, how do you handle exceptions? I'm U.S. based and we have a couple of vendors in the UK and CA so I can't geoblock the country entirely. Add their domain to Allowed in HAT?
Very good. I've created the message filter. Because I have a bunch of them, I'll probably convert this to a dictionary and add them all there. I'll monitor for success, thanks for the fast reply.
GrH
Libin,
That did the trick, thanks. I was focused on Content Filters and sorta forgot about creating a new policy. My solution was to create a policy that skips ALL scans: anti-Spam, anti-Virus, AMP, Graymail, Content & Outbreak filters in order to ...
