About Greg Hopp

Greg Hopp · 05-23-2023

I have a virtual ESA with a geolocation inbound content filter as the 3rd filter from the top of the list. It doesn't work and only sporadically when it does. Since we are a community-based firm, we would like to quarantine all email that isn't com...

Greg Hopp · 07-11-2018

I want to block all domains that end in .bid, .top and others. I'm ok if they never make it to the various engines for processing and are dropped during the initial SMTP handshake. How best to accomplish? I put .bid in the RAT with a reject, but I'...

Greg Hopp · 12-04-2017

I have a phishing training vendor who wants to send us email with file attachments. The attachments contain VB code that makes my Ironport's AMP service think they are malicious. The attachments get uploaded to a sandbox for analysis, test positive...

Greg Hopp · 02-20-2017

I am constantly getting this warning on my C170 ESA: The Warning message is: 75% of the disk quota for Miscellaneous services(logs, configuration file, and so on) is used. You can either increase the disk quota for Miscellaneous services or manuall...

Greg Hopp · 10-21-2015

C170 ESA Ironport:So I created a disclaimer on our inbound network listener that brands every email coming thru that listener with a warning that it comes from outside the org.However, that now breaks smime encrypted email that I get from my IPS/IDS ...

Greg Hopp · 05-24-2023

Another and better way to accomplish the same goal - thanks. If I may ask, how do you handle exceptions? I'm U.S. based and we have a couple of vendors in the UK and CA so I can't geoblock the country entirely. Add their domain to Allowed in HAT?

Greg Hopp · 07-31-2018

Greg Hopp · 07-11-2018

Very good. I've created the message filter. Because I have a bunch of them, I'll probably convert this to a dictionary and add them all there. I'll monitor for success, thanks for the fast reply. GrH

Greg Hopp · 12-12-2017

Libin, That did the trick, thanks. I was focused on Content Filters and sorta forgot about creating a new policy. My solution was to create a policy that skips ALL scans: anti-Spam, anti-Virus, AMP, Graymail, Content & Outbreak filters in order to ...

Greg Hopp · 12-04-2017

For the record, NDR stands for Non-Delivery Report (NDR) in this context.

Member Since	‎12-14-2011 10:03 AM
Date Last Visited	‎05-30-2023 10:48 AM
Posts	37
Total Helpful Votes Received	2

User Statistics

User Activity

Geolocation content filter works rarely

Best practice to block TLDs on ESA

Bypass ESA AMP for Sender

System files eating up all my space

Network Listener Disclaimer Breaks SMime emails

Re: Geolocation content filter works rarely

Re: Best practice to black TLDs on ESA

Re: Best practice to black TLDs on ESA

Re: Bypass ESA AMP for Sender

Re: Thanks a lot