Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 2 subscribers
  • Views 6432 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Some Replies From Clients to Emails We Sent Are Being Quarantined

LRSpartan

Some replies from clients to emails we sent are being quarantined. How do I correct this? Does the system learn what addresses we are sending to or anything? Our users are having to manually approve the sender which is not what we had expected of the system. Our old one (OnlyMyEmail) would learn from our patterns. 

 

Thanks,

John



This thread was automatically locked due to age.
  • 0

    Hi John,

    The appliance flags all outbound email it sends with an Xheader..  You should be able to view source on the email and see it.  In regards to quarantining messages you will need to find the email in the browser, left click on it and check for the reason..   It may say something like, spam / high spam, or spam, rule X .. For reference here is my KB on the the best spam settings:

     

    please also note, if this is a new deployment and you have enabled delay queue, the appliance will still be set in collect mode for the first 10.3 days. or 1M seconds.  (in a sense the appliance will understand who is connecting and who is relaying good or bad emails, but the database needs to complete the learning time before you can set it to enforce)

     

    https://community.sophos.com/kb/en-us/120802

     

    if you are haing a p1 type issue with a domain and need an immediate fix, assuming its a spam rule.. just open the affected rule and under the senders tab add the domain in question @mydomain.com from the excluded senders tab (this is not recommended as a "fix" but will allow mail to pass in the case of a false positive) 

     

    If you are unable to track down the rule or need additional help, I recommend you open a support case in case they need to collect samples and or review logs. 

  • 0 in reply to Red_Warrior

    Hi RW,

     

    Thank you for your help and I will review the KB. We are a new deployment and nearing the ten day window.

     

    John

  • 0 in reply to LRSpartan

    No problem at all, just with delay-queue .. only set it to ON or COLLECT .. never turn it off or it will have to re-learn. 

    the other common one is to add your own domain to the block list so the appliance will reject mail from external IPs with your own domain. 

    community.sophos.com/.../118845

     

Unfiltered HTML