RE: Many SPAM with Sophos Email Appliance

Riccardo Campagnaro — Tue, 20 Nov 2018 02:01:04 GMT

Thank you for the response , Red_Warrior!

I'm checking the spam rules, in anycase i put the ips of these emails in blacklist.

Bye

RE: Many SPAM with Sophos Email Appliance

Red_Warrior — Wed, 31 Oct 2018 11:39:26 GMT

Hi Riccardo,

I did up a best practice kb for spam rules, please have a look here : https://community.sophos.com/kb/en-us/120802

Another thing to note is the appliance has a powerful feature called delay queue, this feature does require 10.5 days in collect mode before it can be activated. It is specifically designed to detect snowshoe spam.

Other factors that may cause issues are : if the firewall is not redirecting port 25 directly to the appliance, any upstream email appliances or load balancers. These devices can prohibit the MTA from connecting to the appliance directly. When this happens blacklisted ips may not be detected by the blocker service.

Ensure the appliance is not been filtered by a webfilter as it performs real-time dns look ups and frequent updates that may be blocked.

you can also submit samples direct to labs with the outlook plugin or by creating a new email, drag and drop the spam as a .eml attachment into a new message and send it to is-spam@labs.sophos.com .. this is an automated emailbox that tracks spam.