Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 39 replies
  • Subscribers 1 subscriber
  • Views 170698 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Email Appliance - Spam still getting through

jadedmia
We are using Sophos Email Appliance (latest patch) and according to Sophos we have everything configured the best way to block spam. Still continuing to recieve spam to users inboxes. Really blatant stuff like free gift cards and things like that. Anyone have any ideas on how to stop it? It seems like since about Febuary 2014 a lot more spam is getting through and being marked in the logs as legitimate. I have checked the allow lists and I don't have anything listed that it could be bypassing the policies.

Any help would be greatly appreciated because it seems to be from Sophos's last correspondence that they are basically unwilling to help any further.

James
:53647


This thread was automatically locked due to age.
Parents
  • 0

    I've noticed that these emails all come in from the same /24 netblock each day, the spammer just picks 5 IP's at a time from the range, blast out the spam using these 5 IP's for about 20 minutes and then stops and moves on to another 5 IP addresses from the same netblock for the next message.

    I've resorted to blocking the whole /24 each time I see a new spam message come in, by using Configuration\Policy\Allow/Block lists. I dump the /24 of the first message I see to a txt file and upload the file to the Hosts tab.  This works to keep the bulk of the messages out.  My only hope is that there isn't a maximum number of IP's you can block on the appliance.  I also check the /24 in Angry IP Scanner to verify it isn't a legitimate site based on the DNS query response.

    I've been on hold now for 1.5hrs with Technical Support trying to get the "Delayed Queue Readiness" option turned on.

    :57121
Reply
  • 0

    I've noticed that these emails all come in from the same /24 netblock each day, the spammer just picks 5 IP's at a time from the range, blast out the spam using these 5 IP's for about 20 minutes and then stops and moves on to another 5 IP addresses from the same netblock for the next message.

    I've resorted to blocking the whole /24 each time I see a new spam message come in, by using Configuration\Policy\Allow/Block lists. I dump the /24 of the first message I see to a txt file and upload the file to the Hosts tab.  This works to keep the bulk of the messages out.  My only hope is that there isn't a maximum number of IP's you can block on the appliance.  I also check the /24 in Angry IP Scanner to verify it isn't a legitimate site based on the DNS query response.

    I've been on hold now for 1.5hrs with Technical Support trying to get the "Delayed Queue Readiness" option turned on.

    :57121
Children
No Data
Unfiltered HTML