This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Legitimate Gmail/Yahoo emails are almost always quarantined, how can I stop this?

Hello, 

I'm relatively new to the Sophos environment so I figure I am just skipping over something, but I've been googling for weeks and haven't been coming up with much.

The company I work for uses the virtual Sophos Email Appliance v4.2.1.0 - I've noticed that a significant number of legitimate emails from gmail and yahoo are being quarantined as spam, unfortunately an enormous amount of spam comes from those providers, so I'm not sure how much can be done.

The only means I have right now to correct this is to manually add each gmail/yahoo address to my allow list individually. Is there a way I can weigh these emails differently? Is it common for the default "Spam Medium" rule to quarantine legitimate gmail and yahoo emails? I'm not familiar with how Sophos discerns spam among legitimate emails, so any assistance would be greatly appreciated.

For note, I have added a few custom rules under "Additional Policy", but all of these particular quarantines have been enacted by the "Spam Medium" rule and I have not changed anything in regards to that. Most of this appliance is default settings and recommended configuration. 

Thanks,

--Austin



This thread was automatically locked due to age.
  • Ours has been running for a while and I have not had a problem with it capturing legitimate GMail or Yahoo accounts.  I just looked in our quarantine for gmail.com addresses.  All the ones I spotted checked are from non-gmail servers they were just using a gmail.com from addresses. 

    Does the X-SEA-Spam header provide any useful information? 

     

    This should not be required and I don't have my appliance configured like this... So use at your own risk. One idea for a work around would be to.
    1. Add @gmail.com to the allowed list (generally a bad idea since anyone can send from @gmail.com)
    2. Under Policy -> Encryption.  Add gmail.com and set it to require encryption and validate certificate.  Google will always have a valid TLS certificate.  I didn't look but I would expect Yahoo to as well.

  • I'll take a closer look at the headers on the next one I catch in the quarantine, I don't have any of the previous ones in front of me to verify against at the moment.

    I didn't think about using the encryption settings, but that would really only weed out spoofed addresses as I understand it. I guess I need to look at the volume of legitimate gmail addresses used for spam, I certainly don't want to flood my coworkers with advertisements for shoes or Russian models.

    I'll do some more reading on this once I get back to the office on Monday.