This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Many SPAM with Sophos Email Appliance

Hi,

I'm in a new Company that has  Sophos Email Appliance like a SPAM control (I haven't use this product yet) . In these days my collegues ask me why we receive many SPAM. I'v checked the configuration of VEA and there is an high spam rule yet, but this don't block many mail. We receive many SPAM from info@example.xyz or .site .

Is there any configuration that can I do to mark as SPAM these emails?

 

 

 

 

Thank you 

 

Riccardo



This thread was automatically locked due to age.
Parents
  • Hi Riccardo,

     

    I did up a best practice kb for spam rules, please have a look here : https://community.sophos.com/kb/en-us/120802

    Another thing to note is the appliance has a powerful feature called delay queue, this feature does require 10.5 days in collect mode before it can be activated.  It is specifically designed to detect snowshoe spam.

    Other factors that may cause issues are : if the firewall is not redirecting port 25 directly to the appliance,  any upstream email appliances or load balancers.  These devices can prohibit the MTA from connecting to the appliance directly.   When this happens blacklisted ips may not be detected by the blocker service.

     

    Ensure the appliance is not been filtered by a webfilter as it performs real-time dns look ups and frequent updates that may be blocked.

     

    you can also submit samples direct to labs with the outlook plugin or by creating a new email, drag and drop the spam as a .eml attachment into a new message and send it to is-spam@labs.sophos.com .. this is an automated emailbox that tracks spam.

Reply
  • Hi Riccardo,

     

    I did up a best practice kb for spam rules, please have a look here : https://community.sophos.com/kb/en-us/120802

    Another thing to note is the appliance has a powerful feature called delay queue, this feature does require 10.5 days in collect mode before it can be activated.  It is specifically designed to detect snowshoe spam.

    Other factors that may cause issues are : if the firewall is not redirecting port 25 directly to the appliance,  any upstream email appliances or load balancers.  These devices can prohibit the MTA from connecting to the appliance directly.   When this happens blacklisted ips may not be detected by the blocker service.

     

    Ensure the appliance is not been filtered by a webfilter as it performs real-time dns look ups and frequent updates that may be blocked.

     

    you can also submit samples direct to labs with the outlook plugin or by creating a new email, drag and drop the spam as a .eml attachment into a new message and send it to is-spam@labs.sophos.com .. this is an automated emailbox that tracks spam.

Children