Phisthreat emails slow to go out, or don't go out at all

Hi Dave,

If you review the Campaign Overview, what is the status of these emails,? Are they shown as 'Pending', 'Sent' or anything else? 

If they show as 'Pending' then chances are the start date for the campaign is in the future.

If they show as 'Sent' then this tells us the email is successfully out of the Phish Threat system, and trying to reach the recipient's address.

Phish Threat does offer the ability to send out a test email straight away whilst setting up the campaign:

This test email can be used to check you've correctly white listed our IPs and/ or domains. 

Regards,

Byron 

Yes, we know about the test. We also read what little there is about running a campaign and watched the videos.

The problem is that the messages take days to leave the Sophos servers. Days.

Received: from mail.greenfieldin.org ([127.0.0.1])
	by localhost (XXXXX.greenfieldin.org [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id EKM6gS_Pa2vv for <dgoodrich@greenfieldin.org>;
	Sun,  6 Aug 2017 18:30:28 -0400 (EDT)
Received: from mail.greenfieldin.org (XXXXX.greenfieldin.org [10.16.2.92])
	by XXXXX.greenfieldin.org (Postfix) with SMTP id 5383F6638004
	for <XXXXX@greenfieldin.org>; Sun,  6 Aug 2017 18:30:28 -0400 (EDT)
Received: from jive.phishthreat.com (jive.phishthreat.com [107.170.253.6])
	by XXXXX.greenfieldin.org (Postfix) with ESMTPS id 2274C6638003
	for <XXXXX@greenfieldin.org>; Sun,  6 Aug 2017 18:30:28 -0400 (EDT)
Received: from PhishThreatVM (unknown [13.89.43.225])
	by jive.phishthreat.com (Postfix) with ESMTP id 51F5A18020B
	for <XXXXX@greenfieldin.org>; Thu,  3 Aug 2017 12:29:55 -0600 (MDT)

Dave

Still no change, and I still have not gotten my phish email. The system still says none have gone out, yet 49 people have opened the emails. I can confirm that some have been delivered.

DAve

No change this morning in the sent line, I do have one user who completed training and that showed up oddly enough. One test email has come through the IT department, my co-worker got it yesterday. Still nothing for me.

The value of this tool is the timely and accurate reporting of what our users do, we are just not seeing that here.

DAve

We have a change in behavior now, we have multiple people reporting they received the same message again. The reporting is still incorrect/behind/wrong.

Byron,

Did you get what you needed from the mail logs? I need to end this campaign as having multiple emails being delivered to employees is not creating a training environment, it is creating confusion.

DAve

We have ended the campaign at this point as Byron's team researches the issue. We are debating whether we should try another campaign at this point.

DAve

Hi Dave,

I'm the product manager for Sophos Phish Threat. First off, thanks for raising this and apologies for the frustration I'm sure it's caused. I can assure you we're actively investigating the issue and hope to find a resolution as soon as possible.

Additionally, I want to clarify one thing: the only type of campaigns affected are Attachment campaigns. Should you choose to start a new campaign, know that Phishing, Credential Harvesting, and Training campaigns are all functioning as expected.

Thanks,
Scott

Thanks Scott. Please keep this thread open and let us know when the problem is resolved. We may run a training campaign next week and then another test campaign the week after. We do not want to barrage the users all at once with PT, rather it should be a once per month at some random date/time for as long as we maintain the license.

DAve

I cancelled the campaign Friday morning and emails are still arriving to my employees. If I had to hazard a guess, I would say the problem lies in the Phish Threat mail queue. Can anyone tell how many emails destined for my domain (greenfieldin.org) are still in there? While you are there, can you stop them? Please.

DAve

My vote goes for a stuffed mail queue on jive.phishthreat.com.

After Byron's message about the attachment PT campaigns having issues I tried a training campaign, but only to the IT staff which is just four people. Everyone got their training email, and their reminders, all at the same time. The emails were three days late and came in one flood.

We have stopped the planned use of Phish Threat and moved on to other projects until the system is working in a timely manner.

DAve

Hi Dave,

I've been informed by our Development team that the problem has now been resolved. Please update this post if there are any problems on your side. 

Regards,

Byron

Thanks Byron,

We have work piling up this week. I will try to get to it Monday and send another test campaign out then.

DAve

Thanks Byron,

We have work piling up this week. I will try to get to it Monday and send another test campaign out then.

DAve

Byron,

The system seems to be working as intended now, thank you! We did a short test campaign this morning and when everything worked, we created a new campaign for the whole City and ran it with success.

We had one issue so far, but that was with Endpoint not catching the malware attachment on the PhishThreat email on every machine, just some of them. I have opened a thread on the Endpoint forum about that.

DAve