Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

[SFOS 18.5MR3] Poor spam detection after update to Sophos Anti-Spam Interface

Hi everyone,
I am setting up a separate thread as I did not receive any specific reply in other threads.

The case concerns Sophos Anti-Spam Interface after upgrading from v18.5MR2 to v18.5MR3 and from v19EAP1 to v19EAP2.

Before updating, antispam works great in legacy mode, detects a lot of intrusive messages and tags with a prefix (near 99%). After updating, only some messages are detected as spam and tagged (I did not do any changes in configuration).

What it comes from? How can I edit my lists to achieve pre-update spam detection?

Greetings



This thread was automatically locked due to age.
Parents
  • We expirience also a lot of SPAM going trough FW after upgrade to MR3(From MR1)...

    I didn't inspect what exactly is wrong but in sasi.log I see only few errors:

     DNS/Request.cpp:246] vector::_M_range_check

  • try to restart the firewall and disabling Antispam in your SMTP policy and turning it back on. That helped in my case.

  • > It has been restarted 54h ago when it has been upgraded...

    That was the same situation for me. Maybe you can switch off and on the antispam in the policy first, it does not create any outage customers would notice.

  • Im try this will see if there is some improvement...
    Im also try when spam has been disabled restart antispam service but it faild with error "Couldn't apply settings".

  • Yesterday, I changed the default Imap/s setting on the XG115w, so I now see 20 probably spam and 20 probably spam senders with no details other theN/A.

    What appears to be happening the is check for mail messages are tagged as probably spam.

    Ian

    XG115W - v20.0.2 MR-2 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

  • Disabling/Enabling SPAM rules do not help.

  • and the anti-spam pattern has not updated for 6 days.

    ian

    XG115W - v20.0.2 MR-2 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

  • Same for me, but then, ATP was not updated for 4 days. I guess there are simply no new rules.

  • Changed the default imap/pop3 policies and created two of my own. One spam message came through with added text but not in a place the a mail rule could use to check and shift to a spam folder. The message header does not contain any X-SASI type information, so I suspect all my incoming mail will now be classified as spam.

    That will be a check to followup with tomorrow's mail messages. I didn't have to wait long and new spam message appeared with the same format but not usable in a mail rule.

    Ian

    The two messages marked as probable spam do not appear in the email log. Funny, I am seeing messages from February 2022 being delivered tonight, though I can't see them in the inbox being delivered today. More testing and observing tomorrow.

    XG115W - v20.0.2 MR-2 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

  • Mixed results, now receiving messages marked as spam that were previously delivered in 2021. Some of the fresh spam is marked correctly and put in the junk folder others have the correct comment added by the XG but not in the correct place in the subject line. None of the spam messages are appearing in the logviewer as having been received.

    Ian

    XG115W - v20.0.2 MR-2 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

  • Hi folks,

    this gets stranger and stranger. The mail messages delivered to my mac mini do not show any subject change, whereas the same messages in the iPhone and ipads do. I read the messages on the iPad first then checked the mac mini (mac mail).

    All message appear in logviewer as clean mail.

    Ian

    XG115W - v20.0.2 MR-2 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

  • Spam is being sent from Russian IP addresses and not even being tagged as probable spam. Next thing to better understand how to block source mail addresses in XG the addresses that get passed from the ISP mail servers as being legitimate?

    Ian

    Dropped the idea of using source mail addresses, too many spam senders marked as trusted sites. Using phrases see if that improved the hit rate.

    XG115W - v20.0.2 MR-2 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

Reply
  • Spam is being sent from Russian IP addresses and not even being tagged as probable spam. Next thing to better understand how to block source mail addresses in XG the addresses that get passed from the ISP mail servers as being legitimate?

    Ian

    Dropped the idea of using source mail addresses, too many spam senders marked as trusted sites. Using phrases see if that improved the hit rate.

    XG115W - v20.0.2 MR-2 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

Children
No Data