Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Verified Answer
  • +4 person also asked this people also asked this
  • Locked Locked
  • Replies 117 replies
  • Answers 2 answers
  • Subscribers 56 subscribers
  • Views 26047 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

[SFOS 18.5MR3] Poor spam detection after update to Sophos Anti-Spam Interface

darnoK

Hi everyone,
I am setting up a separate thread as I did not receive any specific reply in other threads.

The case concerns Sophos Anti-Spam Interface after upgrading from v18.5MR2 to v18.5MR3 and from v19EAP1 to v19EAP2.

Before updating, antispam works great in legacy mode, detects a lot of intrusive messages and tags with a prefix (near 99%). After updating, only some messages are detected as spam and tagged (I did not do any changes in configuration).

What it comes from? How can I edit my lists to achieve pre-update spam detection?

Greetings



This thread was automatically locked due to age.
Parents
  • 0

    Are there any resources on how SASI works?
    Currently I get mixed results with my home license. Some emails are quarantined, and all X-SASI headers are there. And then some mails go through with just these lines:

    X-Sophos-IBS: fail
    X-SASI-RCODE: none
    X-Sophos-Firewall: smtpd v1.0

    Those mails that are going through like this are properly signed via DKIM. Is any mail with correct DKIM signature bypassed by further spam processing?

    RBL and RDNS checks seem to work always.

    And another question, as a User who had formerly the UTM: When I release mails from quarantine, are they reported as false positive? In UTM I had an option to report so while releasing.

Reply
  • 0

    Are there any resources on how SASI works?
    Currently I get mixed results with my home license. Some emails are quarantined, and all X-SASI headers are there. And then some mails go through with just these lines:

    X-Sophos-IBS: fail
    X-SASI-RCODE: none
    X-Sophos-Firewall: smtpd v1.0

    Those mails that are going through like this are properly signed via DKIM. Is any mail with correct DKIM signature bypassed by further spam processing?

    RBL and RDNS checks seem to work always.

    And another question, as a User who had formerly the UTM: When I release mails from quarantine, are they reported as false positive? In UTM I had an option to report so while releasing.

Children
Unfiltered HTML