Thread Info
  • State Verified Answer
  • +2 person also asked this people also asked this
  • Locked Locked
  • Replies 35 replies
  • Subscribers 10 subscribers
  • Views 14557 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

9.706 - anti-spam engine changed to SASI

Alexander Busch

One of the changes is that: Email Protection anti-spam engine changed to Sophos Anti-Spam Interface (SASI)

Anybody has experience with that change? Does it effect the rate of recognition? I haven't figured out yet if the Commtouch Advanced Security Daemon (ctasd) is dropped with this or not. And if so aren't the results from cyren no longer used?

Best regards

Alex



This thread was automatically locked due to age.
  • 0 in reply to JosefBergmann

    Josef, i know it's only 5 Days, but is there anything you can tell already ? i guess after 5 Days there must at least one or 2 mails in quarantine

  • 0 in reply to WolfgangS

    Hi Wolfgang

    short answer, yes now are many mails in the quarantine and the anti-spam engine seem to work.

    bye Josef

    BERGMANN engineering & consulting GmbH, Wien/Austria

  • 0 in reply to JosefBergmann

    hmm, then i ask myself whats wrong with my installation ?

    i made a new install and imported a backup. so where is the issue here ?

    do u use profile mode with the smtpd proxy ?

    also IPS is on 0

    antispyware is 0

    webfilter is 0

    what the heck is going on here ?

    maybe someone from the dev's could look at this, because i have no clue what i can do here and where to look.

  • 0 in reply to WolfgangS

    Well i like to ask, if i am still the only one with this issue right now.

    because i have no more ideas what i can do..

    the firewall ist not a VM.

    Hardware:

    lspci
    00:00.0 Host bridge: Intel Corporation Device 9b63 (rev 03)
    00:01.0 PCI bridge: Intel Corporation Xeon E3-1200 v5/E3-1500 v5/6th Gen Core Processor PCIe Controller (x16) (rev 03)
    00:14.0 USB controller: Intel Corporation Device 43ed (rev 11)
    00:14.2 RAM memory: Intel Corporation Device 43ef (rev 11)
    00:14.3 Network controller: Intel Corporation Device 43f0 (rev 11)
    00:16.0 Communication controller: Intel Corporation Device 43e0 (rev 11)
    00:17.0 SATA controller: Intel Corporation Device 43d2 (rev 11)
    00:1b.0 PCI bridge: Intel Corporation Device 43c0 (rev 11)
    00:1b.3 PCI bridge: Intel Corporation Device 43c3 (rev 11)
    00:1b.4 PCI bridge: Intel Corporation Device 43c4 (rev 11)
    00:1d.0 PCI bridge: Intel Corporation Device 43b0 (rev 11)
    00:1d.4 PCI bridge: Intel Corporation Device 43b4 (rev 11)
    00:1f.0 ISA bridge: Intel Corporation Device 4385 (rev 11)
    00:1f.4 SMBus: Intel Corporation Device 43a3 (rev 11)
    00:1f.5 Serial bus controller [0c80]: Intel Corporation Device 43a4 (rev 11)
    01:00.0 VGA compatible controller: NVIDIA Corporation GT218 [GeForce 210] (rev a2)
    01:00.1 Audio device: NVIDIA Corporation High Definition Audio Controller (rev a1)
    03:00.0 Ethernet controller: Intel Corporation 82574L Gigabit Network Connection
    04:00.0 Ethernet controller: Intel Corporation I350 Gigabit Network Connection (rev 01)
    04:00.1 Ethernet controller: Intel Corporation I350 Gigabit Network Connection (rev 01)

    i did a fresh install , used a backup , an still nothin works as on the old hardware. 

    and i sryl like to know why!

    Everything is on 0 , the 6 spammails got blocked via RBL

    So what is going on here ?  this is not normal!

  • 0 in reply to WolfgangS

    Hi Wolfgang,

    check what is set in Email Protection - SMTP - Antispam on
    Reject at SMTP time: Confirmed Spam
    Spam action: Quarantine
    or if you're using Profiles check this settings in the profile ...

    Check if the box gets the lastest spam patterns, in Management - Up2Date - Pattern (current pattern on 30.7.2021 14:25 CET is 202416 so your number here should be equal or higher).

    Check in the Mail Manager SMTP Log if the pattern works, uncheck every Reason filter except "Spam", the you should see matches like "Rejected: Spam (confirmed)" or "Quarantined: Spam".

    bye Josef

    BERGMANN engineering & consulting GmbH, Wien/Austria

  • 0 in reply to JosefBergmann

    Hi Josef,

    thanks for your answer. The Pattern is not up to date. So the question is why? why does the utm not download the new pattern ?

    also i can't see anything like: "Rejected: Spam (confirmed)" or "Quarantined: Spam".  in the Mail Manager SMTP Log .

    i did the pattern update now via manual update. so let's see what happens.

  • 0 in reply to WolfgangS

    Hi Wolfgang,

    I am really interested in your case for two reasons. First, your claims are holding me back from upgrading my production UTMs because I heavily rely on the SMTP proxy (my home UTM is fine..) and second, because of this, Sophos released the SSSE3 advisory.

    However I think you have to distinguish between blocked and quarantined mail. A blocked mail is a blocked mail and not a quarintined one. Therefore you can have 6 blocked mails and zero are in quarintine.

    I would suggest you post complete screenshots of your SMTP configuration.
    I guess Josef is right and your mails are "rejected at SMTP time"

  • 0 in reply to Albeck

    Yes you are right, i have a lot of "rejected at SMTP time" 

    So here we go (Part1):

    Profile mode, because i have my own HP and some hobby sites here and using them also as mail domains.

    SMTP Profile use Golbal Settings


  • 0 in reply to WolfgangS

     i just looked into the Mailmanager  :

    Could it be that easy ? was it just an old pattern ? so did i overlooked that i am not on the newest spam pattern only ?

    i have no clue!

Unfiltered HTML