Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 16 replies
  • Subscribers 1 subscriber
  • Views 10614 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Updated from Astaro to Sophos UTM 9; Antispam performance is dismal

gjkoz
I upgraded from Astaro 8 to Sophos UTM 9, I'm using pretty much the same mail protection settings, but my spam messages per day went from 3 total to a few hundred. I'm drowning in annoying spam mail. I don't see a setting anywhere to change the "Spam Confidence Level", the only settings I see are to Quarantine Spam, and Blackhole "Confirmed Spam"; however this new version seems to be blocking a whole lot less than it used to.

Any advice?


This thread was automatically locked due to age.
Parents
  • 0
    2012:12:07-16:23:00 firewall exim-out[13123]: 2012-12-07 16:23:00 Start queue run: pid=13123
    2012:12:07-16:23:00 firewall exim-out[13123]: 2012-12-07 16:23:00 End queue run: pid=13123
    2012:12:07-16:23:09 firewall exim-in[13114]: 2012-12-07 16:23:09 1Th5O0-0003PW-2a spam acl condition: cannot parse spamd output
    2012:12:07-16:23:09 firewall exim-in[13114]: 2012-12-07 16:23:09 1Th5O0-0003PW-2a H=(jyi90.biboschena.in) [216.104.35.90]:32342 Warning: ACL "warn" statement skipped: condition test deferred
    2012:12:07-16:23:09 firewall exim-in[13114]: 2012-12-07 16:23:09 1Th5O0-0003PW-2a Greylisting: 216.104.35.90 is a known retry host
    2012:12:07-16:23:09 firewall exim-in[13114]: 2012-12-07 16:23:09 1Th5O0-0003PW-2a cashonitsway@biboschena.in H=(jyi90.biboschena.in) [216.104.35.90]:32342 P=esmtp S=3644 id=3077632164664191233.3549b799c76a5a863b97b922e2c385a8.331312680@jyi90.biboschena.in
    2012:12:07-16:23:09 firewall exim-in[13114]: 2012-12-07 16:23:09 SMTP connection from (jyi90.biboschena.in) [216.104.35.90]:32342 closed by QUIT
    2012:12:07-16:23:11 firewall smtpd[4628]: QMGR[4628]: 1Th5O0-0003PW-2a moved to work queue
    2012:12:07-16:23:20 firewall smtpd[13129]: SCANNER[13129]: 1Th5OC-0003Pl-DD cashonitsway@biboschena.in R=1Th5O0-0003PW-2a P=INPUT S=3027
    2012:12:07-16:23:20 firewall smtpd[13129]: SCANNER[13129]: id="1000" severity="info" sys="SecureMail" sub="smtp" name="email passed" srcip="216.104.35.90" from="cashonitsway@biboschena.in" to="me@domain.com" subject="Get a quickcash advance today" queueid="1Th5OC-0003Pl-DD" size="3027"
    2012:12:07-16:23:20 firewall smtpd[13129]: SCANNER[13129]: 1Th5O0-0003PW-2a => work R=SCANNER T=SCANNER
    2012:12:07-16:23:20 firewall smtpd[13129]: SCANNER[13129]: 1Th5O0-0003PW-2a Completed
    2012:12:07-16:23:29 firewall exim-out[13131]: 2012-12-07 16:23:29 1Th5OC-0003Pl-DD => me@domain.com
    P= R=static_route_hostlist T=static_smtp H=192.168.***.*** [192.168.***.***]:25 X=TLSv1:AES128-SHA:128 C="250 2.6.0  [Inte"
    2012:12:07-16:23:29 firewall exim-out[13131]: 2012-12-07 16:23:29 1Th5OC-0003Pl-DD Completed
Reply
  • 0
    2012:12:07-16:23:00 firewall exim-out[13123]: 2012-12-07 16:23:00 Start queue run: pid=13123
    2012:12:07-16:23:00 firewall exim-out[13123]: 2012-12-07 16:23:00 End queue run: pid=13123
    2012:12:07-16:23:09 firewall exim-in[13114]: 2012-12-07 16:23:09 1Th5O0-0003PW-2a spam acl condition: cannot parse spamd output
    2012:12:07-16:23:09 firewall exim-in[13114]: 2012-12-07 16:23:09 1Th5O0-0003PW-2a H=(jyi90.biboschena.in) [216.104.35.90]:32342 Warning: ACL "warn" statement skipped: condition test deferred
    2012:12:07-16:23:09 firewall exim-in[13114]: 2012-12-07 16:23:09 1Th5O0-0003PW-2a Greylisting: 216.104.35.90 is a known retry host
    2012:12:07-16:23:09 firewall exim-in[13114]: 2012-12-07 16:23:09 1Th5O0-0003PW-2a cashonitsway@biboschena.in H=(jyi90.biboschena.in) [216.104.35.90]:32342 P=esmtp S=3644 id=3077632164664191233.3549b799c76a5a863b97b922e2c385a8.331312680@jyi90.biboschena.in
    2012:12:07-16:23:09 firewall exim-in[13114]: 2012-12-07 16:23:09 SMTP connection from (jyi90.biboschena.in) [216.104.35.90]:32342 closed by QUIT
    2012:12:07-16:23:11 firewall smtpd[4628]: QMGR[4628]: 1Th5O0-0003PW-2a moved to work queue
    2012:12:07-16:23:20 firewall smtpd[13129]: SCANNER[13129]: 1Th5OC-0003Pl-DD cashonitsway@biboschena.in R=1Th5O0-0003PW-2a P=INPUT S=3027
    2012:12:07-16:23:20 firewall smtpd[13129]: SCANNER[13129]: id="1000" severity="info" sys="SecureMail" sub="smtp" name="email passed" srcip="216.104.35.90" from="cashonitsway@biboschena.in" to="me@domain.com" subject="Get a quickcash advance today" queueid="1Th5OC-0003Pl-DD" size="3027"
    2012:12:07-16:23:20 firewall smtpd[13129]: SCANNER[13129]: 1Th5O0-0003PW-2a => work R=SCANNER T=SCANNER
    2012:12:07-16:23:20 firewall smtpd[13129]: SCANNER[13129]: 1Th5O0-0003PW-2a Completed
    2012:12:07-16:23:29 firewall exim-out[13131]: 2012-12-07 16:23:29 1Th5OC-0003Pl-DD => me@domain.com
    P= R=static_route_hostlist T=static_smtp H=192.168.***.*** [192.168.***.***]:25 X=TLSv1:AES128-SHA:128 C="250 2.6.0  [Inte"
    2012:12:07-16:23:29 firewall exim-out[13131]: 2012-12-07 16:23:29 1Th5OC-0003Pl-DD Completed
Children
No Data
Unfiltered HTML