Messaging Gateway

Brightmail is considering a lot of legitimate mail as SPAM.  We have a huge amount of false positives.  I have checked my settings and there's nothing that I can find that is causing this.  Also, I will add the IP address in the ALLOW list and also the email address (which I really don't want to do) and it's bypassing these and still sending to Quarantine.  I am finding that I have to continually monitor the Quarantine to release all the false positives.

What am I missing?  I've gone through the Administration guide.

This is version 6.x and running on Windows 2003 and tied to Exchange 2003.

I have just the default group policy.  SPAM is sent to quarantine.  Blocked is sent to Quarantine.  Suspected is sent to their mailbox.  SPAM scoring is set at 65-89 for suspected.

HELP!

Hi,

You don't mention which specific Brightmail product you are using.

I would check the Message Audit Log for some of the messages which are getting sent to quarantine and shouldn't be. If the sender / IP is whitelisted really these mails should be bypassing spam scanning so there may be another verdict on these messages which is causing them to be quarantined. If you find that legitimate messages do have a spam verdict, you can submit them to Symantec for review of the filters, following the procedure in this article: http://service1.symantec.com/SUPPORT/ent-gate.nsf/docid/2005012415180263

If that fails to resolve the problem I would suggest a call to support.

Hope that helps,
Amanda

Brightmail Antispam (no AV) 6.x.

There's just no happy medium here.  Luckily, I am quarantining blocked spam, otherwise we'd be losing a lot of mail.  Now a lot of legitimate SPAM is coming through.  I am using Allowed list for IPs, emails and the Blocked for IPs and emails.  Stuff that I place on the Allow list (and is not on the blocked list) is being flagged and sent to quarantine.

I am using custom filters, but those are for the basic pen*s and viagra words, etc.

My users are coming after me with fire and pitchforks!  :)

Hi,

It seems you are using an old product version. That product is now called Symantec Brightmail Message Filter - current version is 6.1.1.

Have you checked the bmserver log (notice level) for the message verdict? Have you submitted any spam false positives to Symantec for review? Have you called support for assistance?

Amanda

I've called support.  I've shut it down.  Will use Exchange IMF for now until I reinstall the application and download the upgrade.