Messaging Gateway

 View Only

  • 1.  Good Sender List Being Ignored: Emails Blocked Because Of Unscannable Attachment

    Posted Jun 14, 2010 08:56 AM

    Just upgraded to the Brightmail appliances. I have the default policy set to send any emails with unscannable attachments to the spam quarantine. The majority of these emails are spam because of malformed MIME types which is what I want.

    Unfortunately, I have a few legit senders whose emails I wish to allow through. I added their address/domain to my known Good Senders list which is applied to the default policy but they are still getting blocked.

    A few things:

    Shouldn't the whitelist/blacklist be applied first and overrule the scanning? IE: Adding the username/domain/ip to good sender list just send it through instead of blocking it? Every other spam appliance I've worked with has done this.

    I saw a previous thread about the same issue:
    https://www-secure.symantec.com/connect/forums/passing-trough-messages-without-scanning-virus-spam-and-content

    But the user is told he has a "strict" policy and to allow the attachments through? That seems to me a lazy answer. I am getting more spam than legit emails being blocked, so I do NOT want to turn this blocking of unscannable attachments policy off.

    What would be a way for me to add specific senders or domains that way they get their messages delivered regardless of any other rules?


  • 2.  RE: Good Sender List Being Ignored: Emails Blocked Because Of Unscannable Attachment

    Broadcom Employee
    Posted Jun 14, 2010 11:58 AM

    DVizzle,

    The local good sender's list is under the reputation tab becuase it is a setting that only pertains to repuatation checking and spam detection, NOT to virus detection or compliance filtration. It would be very insecure if you simply want no spam detection for these users and instead you end up getting viruses if you accidentally put the wrong domain into this list.

    You can create a custom group for the users you are trying to receive email from and change the unscannable action for that group. Also, please see this document if you want to simply modify the action for the unscannable rule:

    Title: 'How to modify the unscannable messages policy'
    Document ID: 2009121110385254
    > Web URL: http://service1.symantec.com/SUPPORT/ent-gate.nsf/docid/2009121110385254?Open&seg=ent




  • 3.  RE: Good Sender List Being Ignored: Emails Blocked Because Of Unscannable Attachment

    Posted Jun 14, 2010 12:04 PM
    Thanks, I understand that, but isn't the point of exception rules/lists to allow the content in through regardless of what is scans as? As the administrator, it should be understood the risk you take when adding exceptions to these allow/deny lists. I'm not a fan of having to create a whole new policy to avoid virus scanning, where the reputation "good senders" lists should act like a whitelist like every other firewall product.


  • 4.  RE: Good Sender List Being Ignored: Emails Blocked Because Of Unscannable Attachment

    Broadcom Employee
    Posted Jun 14, 2010 12:12 PM

    DVizzle,


    Absolutely not. We have 3 main parts to our product. A universal whitelist is a huge security problem and we would lose a lot of customers.


  • 5.  RE: Good Sender List Being Ignored: Emails Blocked Because Of Unscannable Attachment

    Posted Jun 14, 2010 12:30 PM

    JDavis,  I thought policy groups only apply to LOCAL domains - so for inbound mail, the policy group would apply to recipients, and not senders.
    Was there a change to this in 9.x?