Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

mail from global bad sender still getting through

Created: 18 Oct 2013 | 5 comments

Hi,

For a while now, myself and some of my users have been getting emails containing suspicious files.
Always seeming like they come from the same email adress, but behind the screens they originate from the most diverse email adresses.
So blocking the sender is out of the question.

Is there a way to block emails contaning certain data? (strings?)

When looking into the senders IP adress this is listed among the Global Bad Senders, and Global bad senders are configured as Reject SMTP connection.
However the e-mail still gets through... How do I get this resolved?

Symantec Messaging Gateway - Sender Groups_2013-10-18_16-04-05.png

Symantec Messaging Gateway - IP Reputation Lookup_2013-10-18_15-59-11.png

Kind regards,
Domien

Operating Systems:

Comments 5 CommentsJump to latest comment

BenDC's picture

The IP may have been added to the gobal bad senders list after the message was received. 

What was the verdict seen in the Message Audit Log?

Grandeco's picture

Goodmorning,

Please find the verdict below.
As far as I can see there is no mention of a global bad senders...?

Thank you!

Symantec Messaging Gateway - Message Audit Logs_2013-10-21_09-19-47.png

tonev's picture

Is there a way to block emails contaning certain data? (strings?)

Yes, please check content filter.

Grandeco's picture

Okay I've set this up using the content filtering... I'll let you know how that works out.

But I'm still curious as to why the system still allows these mails to get through?

Grandeco's picture

Hi,

These mails are still getting through, even after me trying to create a content filter.
I created the filter on the to/from/cc filter, perhaps this isn't the right way?

What policy do I have to create to delete any emails from global bad senders?
Or quarentine it but don't send any notifications... any way is fine as long as my users aren't bothered with this anymore !

Kind regards,
Domien