Messaging Gateway

Hi to all,

 

Recently we start using Symantec Messaging Gateway 10.5.2, but i have a problem:

In the moment we set action to reject SMTP connection to Global Bad senders i cannot find a way to see all rejected connections by Global Bad Sender category. Maybe because message is not realy accepted by SMG it is not in Message audit log.

When action is set to Delete message, its ok, but then there are cases when message match on several verdicts, it deleted but users receive a notification that this message is in quarantine... its a mess sometimes. I know that SMG check different verdict engines in paralell so maybe its normal.

 

Its any way to keep Reject action and have a log. Or set action to Delete and to  stop processing other verdicts?

 

Best Regards,

Hi, For information on the status of rejected connections, use [Reputation][Reputation Tools][IP Reputation Lookup] on the Web console with the IP address of connecting MTA. As you've already guessed, Message Audit log cannot be used, due to missing SMTP session information. Haro

We're on version 10.5.1-2 and I had the same issue. I had setup SMG to use third party bad senders and I wanted to see how effective they are but was not able to pull any log/reports specific to the third party blacklists when the verdict was set to reject smtp connection.

I have now set the verdict to 'delete message' just so I can pull relevant logs. In addition to that, I have a second verdict to bypass content filtering policies because in content filtering, we have policies to quarantine certain emails and notify recipients (we don't want them notified when the email is spam and since SMG will do that if you don't tell it not to.) I also had to add the second verdict to spam rules which was set to delete message – just so that people are not notified for quarantined emails that SMG already know as spam.