Messaging Gateway

 View Only

  • 1.  SBG 8.03 RDNS and HTML body filtering

    Posted Nov 13, 2009 05:24 AM
    1. I have an SBG 8.0.3 and an SMS for SMTP 5.01 gateway installed. Most of RDNS failed sender e-mails are going through the gateways. I would like to set up the gateway to filtering out and move to quarantine the RDNS failed e-mail. How to set it up?

    2. If the mail HTML formatted and contains only an img src and a href, the dictionary filtering does not working. - Tipically Chinese pharma spams... - Why?

    Add. info:
    • these emails senders are usually xxx@hotmail.com, or xxx@yahoo.com - I don't want to block all of yahoo mails;
    • the sender IP resolvable but RDNS fails, the IP's are tipically changing - probably from DSL pool;
    • the body does not contain plain text, only remote images with links;
    • standard built-in filtering rules are not filtering out these mails
    3. How can I find out a "scanned and quarantined" and "filtered out" message's spam score? The header does not contain this info in the quarantine...


    Many thanks
    Ferenc


  • 2.  RE: SBG 8.03 RDNS and HTML body filtering

    Posted Nov 13, 2009 06:56 AM

    Hi,

    1 - SBG does Reverse DNS queries just for logging purposed. There's no feature to act on failed rDNS.
    service1.symantec.com/SUPPORT/ent-gate.nsf/docid/2008010812051754
     
    2 - If this is some specific type of missed spam I'd suggest you check these KB articles:

    service1.symantec.com/SUPPORT/ent-gate.nsf/docid/2008080612113754

    service1.symantec.com/SUPPORT/ent-gate.nsf/docid/2005012415180263

    3- We don't expose that information on the headers.

    Regards,

    Federico



  • 3.  RE: SBG 8.03 RDNS and HTML body filtering

    Posted Nov 13, 2009 10:42 AM
    It's a known defect (my opinion) that SBG will not check HTML tag contents for dictionary words.  I consider this a compliance leak. You  can hide data that otherwise would trigger a compliance policy by enclosing the data in an html comment and sending outbound.