Messaging Gateway

1. We have a large number of Chinese-spam messages that are not being flagged as spam.  I have attached a couple of the messages to this email – can someone please review these and let us know if the definitions file can be updated to flag these?  Our “suspect” threshold begins at 72.  We do not have any white-list senders in place.
    
2. We are currently using version 7.7.0-17 – we would like to get on a more “current” version, we can see upgrade options up to 8.0.3-11 … can we skip the previous versions or must we update in order?
    
3. I’ve noticed that you have a version 9 of the product now available.  Are there any added benefits in the newer versions around spam-identification?  We are not really interested in additional admin-UI features, we mainly just use the brightmail gateway to classify email as either a virus or spam.
    
4. We’ve noticed a X-Brightmail-Tracker header in the EML files, we would like to know if the “suspect” rating could be added as well?

We can't analyse spam here on the forums. You seem to have pinpointed the most likely issue in your subject line, you're on a really old version.

You should get to at least 8.0.3. Then you can decide to go to 9.0.1 or not. Only 8.0.3 can upgrade to 9.

what are the steps to getting to 8.0.3? can we just backup our existing server and then run the update process for 8.0.3-11 (skipping the other ones shown 8.0.2-12, 8.0.1-7, 8.0.0-24?) or do we have to go in order?

what are the steps to getting my spam analyzed? is there a different support route I should be taking? we use to just send email to help@brightmail.com.

thanks again

Agreed, get to current version.  8.x has much better performance, and 9.01 has many useful features.  I don't recall if 7.x had the IP reputation feature, or connection classification.  9.0 introduces a much simpler LDAP integration so you can more easily do invalid recipent rejection.  You can also setup probe accounts (honey pot) addresses that will forewared spam examples to Symantec for quicker anti-spam filter tuning.

Also, the examples you provided did not included IP addressing, so there is no way to know the repuation of the sending IP.

Take a look at this site (http://www.symantec.com/business/security_response/landing/spam/index.jsp) and put in the IP address the spam is coming from.  This will help you see if Brightmail 9 will help.

A few quick additional comments:
a) on upgrade, yes, you can go straight from your current version to 8.0.3.  We set up v8.0.3 as a gatekeeper before moving up to the 9.x releases (we are currently on 9.0.1).  I do encourage you to make the move all the way to 9.0.1 when you are ready, since it does include the new LDAP integration architecture mentioned above, as well as the simplified Probe Network participation.
b) We launched a major enhancement on our reputation story with 8.0.  In addition to a significant expansion on our global reputation, which can be checked through the response site, we also launched our full local reputation and connection classication architecture, which shapes traffic on your site based on the spam you are seeing.  With the new reputation story, we are now blocking 90-95% of spam at connection time.
c) finally, for submiting missed spam samples to Symantec, see: http://service1.symantec.com/support/ent-gate.nsf/854fa02b4f5013678825731a007d06af/72007e542947aa388825734c00828c35?OpenDocument

We took our DR box and upgraded that to 9.0 (I didnt want to update our production box until I was sure the 9.0 release had "taken hold" in DR.) 

I took some of the chinese emails and pushed them through the brightmail server.. 9.0 didn't flag them as spam - could it be because i'm connecting to the box directly (via telnet) to submit these messages? and that they aren't coming from an external IP address?

--- side note: thanks to everyone for the instructions on upgrading, it was as easy as you said :)