Messaging Gateway

 View Only

  • 1.  BMG9: Order of precedence

    Posted Apr 07, 2010 08:36 PM

    I found this old post of mine in the forums but I can't find this information as it applies to SBG 8/9??

    Order of precedence:

    •  
      • Virus attack
      • Worm
      • Virus
      • Spyware or adware
      • Suspicious attachment (suspected virus)
      • Unscannable
      • Encrypted attachment
      • End user-defined Allowed Senders List
      • End user-defined Blocked Senders List
      • Administrator-defined, IP-based Allowed Senders List
      • Administrator-defined, IP-based Blocked Senders List
      • Administrator-defined, domain-based Allowed Senders List
      • Administrator-defined, domain-based Blocked Senders List
      • Spam attack
      • Directory harvest attack
      • Safe Senders List (part of the Sender Reputation Service)
      • Open Proxy Senders (part of the Sender Reputation Service)
      • Third Party Services Allowed Senders List
      • Third Party Services Blocked Senders List
      • Content Compliance policies
      • Dropped invalid recipient
      • Spam
      • Blocked language
      • Suspected spam
      • Suspected Spammers (part of the Sender Reputation Service)
      • Sender authentication failure


    Note: End user-defined allow/blocked lists have precedence over all other lists. This may affect your decision regarding whether to enable end user preferences.
    Also, lists that you create have precedence over lists created by Symantec. However, third party DNS blacklists do not have priority over all Symantec lists.
    In the event of a conflict between Open Proxy Senders and an entry from a DNS blacklist, Open Proxy Senders will “win.”




  • 2.  RE: BMG9: Order of precedence

    Posted Apr 07, 2010 10:31 PM

    I would have thought Dropped invalid recipient  would be above DHA since you need drops to get a DHA score.   Also, I don't see TLS failures. I'd guess these would be above spam, but below the IP based items.

    What say you, Symantec?



  • 3.  RE: BMG9: Order of precedence

    Posted Apr 21, 2010 04:31 PM
    The days of linear precendence are long gone. In 7.x the gateway became capable of evaulating for and returning multple verdicts/actions on a message.  The order of evaluation is mostly a byproduct of how you have your policies and actions configured.

    General rule of thumb:

    1) Things that can defer or reject the "connection" will do so immediatly when the client connects. The order of operation matters little here, because the operations aren't very expensive: In general the most interesting question and answer here is that we prefer allowed senders over blocked senders.

    2) Invalid recipient handling and more "MTA centric" operations occur during the SMTP verb/protocol stage.

    3) Technologies which operate on the content of the message occur last afterh the mail has been accepted by the MTA.

    1. AntiVirus Technoligies, then
    2. Content Filtering or AntiSpam technologies happen in an order relative to how their are configured.
    Finally, all actions are accumulated and performed based on some logical rules of what can happen together and what is destructive and/or path altering.