Messaging Gateway

 View Only
  • 1.  SMG - False Positive, local Good Sender and user Reply as Spam

    Posted Sep 16, 2016 11:21 AM

    Hello!

    I have a strange and confusing situation (SMG ver 10.5.4-4).

    Emails from one of my clients (email sender) are still missidentified as SPAM and quarantined. For me this is normal email communication with footer and some pictures is this footer.

    I regularly go to the Quarantine and use option "This is NOT Spam" to inform Symantec of this false positive message.

    This week I put this domain to "Local Good Sender" group. It is working for incoming email.

    But when my users try to send Reply to users in this domain (previous body is included in new message), emails are identified as outbound Spam again.

    Is it possible to make some kind of white list for outgoing domain?

    What can I do with this?

    Thanks

    Peter



  • 2.  RE: SMG - False Positive, local Good Sender and user Reply as Spam

    Posted Sep 19, 2016 05:27 AM

    Hi Peter,

    1st you have to find the reason why these mails get marked as spam. What is the verdict in message audit log, only spam or susp.url, etc?

    If its only spam it could be the ultra-url feature. To validate, send a mail from a private mail account to your companys mail account. Add the message body including the footer, etc of a detected mail. If its still detected as spam try again with a plain mail and include just the url in the footer.

    You could validate that a little more, debug logging on smg or tcpdump on the scanner and watch for dns requests.

    Outbound "Local Good Sender" is not working because whos the sender?

    Thomas



  • 3.  RE: SMG - False Positive, local Good Sender and user Reply as Spam

    Posted Sep 22, 2016 10:29 AM

    Hi Tom!

    Sorry for late answer - I had another urgent work.

    1) incoming mail form this domain have always verdict "SPAM". My SMG is version 10.5.4-4, so I don't have ultra-url feature.

    2) It is good idea! I send email from another domain with a link from that message body - and my SMG stop this as SPAM again.

    3) How can I inform Symantec, so messages from that company are ordinary mail, not SPAM? I use "This is NOT spam" button in spam Quarantine, but this not help for future messages.

    4) I know there is no white list for outgoing email, but I'm looking for any workaround Now my user must manually delete earlier body when sends Reply message.

    ?

    Thx

    Peter



  • 4.  RE: SMG - False Positive, local Good Sender and user Reply as Spam

    Posted Sep 23, 2016 04:48 AM

    Hi Peter,

    ad 1) As i know ultra-url is there, too. But i was told it doent do anything ...

    To be sure, just open a incident and send them the X-Brightmail-Tracker from the mail-header. Then you should be told why the message got caught as spam.

    ad 2) bingo - its not the reputation or whatever. What about susp url rule? Anyway, to shorten this up i would open a incident

    ad 3) https://support.symantec.com/en_US/article.TECH83081.html - False Positives Submissions

    ad 4) We have to find the reason, then you can think of actions like whitelisting for them

    Thomas



  • 5.  RE: SMG - False Positive, local Good Sender and user Reply as Spam

    Posted Sep 29, 2016 02:37 AM

    Hi Peter,

     

    with the last update, we have the same problem.

    a lot of outgoing mail as replay are marked as spam.

    Never happend before the last update :(