cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4472
Views
0
Helpful
8
Replies

SenderBase never contacted

SmartI_ironport
Level 1
Level 1

Hi,
Configuring C100 at customer place with ver.5.1.
Mails are get through IronPort but start getting SPAM.
We found SenderBase service is showing 'never contacted' while same time all other services are showing up-to-dated and Full Internet is provided to IronPort.

Pls. help to get rid off it.

SmartI

Pls update me on this ASAP. Did I need to put external DNS along with Internal?

8 Replies 8

Mmmm strange...if you are receiving mails maybe you dont have PORT 80 or the proxy HTTP set?
Have you tried to get the latest update of the antivirus? Worked ok?
If dont, maybe you are getting trouble in the firewall to let port 80 or the proxy to give you HTTP packets....try that.

jaigill
Cisco Employee
Cisco Employee

Can you paste the output of the following "grep" command. Just paste the last 20-30 lines of output.

mail.iron.com> grep "SBRS" mail_logs

Also, paste the output of "senderbasestatus".

SmartI_ironport
Level 1
Level 1

Mmmm strange...if you are receiving mails maybe you dont have PORT 80 or the proxy HTTP set?
Have you tried to get the latest update of the antivirus? Worked ok?
If dont, maybe you are getting trouble in the firewall to let port 80 or the proxy to give you HTTP packets....try that.


The Private IP given to IronPort having all access made through Symantec Firewall5000. If same IP given to system I can able to, http,https,ftp,smtp,ssh etc. i.g. all access is there and same time AntiVirus is also get update.Proxy is not there, IP can have direct access.

SmartI_ironport
Level 1
Level 1

Dear JGill,

As per your req. sending the results of the command,

Sat Apr 28 16:45:52 2007 Info: ICID 8391 ACCEPT SG None match ALL SBRS rfc1918
Sat Apr 28 16:45:59 2007 Info: ICID 8392 ACCEPT SG None match ALL SBRS rfc1918
Sat Apr 28 16:45:59 2007 Info: ICID 8393 ACCEPT SG None match ALL SBRS rfc1918
Sat Apr 28 16:46:00 2007 Info: ICID 8394 ACCEPT SG None match ALL SBRS rfc1918
Sat Apr 28 16:46:04 2007 Info: ICID 8395 ACCEPT SG None match ALL SBRS rfc1918
Sat Apr 28 16:46:04 2007 Info: ICID 8396 ACCEPT SG None match ALL SBRS rfc1918
Sat Apr 28 16:46:04 2007 Info: ICID 8397 ACCEPT SG None match ALL SBRS rfc1918
Sat Apr 28 16:46:05 2007 Info: ICID 8398 ACCEPT SG None match ALL SBRS rfc1918
Sat Apr 28 16:46:06 2007 Info: ICID 8399 ACCEPT SG None match ALL SBRS rfc1918
Sat Apr 28 16:46:08 2007 Info: ICID 8400 ACCEPT SG None match ALL SBRS rfc1918
Sat Apr 28 16:46:10 2007 Info: ICID 8401 ACCEPT SG None match ALL SBRS rfc1918

I'm trying tp upload the screen-shot of the Senderbase Status but its fail.Pls. wait I'll try again.

SmartI_ironport
Level 1
Level 1

Dear JGill,
ScreenShot upload is not working hence sending its in text.
Pls. reply if you get any thing out of this.

O2nPorOO (1 92.1 68.1.35)-Security Services’ Senderflase -Microsoft Internet Explorer ==‘.—
File Edit View Favorites Tools Help P
Back 5earch Favorites e D 0? ti
Address ri-ttps:f/192. 168.1.35$security_services/senderbase Go
Help A
IRONPORT cioo Logged in as: admin on
ironport.glenmarkpharma.com
Change Password I Log Out
Monitor Mail Policies Security Services Network System Administrationi
No changes are pending SenderBase
Commit_Changes...
SenderBase Network Participation ui
Anti-Spam Statistics Sharing
> IronPort Ants-Spam IronPort gathers statistics on email from our customers in order to improve the efficacy of our products and services.
A t-V This data is anonymized and used in aggregate with data from other sources to identify and stop email-based threats.
n I irus By sharing data with us, you can be protected more quickly from new threats such as spam, viruses, and directory
> Sophos harvest attacks targeting your organization.
> McAfee Sharing Setting5j — —
Virus Outbreak Filters Share statistics with SenderBase Information Service: Enabled
SenderBase Edit Global Settings..,
Service Updates
SenderBase Network Status (Time of last upload to Senderoase
Network: Thu Nay
03 13:39:30 2007
1ST)
Type
Status
Last Status
Check
SenderBase Network Server
unknown
(never contacted)
never
SenderBase Reputation Score Service
unknown
(never contacted)
never
Done Internet
&!Ø’ Inb... fl Unti... F Wh.,. r.I_RC raMicr fl3Tra,..1
;1] C:% C:\,..;0]


SmartI


Sat Apr 28 16:46:10 2007 Info: ICID 8401 ACCEPT SG None match ALL SBRS rfc1918


SBRS rfc1918 means that the IP that connected to this appliance to send mail isn't a public server. The C-series won't do an SBRS lookup for an RFC 1918 address because this is an internal IP (ex. 192.168.x.x, 10.x.x.x). You can use the incoming relay feature to work around this and get the appliance to "extract" the actual sending IP from, typically, the Received headers and then it will do an SBRS lookup.

The other solution is to put the IronPort appliance on the edge of your network so that it sees the real mail traffic instead of being filtered through some other device. This is the preferred way to setup your IronPort.

jaigill
Cisco Employee
Cisco Employee

Senderbase Status will only change to UP/DOWN whenl Ironport makes an SBRS query. It will stay 'UNKNOWN' until then.

SmartI_ironport
Level 1
Level 1

:wink: Thanks to all of you for your reply. Finally I got the new public IP and IronPort is on the edge of the network.

SmartI

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: