cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3483
Views
0
Helpful
12
Replies

Many valid emails in IronPort Spam Quarantine

IIAGDTRnSC
Level 1
Level 1

I suddenly started getting a lot of valid emails in my spam quarantine. I am looking into this, but was wondering if anyone else is suffering from this problem today.

I don't know if the quarantine service is too aggressive or what, I am checking the logs now...

12 Replies 12

IIAGDTRnSC
Level 1
Level 1

It is

interim verdict using engine: CASE spam suspect

Looks bad to me.

- Richard

duxklr_ironport
Level 1
Level 1

We are getting almost every single one of our emails marked as Spam right now. Please call their support and let them know you are having problems also.

I was told this was a top priority. It has been about 30 minutes and I have not heard back from their support department.

They are also asking for messages to be submitted to ham@access.ironport.com. Please help them by submitting examples.

IIAGDTRnSC
Level 1
Level 1

I just got a call from tech support and I'm submitting examples. Sounded like they know there is a problem and are working to resolve it.

Anyone else following this thread please also submit examples.

I rarely had false positives like this from my appliance so it was a bit of a surprise to see so many this afternoon.

IIAGDTRnSC
Level 1
Level 1

Seems to be much better now, just a small mob of angry users with torches outside my door....

shannon.hagan
Level 1
Level 1

Well, they don't like it when they get spam and they don't like it when it gets mismarked - you really can't win :-)

We also had a large increase in suspect spam and spam yesterday.

IIAGDTRnSC
Level 1
Level 1

It's very difficult to convey the message that email is not 100% reliable and that stuff happens. They think every bounce is my problem to fix as well.

I have a friend who works at an ISP and when some of the office staff complain about delays, etc. (believe it or not) he lifts their spam filters for a few days. They are crying for it to be activated in short order. I like that.

On August 7th some users experienced a minor increase in false positives for a brief period of time. This problem has been resolved.

Please contact customer support with any questions

How are you all handling getting the valid emails out of the quarantine and delivered to the users mailbox? Is there a way to have these messages rescanned and routed properly.

IIAGDTRnSC
Level 1
Level 1

How are you all handling getting the valid emails out of the quarantine and delivered to the users mailbox? Is there a way to have these messages rescanned and routed properly.


I think you are having the same problem I had when this first started up.

Go to Mail Policies -> Incoming Mail Policies -> Default Anti-Spam Policy (IronPort Anti-Spam Positive...

Clear any "Send to an Alternate Envelope Recipient (optional):"

fields. Then when you release those quarantine emails they will go to that person. I had my postmaster account set in one of these fields so when the email was released it went to that account, not the user.

Hope this is what you were looking for, if not give some more detail.

- Richard

thanks for your response.
what I really want to do is essentially separate the "good" emails from the spam. I woull like to release them all and have them rescanned and then that would essentialy allow valid emails to be delivered and allow the spam to stay in the qurantiine.
Since the release of the invalid signatures recently, I have users with lots of missing emails, which I suspect are stuck in the qurantine and inadverntly stamped as spam.

The ability to re-process an entire quarantine (or a date selected section) would be handy - ie go thru the entire process again checking for spam and viruses, then if it passes out it goes.

However, I think there would be issues in that IPAS and Brightmail both have limited memory for spam. So you'd get some stuff that was marked spam positive initially, get to the end user if you re-processed say a few weeks later...

ogomes_ironport
Level 1
Level 1

I suddenly started getting a lot of valid emails in my spam quarantine.  I am looking into this, but was wondering if anyone else is suffering from this problem today.  

I don't know if the quarantine service is too aggressive or what, I am checking the logs now...


Just for ocasion, you can verify your policies. Be careful when you block e-mails by subject or body. If you put "." in the queries, all the good messages will be blocked.

Regards,

Olavo

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: