Log Reputation Filtering

Unanswered Question
Jun 27th, 2009

Hi,

I was wondering if it is possible to see what wil blocked by reputation filtering a customer of us. They have for there businness exactly know wiches messages are blocked or is it possible to set off reputation filtering?

Regards,

Martijn

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
lean Tue, 06/30/2009 - 00:16

Hi,

have you checked the "Incoming Mail" and " Delivery Status" report under "Monitoring" ?

Regards,

An

screenshot.JPG

jsteer Tue, 06/30/2009 - 03:13

Hi,

one suggestion - this is possible to show what it could have stopped - with some minor changes to the configuration of the policy.

Many customers are concerned at the start of testing about what could be blocked - without wanting to stop any mail in case of false positives. It is possible to not reject mail stopped by SenderBase and accept it instead at the start of testing and quarantine all messages that would be rejected otherwise.

To change this you will need to modify the mail flow policy for the 'Blacklist' Sender Group on Blocked. Best way to do this is to modify the mailflow policy for 'Blocked' and change the Connection behviour action from 'reject' to 'accept'.


Beware: All mail that has a bad reputation will now no longer be rejected once this configuration is committed.

You can then write a message filter to quarantine all messages that fall into the sendergroup 'Blacklist' and quarantine these before they get virus & spam scanned and saves on performance of the blocker.

The filter looks like:

senderGroupFilter:
if (sendergroup == "Blacklist")
{
quarantine("policy");
}

.

To add a message filter login to the Command line (checking that the SSH port has been enabled (network->Ip interfaces) and type the command 'filter'.

Ironport.demo.com> filters

Choose the operation you want to perform:
- NEW - Create a new filter.
- DELETE - Remove a filter.
- IMPORT - Import a filter script from a file.
- EXPORT - Export filters to a file
- MOVE - Move a filter to a different position.
- SET - Set a filter attribute.
- LIST - List the filters.
- DETAIL - Get detailed information on the filters.
- LOGCONFIG - Configure log subscriptions used by filters.
- ROLLOVERNOW - Roll over a filter log file.
- CLUSTERSET - Set how filters are configured in a cluster.
- CLUSTERSHOW - Display how filters are configured in a cluster.
[]> new

Enter filter script.  Enter '.' on its own line to end.
senderGroupFilter:
if (sendergroup == "Blacklist")
{
quarantine("policy");
}
.
Filter senderGroupFilter has been marked invalid for these reasons:
        Quarantine 'policy' unknown
1 filters added.

Choose the operation you want to perform:
- NEW - Create a new filter.
- DELETE - Remove a filter.
- IMPORT - Import a filter script from a file.
- EXPORT - Export filters to a file
- MOVE - Move a filter to a different position.
- SET - Set a filter attribute.
- LIST - List the filters.
- DETAIL - Get detailed information on the filters.
- LOGCONFIG - Configure log subscriptions used by filters.
- ROLLOVERNOW - Roll over a filter log file.
- CLUSTERSET - Set how filters are configured in a cluster.
- CLUSTERSHOW - Display how filters are configured in a cluster.
[]>

Finally - hit return, then commit this (using the commit command) and now all mail senders with a bad reputation will be quarantined. Once the customer is happy with senderbase working you could turn this filter off again.

Jason

Actions

This Discussion