Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

spam blocker reputation filtering

Dear All,

I've question about reputation filtering in Spam Blocker.

One of our customers has many clients in China, Asia generally. There is a lot of emails that are being blocked from this part of the world, and most of them is SPAM so blocker acts as it should.

Unfortunately some of the domains that should be accepted are treated as SPAM due to reputation filtering.

Is it possible to send emails stopped by reputation filtering to quarantine?

They need to know if SPAM Blocker doesn't block "good" emails.

There are two cases:

1. Customers that they already have, they know their domains, so I suppose they should set such domain not to be blocked by SPAM blocker?

2. Customers that are new, and we can't tell what is domain name of their mail server. This one is more difficult, I think that they would need to send to quarantine all emails that are blocked due to bad reputation, isi it possible?

Best Regards,

Lukasz

Everyone's tags (4)
1 REPLY
New Member

Re: spam blocker reputation filtering

Hi Lukasz,

see some answers to your question:

Is it possible to send emails stopped by reputation filtering to quarantine?

Yes it is...two options you have re to:

a. Add each host/IP/domain address getting blocked to the whitelist sendergroup so that they do not get blocked by reputation filtering, or

b. Check the scores of the domains and consider reducing the aggressive scores used by SenderBase....this only makes sense if they are reasonably bad..if they -6 and lower this is very risky. 

There are two cases:

1. Customers that they already have, they know their domains, so I suppose they should set such domain not to be blocked by SPAM blocker?

Add each host/IP/domain address getting blocked to the whitelist sendergroup so that they do not get blocked by reputation filtering.

2. Customers that are new, and we can't tell what is domain name of their mail server. This one is more difficult, I think that they would need to send to quarantine all emails that are blocked due to bad reputation, isi it possible?

Looking at the logs will tell you the details of the sending host, reputation, sender domain details etc...i'd suggest you look at the mail_log (use the tail CLI command) to see if you can find this information or using the findevent command on the CLI if you are happy to use the CLI of course.

A line form the mail_log file will look like if it's dropped by reputation:

Thu Nov 12 15:27:00 2009 Info: New SMTP ICID 934625523 interface Flirble (10.10.10.10) address 61.101.48.155 reverse dns host unknown verified no

Thu Nov 12 15:27:00 2009 Info: ICID 934625523 REJECT SG BLACKLIST match sbrs[-10.0:-3.0] SBRS -9.2

Thu Nov 12 15:27:00 2009 Info: ICID 934625523 close

Jason

3542
Views
0
Helpful
1
Replies