I've been noticing a large number of messages with no message content. The full headers are intact, but there's nothing beyond them.
This seems like an inefficient way of directory harvesting, if that's what's going on. Whatever the cause, it's rather annoying. Brightmail doesn't catch the messages (presumably because it doesn't have anything to work with) and the source IP addresses don't have a low enough SenderBase score to trigger anything here.
What I'm wondering is: does anyone know of a way (message filters, etc.) of dropping messages that have no content other than headers? I can't figure out a way of determining how many non-header lines are in a message, and can't find any other adjustments in our C10 which would prevent blank messages from coming in.
We run all the "clean" mail from our IronPort through Spamassassin (and ClamAV) and it catches those as well as the GIF STOX SPAM and Phishing emails that blow right by BrightMail. I would say that a full 1/4th of the email that makes it past BrightMail is correctly identified as spam by SA; very little spam makes it to our end users.
We've cut down considerably on false positives too, by automating the harvesting of addresses in our user's address books and adding them to our SA whitelists. This allows us to crank the threshold down tighter and still get legit mail through.
In this day and age, I don't think a single-source solution is going to be effective against the spam onslaught. I believe in a staged attack and it's been working for us.
I'll say one thing about IronPort: SenderBase is a godsend! We'd need to quadruple the horsepower of our scanners to handle the load if all that crap came through!
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...