Is it possible to scan the body of a message and create an alert when it finds poor grammar?
Scammers from a country know for the scheme can setup an AOL, Yahoo or other free account that would come from a 'trusted' mail server. However if you look at the text of the message it can be poorly written with certain words be captilized in the middle of a sentenace. I had this happen and a user thought it was out of the ordinary and come to find out it was a phising message. Short of relying on human training it would be beneficial if you could scan the body for errors and create an alert for closer inspection.
there is no such functionality available in AsyncOS, however the task you are describing is something the Antispam engine takes care of. While it also does not have a "good/bad grammar" feature as well, it knows a lot more patterns related to poor written spam. I suggest that you activate to quarantine messages flagged as suspected spam. Depending on the review, the spam quarantine will update the spam corpus if a message is released as false positive, which, in return, improves the antispam database. So some sort of training as you pointed out.
Thanks. I will give that a try but would this catch anything from an address that is on a whitelist? If someone was able to hack into a users mailbox and send us a malicious message would it not bypass the suspected spam filter?
indeed the Whitelist does not have span scanning enabled by default (can be changed in the mail flow policies), however in the scenario you decribe you would receive all kind of spam through that account, not only those with bad grammar. That's why it's called a whitelist, which should be used only for hosts you trust not to send spam. Malicous messages are still get blocked though, as antivirus is activated in all sendergroups by default.
Also note, sendergroups are only matching hosts or IPs, not individial sender addresses.
This would be very very overheading performance of the Ironport or (if in case at the...) Server level. On other way, ther is no features from the Ironport however you may found that features on the 3rd party application like SMSME (i believe) then enable and create a reg-exp body policy to scan each and every email coming in and out. But, pretty sure this would be a very overheading on the performance of the Host.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...