What do you guys have your levels set to? Ours are currently 75/35 (drop/quarantine for the actions), but we've just had to lower it again to 75/30 due to slightly increasing levels of spam getting through. This is getting rather close to the lower limit of 25, so I'm beginning to wonder what happens if we end up at 25 and we still get things through!
We submit everything that comes through to the spam@access... address, but is there anything further we can do? The next thing I can think of is looking at headers and seeing if there's anything there (such as encodings..)
If you are going to use different CASE Policies (with Different Scores) then you have to have multiple Mail Policies each with a different Anti-Spam Setting, and the complex way you would have to put the senders into the different policies (Email Address or LDAP group), is going to put an overhead on the appliances and be a pain to manage.
The best way we have found is to drop the messages from the senders with a low SBRS (Around the -2.5 mark is good). For us that drops about +80% of the message at the Gateway (and saves a hugh amount of overhead on the appliances).
At the other end of the scale we don't apply the CASE engine to the senders with a very good score.
This works very well for us and the 30 Million messages we process in a month. The false positive rate for the messages we drop is about 0.00002%.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...