Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 24 replies
  • Subscribers 1 subscriber
  • Views 5821 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Significantly more mails quarantined with 8.200 SMTP proxy

MarCow
I'm using the latest 8.200 soft release as a software appliance install on an ASG 220.  Since the upgrade, I'm seeing 2-3 times more legitimate mail being quarantined compared to 8.103.  As one example, notification emails from nytdirect@nytimes.com were never quarantined by 8.103, but are always quarantined by 8.200.  I didn't see anything in the release notes that suggested a major revamp of the anti-spam SMTP filtering, but maybe I missed something?  I realize I could add all the exceptions into the proxy, but this could be quite time-consuming.  Also, selecting "Release and report as false positive" doesn't appear to allow emails from that same address through next time around, but I could just be misunderstanding the meaning of that option.

Anyone else seeing the same thing?

Best regards,
Martin.


This thread was automatically locked due to age.
Parents
  • 0
    Sorry, Micha, that's not acceptable for my customers.  I always set to reject "Confirmed Spam" at SMTP time, and choose to quarantine "spam" in the 'Spam filter' section.  Or, are you telling me that "Confirmed Spam" has a different meaning in those two different sections in V8.2?

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0
    Sorry, Micha, that's not acceptable for my customers.  I always set to reject "Confirmed Spam" at SMTP time, and choose to quarantine "spam" in the 'Spam filter' section.  Or, are you telling me that "Confirmed Spam" has a different meaning in those two different sections in V8.2?

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
  • 0 in reply to BAlfson
    Hello Bob

    In my eyes the categorization of these mails is absolutely correct. The issue may lay in the way how Astaro implemented Commtouch. If I remember right, Commtouch itself has around 4 or 5 different categorization levels, where "bulk" is only one of them, and Astaro has them grouped into the 2 levels "spam" and "confirmed" spam, which may cause such unwanted behaviour in a few scenarios due granularity of the chooseable handling of these levels.

    Usually if other Antispamoptions as SPF, RDNS/HELO, RBLs etc are active, there are not much "real" spams left for Commtouch engine, and usually only bulk mails as Newsletters catched into quarantine by CT. From this view you also may set the "Reject at SMTP Time" to "Confirmed Spam" and Spam Filter "Spam Action" to "OFF" or "Warn" and "Confirmed Spam Action" to "Quarantine" or "Blackhole" - whatever fit better your needs...With this setting most Newsletters and Bulk Mails should pass ASG without issues [;)]
Cookie Information Banner