Cisco Cisco Email Security Appliance X1050 Troubleshooting Guide
Spam Gets by the Cisco Email Security Appliance
(ESA) into Your Organization
(ESA) into Your Organization
Document ID: 118567
Contributed by Don Glynn and Stephan Bayer, Cisco TAC Engineers.
Oct 14, 2014
Contents
Introduction
Methods
1. Legitimate Message / Marketing Mail
2. The Anti−Spam Is Not Being Updated Correctly
3. Mail Policy or Message Filter
4. Mail Flow Policy
5. Message is Spam
Methods
1. Legitimate Message / Marketing Mail
2. The Anti−Spam Is Not Being Updated Correctly
3. Mail Policy or Message Filter
4. Mail Flow Policy
5. Message is Spam
Introduction
This document describes five methods that spam emails can enter your organization.
Methods
1. Legitimate Message / Marketing Mail
The legitimate message has been opted in by the user or their name has been sold to another organization. In
the first case the user will need to take steps to unsubscribe from the list. If it's the latter, submit the message
again to spam@access.ironport.com so antispam definitions can be updated globally, improving the overall
spam capture rate of your ESA. Enabling Marketing mail at the Incoming mail policy may help change the
perception of this message being "Marketing" over "Spam".
the first case the user will need to take steps to unsubscribe from the list. If it's the latter, submit the message
again to spam@access.ironport.com so antispam definitions can be updated globally, improving the overall
spam capture rate of your ESA. Enabling Marketing mail at the Incoming mail policy may help change the
perception of this message being "Marketing" over "Spam".
2. The Anti−Spam Is Not Being Updated Correctly
Anti−Spam is disabled or the Feature Key has expired. To check and see if Anti−Spam is updating, go to GUI
> Security Services > IronPort Anti−Spam. Within this panel you should see updates to the rules sets or
engine within the last 6 hours. Also from within this tab at the top you can ensure that the Anti−Spam service
is enabled. For review of the Feature Key status you can go to the System Administration tab > Feature Key to
check on the status of the Anti−Spam key.
> Security Services > IronPort Anti−Spam. Within this panel you should see updates to the rules sets or
engine within the last 6 hours. Also from within this tab at the top you can ensure that the Anti−Spam service
is enabled. For review of the Feature Key status you can go to the System Administration tab > Feature Key to
check on the status of the Anti−Spam key.
3. Mail Policy or Message Filter
Spam can get into your organization if Anti−Spam security engine is disabled for a specific sender or
recipient per a customer Mail Policy. Another way to skip spam filtering is via message filters (CLI: filters
command).
recipient per a customer Mail Policy. Another way to skip spam filtering is via message filters (CLI: filters
command).