Move from EMSX 4.5 to 6.X Increased spam?

[jdashn 12]

A little while ago we moved from EMSX 4.5 to the latest version, because of the pending (already happened?) anti-spam support ending. When we moved to the latest version we noticed most settings were different, and there were FAR FAR fewer options - though we figured that they went away because they did little, or they were turned on by default... or some such... Assuming protection would be stronger with a more recent version.

 

This seems to not be the case, we have been getting very consistent reporting from users stating that they are getting e-mails into their inbox that used to go to spam, enough reports that it cannot be a coincidence (additionally these staff reporting were not aware a change took place, so they weren't looking for problems).

I'm wondering what we could do to get back the protection it seems we have lost with the upgrade? Are there settings I may be missing?

 

Any assistance would be appreciated in this matter!

 

Thanks

 

Jdashn

 

[foneil 342]

Depending on how you migrated to EMSX 6.5, you may have to recreate some configurations manually (user-defined rules, whitelists, blacklists, etc.). 

https://help.eset.com/emsx/6.5/en-US/idh_config_mailserver_rules.htm

[Marcos 5,072]

I'd suggest temporarily enabling diagnostic mail server logging and receive an unrecognized spam. Then disable logging, collect logs with ELC and supply them to Customer care along with the unrecognized spam saved as an eml or msg file. I assume that in this instance Hub transport role is installed since antispam is not available in Mailbox role at all.

[filips 44]

Hi,

antispam in EMSX v6 requires different firewall settings than v4, You should check those as well: https://support.eset.com/kb332/#antispam

[jdashn 12]

@foneil we moved from 4.5 to 6.x so we had to uninstall then re-install so i had to re-place settings manually (which is also how i realized there are many missing features between the two) i replicated as many of the settings as i could.

 

@filips Thanks! i've got our firewall guys looking into if any of that is currently being blocked.

 

@Marcos Yes a hub transport role, if i enable these logs and send over, what information will it capture (we deal with a lot of PHI... will i have to sanitize?)?

 

This is starting to become a big deal as the CIO has noticed a significant increase in spam, and some of it is certainly malicious (phishing attempts, etc). Is there a standard set of settings i should be looking to make sure i've got setup?

 

Thanks to all three of you for your help with this issue so far!

 

Jdashn

Edited April 12, 2018 by jdashn

[Marcos 5,072]

As for what is being logged, you can check the mail server protection logs and review the records. Regarding ELC logs, you can decide what exactly will be submitted. If you think that some non-ESET logs are not suitable for providing them to us, it should be basically ok if you don't select them to be collected.

[jdashn 12]

Thanks @Marcos There are several legal requirements we've got to consider when sending logs externally, especially if they could potentially contain PHI (which could include email subject lines, body), just was hoping you'd be able to tell me that the logs wouldn't include this sort of information, but i'm guessing by your answer it does?