jdashn

Move from EMSX 4.5 to 6.X Increased spam?

Recommended Posts

A little while ago we moved from EMSX 4.5 to the latest version, because of the pending (already happened?) anti-spam support ending. When we moved to the latest version we noticed most settings were different, and there were FAR FAR fewer options - though we figured that they went away because they did little, or they were turned on by default... or some such... Assuming protection would be stronger with a more recent version.

 

This seems to not be the case, we have been getting very consistent reporting from users stating that they are getting e-mails into their inbox that used to go to spam, enough reports that it cannot be a coincidence (additionally these staff reporting were not aware a change took place, so they weren't looking for problems).

I'm wondering what we could do to get back the protection it seems we have lost with the upgrade? Are there settings I may be missing?

 

Any assistance would be appreciated in this matter!

 

Thanks

 

Jdashn

 

Share this post


Link to post
Share on other sites

I'd suggest temporarily enabling diagnostic mail server logging and receive an unrecognized spam. Then disable logging, collect logs with ELC and supply them to Customer care along with the unrecognized spam saved as an eml or msg file. I assume that in this instance Hub transport role is installed since antispam is not available in Mailbox role at all.

image.png

Share this post


Link to post
Share on other sites
Posted (edited)

@foneil we moved from 4.5 to 6.x so we had to uninstall then re-install so i had to re-place settings manually (which is also how i realized there are many missing features between the two) i replicated as many of the settings as i could.

 

@filips Thanks! i've got our firewall guys looking into if any of that is currently being blocked.

 

@Marcos Yes a hub transport role, if i enable these logs and send over, what information will it capture (we deal with a lot of PHI... will i have to sanitize?)?

 

This is starting to become a big deal as the CIO has noticed a significant increase in spam, and some of it is certainly malicious (phishing attempts, etc). Is there a standard set of settings i should be looking to make sure i've got setup?

 

Thanks to all three of you for your help with this issue so far!

 

Jdashn

Edited by jdashn

Share this post


Link to post
Share on other sites

As for what is being logged, you can check the mail server protection logs and review the records. Regarding ELC logs, you can decide what exactly will be submitted. If you think that some non-ESET logs are not suitable for providing them to us, it should be basically ok if you don't select them to be collected.

Share this post


Link to post
Share on other sites

Thanks @Marcos There are several legal requirements we've got to consider when sending logs externally, especially if they could potentially contain PHI (which could include email subject lines, body), just was hoping you'd be able to tell me that the logs wouldn't include this sort of information, but i'm guessing by your answer it does?

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now


  • Recently Browsing   0 members

    No registered users viewing this page.