BSD
Случайный прохожий
Доброго времени суток! Коллеги, подскажите как настроить исключение для зашифрованных файлов при проверке в антиспаме ?
Почта приходит через cisco ironport. В журнале вот такое.
Почта приходит через cisco ironport. В журнале вот такое.
Мне надо как то сделать что б зашифрованная почта не попадала в карантин никогда..30 Dec 2019 09:39:57 (GMT +03:00) Protocol SMTP interface DMZ (IP 172.20.1.8) on incoming connection (ICID 2084027) from sender IP EXTERNAL_IP Reverse DNS host mail1.sender.ru verified yes.
30 Dec 2019 09:39:57 (GMT +03:00) (ICID 2084027) ACCEPT sender group UNKNOWNLIST match sbrs[-1.0:10.0] SBRS 0.9 country Russian Federation
30 Dec 2019 09:39:58 (GMT +03:00) Start message 523675 on incoming connection (ICID 2084027).
30 Dec 2019 09:39:58 (GMT +03:00) Message 523675 enqueued on incoming connection (ICID 2084027) from sender@sender.
30 Dec 2019 09:39:58 (GMT +03:00) Message 523675 on incoming connection (ICID 2084027) added recipient (recepient@recepient.ru).
30 Dec 2019 09:39:58 (GMT +03:00) Message 523675 contains message ID header '<B30B7585826145AA909769BED10D7C40@sender>'.
30 Dec 2019 09:39:58 (GMT +03:00) Message 523675 original subject on injection: SUBJECT - 20191231
30 Dec 2019 09:39:58 (GMT +03:00) Message 523675 (18990 bytes) from sender@sender.ru ready.
30 Dec 2019 09:39:58 (GMT +03:00) Message 523675 matched per-recipient policy BLACKLIST for inbound mail policies.
30 Dec 2019 09:40:00 (GMT +03:00) Message 523675 scanned by Anti-Spam engine: CASE. Interim verdict: Suspect
30 Dec 2019 09:40:00 (GMT +03:00) Message 523675 scanned by Anti-Spam engine: CASE. Final verdict: Suspect
30 Dec 2019 09:40:00 (GMT +03:00) Message 523675 scanned by Anti-Virus engine Sophos. Interim verdict: ENCRYPTED
30 Dec 2019 09:40:00 (GMT +03:00) Message 523675 scanned by Anti-Virus engine. Found encrypted
30 Dec 2019 09:40:00 (GMT +03:00) Message 523675 contains attachment '20191231.rar'.
30 Dec 2019 09:40:00 (GMT +03:00) Message 523675 scanned by Outbreak Filters. Verdict: Negative
30 Dec 2019 09:40:00 (GMT +03:00) Message 523675 queued for delivery.
30 Dec 2019 09:40:03 (GMT +03:00) Remote procedure call connection (RCID 228029) started for message 523675 to local Spam Quarantine.
30 Dec 2019 09:40:03 (GMT +03:00) Message 523675 quarantined in Spam Quarantine.
30 Dec 2019 10:55:37 (GMT +03:00) Start Message 524476 ICID 0 release from Spam Quarantine
30 Dec 2019 10:55:37 (GMT +03:00) Message 523675 reinjected as message 524476 to Spam Quarantine.
30 Dec 2019 10:55:37 (GMT +03:00) Message 524476 enqueued on incoming connection (ICID 0) from sender@sender.ru.
30 Dec 2019 10:55:37 (GMT +03:00) Message 524476 on incoming connection (ICID 0) added recipient (recepient@recepient.ru).
30 Dec 2019 10:55:37 (GMT +03:00) Message 524476 original subject on injection: '[WARNING: MESSAGE ENCRYPTED][SUSPECTED SPAM] \\xd0\\x92\\xd0\\xa1\\xd0\\x9c\\xd0\\x9d \\xd0\\xa0\\xd0\\xad\\xd0\\xa0 - 20191231'
30 Dec 2019 10:55:37 (GMT +03:00) Message 524476 (20106 bytes) from sender@sender.ru ready.
30 Dec 2019 10:55:37 (GMT +03:00) Message 524476 queued for delivery.
30 Dec 2019 10:55:37 (GMT +03:00) SMTP delivery connection (DCID 240484) opened from Cisco IronPort interface 172.30.0.8 to IP address 172.30.0.55 on port 25.
30 Dec 2019 10:55:37 (GMT +03:00) (DCID 240484) Delivery started for message 524476 to recepient@recepient.ru.
30 Dec 2019 10:55:37 (GMT +03:00) (DCID 240484) Delivery details: Message 524476 sent to recepient@recepient.ru
30 Dec 2019 10:55:37 (GMT +03:00) Message 524476 to recepient@recepient.ru received remote SMTP response 'Message accepted for delivery'.