Solved

Symantec Brightmail Gateway 9.0.2 blocking genuine emails

Posted on 2011-03-08
2
1,690 Views
Last Modified: 2013-12-09
Hi Guys

I have recently installed symantec brightmail gateway at a company however I am finding that it is blocking a number of genuine emails and that I have to examine the quarantine evey morning to ensure all genuine emails are passed through..

Surely this should not be the case?

I have created a email content filter with the following conditions however I do not see any reason why genuiene emails should be kept in in the quarantine based on the conditions below.

Some of these emails are normal conversations etc.

 
If any part of the message contains 1 or more words in dictionary "Profanity"  
 If any part of the message contains 1 or more words in dictionary "Sex. Explicit Words, Confirmed"  
 If any part of the message contains 1 or more words in dictionary "Gambling Keywords, Confirmed"  
 If any part of the message contains 1 or more words in dictionary "Gambling Keywords, Suspect"  
 If any part of the message contains 1 or more words in dictionary "Offensive Language, Explicit"  
 If any part of the message contains 1 or more words in dictionary "Sex. Explicit Words, Possible"  
 If any part of the message contains 1 or more words in dictionary "Sex. Explicit Words, Suspect"  
 If any part of the message contains 1 or more words in dictionary "Sexual"  
 If any part of the message contains 1 or more words in dictionary "Sexual (Ambiguous)"  
 If any part of the message contains 1 or more words in dictionary "Sexual Slang"  
 If any part of the message contains 1 or more words in dictionary "Street Drug Names"  
 If any part of the message contains 1 or more words in dictionary "Violence Keywords"  
 If any part of the message contains 1 or more words in dictionary "Vulnerability Keywords"  
 If any part of the message contains 1 or more words in dictionary "Weapons Keywords"  
 If any part of the message contains 1 or more words in dictionary "Gambling Keywords, Confirmed"  
 If any part of the message contains 1 or more words in dictionary "Gambling Keywords, Suspect"  
 If any part of the message contains 1 or more words in dictionary "Medical Treatment Keywords"  
 If any part of the message contains 1 or more words in dictionary "Disease Names"  
 If any part of the message contains 1 or more words in dictionary "Offensive Language, Explicit"  
 If any part of the message contains 1 or more words in dictionary "Offensive Language, General"  
 If any part of the message contains 1 or more words in dictionary "Violence Keywords"  
 If any part of the message contains 1 or more words in dictionary "Weapons Keywords"  
 If any part of the message contains 1 or more words in dictionary "Medical Treatment Keywords"

Open in new window


0
Comment
Question by:ridha121
2 Comments
 
LVL 27

Accepted Solution

by:
michko earned 500 total points
ID: 35084625
You should take a look at the specific words in the various areas you are blocking.  You are blocking based on 1 single word with a lot of possibilities.  You may need to loosen those restrictions a bit - say to a couple of occurrences rather than 1.  You are blocking a wide range, it is very possible that words are being used that are on your block list, just not in the context that should cause them to be blocked.

For example, you are blocking "violence keywords".  Let's say one of your users sends an email with a sentence like "oh no, that is a bad idea, we need to kill that now before it gains momentum."  Well, that entire email is now blocked based on the one word "kill".

Another example, you are blocking "Offensive Language, General".  What is one of your tech people sends an email stating "you need to put that drive in as a slave to the main hard drive and scan it from there."  That was just blocked based on the legitimate use of the word "slave".

If you are blocking legitimate emails, then you need to determine and look at the specific words that are causing those blocks.  Then determine if/how you want to loosen the controls that are blocking those.  You could edit the dictionary to remove (or even add) words:
http://www.symantec.com/business/support/index?page=content&id=HOWTO15553

Also note that you have some items blocked multiple times, such as "Gambling Keywords, Confirmed" and "Offensive Language, Explicit"

Not sure if you want to block "Medical Treatment Keywords", depends on what business you are in, and whether or not you want to allow emails regarding medical treatment.  If you deny those, you could block your employees from emailing their doctors, or internal emails regarding someone's health, etc.

Filtering is a fine line between blocking the bad and allowing the good.  It will take some tweaking before you get it to a level that is acceptable to both you and your users.

0
 
LVL 3

Author Closing Comment

by:ridha121
ID: 35216496
Was another problem
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Gmail no longer supporting SSL 9 109
Zepto Virus Infection 3 90
experiencing spam after Exchange 2013 migration 11 75
Windows 10, Hotmail and AdChoices 7 12
Hello Friends, My friends and relatives always ask me how to delete all the various types of emails at once in our g-mail  or windows live account.  So I researched this topic to find a unique solution to this query.  Here it is for those who do …
There was an incident about the POP3 issue for the double read receipts and delivery receipts in Exchange 2013.  There was huge research been done and found solution for the duplicate mails. Especially when the user gets  duplicate mails.
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

791 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question