X-IronPort-Anti-Spam-Result Header

Similar Messages

• Nation members - share your feedback on IronPort Anti-Spam!

  IronPort Anti-Spam customers,
  On a monthly basis, we like to collect information on customer satisfaction levels with IronPort’s spam defenses. If possible, please click on the below link and fill out the brief, IronPort survey.
  Benefits include:
  • All respondents are entered into a raffle to receive $100 in cash
  • This survey shouldn’t take more than 1 minute to fill out.
  • The feedback you provide goes a long way in helping us understand customer needs and concerns.
  Please be sure to complete this brief survey by no later than Thursday, June 7th.
  Please DO NOT complete this survey if you are running Brightmail Anti-Spam.
  Thanks in advance!
  Dave Mayer, IronPort Anti-Spam Product Manager
  https://www.surveymonkey.com/s.aspx?sm=w7b1FUslBFlsAPcaSLPTlw%3d%3d

  Who is Dave Mayer? Is this a real invitation from IronPort?
  Hi Pat,
  Dave M. is a product manager here at IronPort, and yes, the survey is real.
  Thanks!
  Garrett (IronPort Technical Publications)

• Anti-spam / Outbreak scan size

  Hi everybody,
  I'm looking for advice to determine the maximum message size for Anti-spam and Outbreak scan.
  I am currently using a scan size of 1M for Anti-spam and I will add Outbreak filter (more and more spam exceed my spam limit).
  My equipment is an ESA C370 with AsyncOS 8.0.1.
  I found in the documentation the following lines :
  Always scan messages smaller than—The recommended value is 512 Kb or less [...] Cisco advises not to exceed 3 MB for the always scan message size.
  Never scan messages larger than—The recommended value is 1024 Kb or less. [...] Cisco advises not to exceed 10 MB for the never scan message size.
  For messages larger than the always scan size or smaller than the never scan size, a limited and faster scan is performed.
  I didn't find any sentence about recommanded scan size for Outbreak...
  Thank you for your help.
  Best regards

  This is a little older information - but, still would hold true --->
  Currently, on the E-mail Security Appliance, the maximum scan size for IPAS is limited to 128K by default (the original default was 256K so many older appliance might have this set as the limit).  Messages larger than this limit are not scanned by IPAS.  Recently, Cisco IronPort did some extensive performance and efficacy testing on an average message load to determine the impact of increase scanning size on the E-mail Security Appliance.
  The tests show that when raising the maximum scan size for IPAS the increase in efficacy is significant: a 256K maximum scan size yields a 24% decrease in missed spam, and a 512K maximum scan size yields a decrease of 35% in missed spam.  However, there is a potential performance impact of 24% when going from a maximum scan size of 128K to 512K (depending on the type of hardware platform).  The impact of going from a maximum scan size of 128K to 256K is 12%.  See summary below:
               128K -> 256K scan size limit:
                       12% possible performance reduction, 24% reduction in missed spam
               128K -> 512K scan size limit:
                       24% possible performance reduction, 35% reduction in missed spam
  Below table show the performance results of a medium mailbox with a 50:50 ratio of spam and ham. MPS is messages per second.
  128K (Baseline)
  MPS
  256K/
  MPS
  % diff with baseline
  512K/ MPS
  % diff with baseline
  768K/ MPS
  % diff with baseline
  1M/ MPS
  % diff with baseline
  C100
  3.45
  3.1
  10.14%
  2.93
  15.07%
  2.82
  18.26%
  2.75
  20.29%
  C150
  5.25
  4.72
  10.10%
  4.4
  16.19%
  4.4
  16.19%
  4.27
  18.67%
  C160
  12.5
  11.1
  11.20%
  10.4
  16.80%
  9.99
  20.08%
  9.79
  21.68%
  C300
  4.42
  4.08
  7.69%
  3.87
  12.44%
  3.74
  15.38%
  3.67
  16.97%
  C350
  11.8
  10.5
  11.02%
  9.94
  15.76%
  9.55
  19.07%
  9.39
  20.42%
  C360
  30
  27
  10.00%
  25
  16.67%
  24
  20.00%
  24
  20.00%
  C370
  29
  26
  10.34%
  23
  20.69%
  22
  24.14%
  22
  24.14%
  C600
  8.8
  7.86
  10.68%
  7.46
  15.23%
  7.17
  18.52%
  7.06
  19.77%
  C650
  25
  22
  12.00%
  20
  20.00%
  19
  24.00%
  19
  24.00%
  C660
  43
  38
  11.63%
  35
  18.60%
  33
  23.26%
  33
  23.26%
  X1000
  11.3
  10.1
  10.62%
  9.61
  14.96%
  9.27
  17.96%
  9.12
  19.29%
  X1050
  45
  40
  11.11%
  37
  17.78%
  35
  22.22%
  35
  22.22%
  X1060
  51
  45
  11.76%
  41
  19.61%
  40
  21.57%
  39
  23.53%
  X1070
  59
  52
  11.86%
  48
  18.64%
  46
  22.03%
  45
  23.73%
  Recommendation and Performance measure:
  The Cisco IronPort Security Applications Group recommends that all customers review their current stability and performance (see below for some tips on how to measure this) to determine if they can safely raise the maximum scan size for messages sent to IPAS (IronPort Anti-Spam Engine).  It is also recommend that you take a phased approach to the increase.  If maximum scan size for IPAS on your E-mail Security Appliance is currently set to 128K (131072), then first raise the maximum scan size to 256K (262144) and re-evaluate your stability and performance.  If everything is stable then increase the scan size limit to 512K (524288).
  Performance of an E-mail Security Appliance depends on the set of features enabled on the appliance such as anti-spam, anti-virus, message filters and content filters along with the load of the appliance based on the no. of msgs/sec scanned and maximum size of a message allowed.
  The most effective way to monitor system capacity is to track overall volume, messages in the work queue and incidents of Resource Conservation Mode. The System Capacity page under Monitor > System Capacity provides a detailed representation of the system load, including messages in the work queue, average time spent in the work queue, incoming and outgoing messages (volume, size, and number), overall CPU usage, CPU usage by function, and memory page swapping information.
  The System Capacity - system load report shows the overall CPU usage on your IronPort appliance. AsyncOS is optimized to use idle CPU resources to improve message throughput. High CPU usage may not indicate a system capacity problem. If the high CPU usage is coupled with consistent, high-volume memory page swapping, you may have a capacity problem.
  This page also shows a graph that displays the amount of CPU used by different functions, including mail processing, spam and virus engines, reporting, and quarantines. The CPU-by-function graph is a good indicator of which areas of the product use the most resources on your system. If you need to optimize your appliance, this graph can help you determine which functions may need to be tuned or disabled. The memory page swapping graph shows how frequently the system must page to disk.
  If stability and performance does drop below acceptable limits, you might try a smaller increase.  Any amount greater than the current setting will help efficacy and reduce missed spam.  For instance, if 512K proves to be too much of a burden on your E-mail Security Appliance you might try a value of 384K (393216).
  Hope this helps!
  -Robert
  (*If you have received the answer to your original question, and found this helpful/correct - please mark the question as answered, and be sure to leave a rating to reflect!)

• C160 anti-spam service paused?

    I received an alert from our C160 and logged in to find this message in the Status:
  System Status:
  Paused on services: antispam
     I checked the Service under Security Services > Ironport Anti-spam and it's checked as enabled. What would cause this and how to I "un-pause" it?

  I would recommend asking this question in the Email security section as it deals with an email security appliance.
  Christian Rahl
  Customer Support Engineer
  Cisco Web Content Security Appliance
  Cisco Technical Assistance Center RTP

• Can't set internal SMTP servers, breaking anti-spam

  Hi, in our on-premise Exchange there is a PowerShell setting,
  Set-TransportConfig -InternalSMTPServers , which is used to inform Forefront Protection for Exchange ("FPE") of any non-Exchange SMTP servers that might be handling messages before they arrive at Exchange. This setting is necessary to ensure
  that the anti-spam functionality of FPE can properly look back through the message header and determine which internet host actually delivered the message, and determine if that host is on a blacklist, or whatnot.
  In Exchange Online Protection, though, it seems that there is no argument under Set-TransportConfig to establish such settings. I *can* see the setting under Get-TransportConfig, but I can't set it.
  This is a problem for us because we route mail internally first via on-premise, non-Exchange mail gateways before the messages are routed to Exchange Online. Exchange online always believes that our internal mail gateways are the originating server, when
  in fact, it's one hop back. The result is that Exchange Online's anti-spam functionality is not working correctly.
  How can I address this issue? I can't really re-route my MX record directly to the cloud yet.

  Hi Jouni, thanks for your response.
  Turns out that the Citrix Access Gateway wasn't set up until yesterday evening and by then I had stopped trying for the day. It is now set up and external access is available.
  Further to this, my colleague forgot to inform me of the change of I.P. address of the Exchange server. This meant that Webmail requests were pointing to an I.P. address that didn't exist.
  I have reconfigured the firewall this morning and external access for Webmail is also working correctly.

• Help with creating anti-spam on site

  I could do with a bit of help
  I'm trying to create a honeypot anti-spam form for a friend's website, but I can't get it to work.
  I've put in a regular and time honeypot
  On the form page
  <p class="end-para">Simply fill in the form below, including all the required details and a member of our friendly and experienced customer service team will be happy to call you back at your chosen time.</p>
  <form method="post" action="callback.php">
  <fieldset class="site-forms">
  <p><label class="contact-fields" for="name">Your Name:</label>
  <input type="text" class="login" name="name" id="name"/></p>
                      <li class="robotic" id="pot">
    <label for="robotest">If you're human leave this blank:</label>
    <input name="robotest" id="robotest" class="robotest" type="text" />
  </li>
  <p><label class="contact-fields" for="email">Email Address:</label>
  <input type="text" class="login" name="email" id="email"/></p>
  <p><label class="contact-fields" for="telephone">Telephone:</label>
  <input type="text" class="login" name="telephone" id="telephone"/></p>
              <p> <input type="hidden" name="loadtime" value="time();" /></p>
          <p>
  </fieldset>
  <fieldset class="site-forms">
  <p><label class="contact-fields" for="time">When do you want us to call?</label></p>
  <input type="radio" name="best_time" value="Call me in the daytime (9am - 5pm)"> Call me in the daytime (9am - 5pm)<br>
  <input type="radio" name="best_time" value="Call me in the evening (5pm - 9pm)" checked> Call me in the evening (5pm - 9pm)<br>
  <input type="radio" name="best_time" value="Call anytime"> Call me anytime<br>
  <input type="radio" name="best_time" value="I would prefer to be emailed"> I would prefer to be emailed<br>
  <p class="form-notes"><small><strong>Note:</strong> We will endeavour to call you at the time you selected and within 1 business day.</small></p>
  And on the next page
  <?php
    $name = $_REQUEST['name'] ;
    $robotest = $_POST['robotest'];
    $email = $_REQUEST['email'] ;
    $telephone = $_REQUEST['telephone'] ;
    $loadtime = $_POST['loadtime'];
    $best_time = $_REQUEST['best_time'] ;
  if($_POST){
    $robotest = $_POST['robotest'];
    if($robotest)
    $error = "Sayonara Mr Roboto.";
    else{
    $success = "Your message was sent!";
    if($success)
    echo '<div class="msg success">'.$success.'</div>';
    $loadtime = $_POST['loadtime'];
  $totaltime = time() - $loadtime;
  if($totaltime < 5)
     echo("You took less than 5 seconds to complete the form, blah blah blah");
     exit;
    if (!isset($_REQUEST['email'])) {
      header( "Location: http://www.windowfixuk.co.uk" );
    elseif (empty($email) || empty($telephone)) {
  Can anyone suggest what is incorrect or ways to improve the set up?
  Thanks

  Dowifi wrote:
  Not sure how to submit as a robot to be honest.
  It just doesn't appear to be working though. Spam still gets through
  Test by changing your 'hidden' form field to be viewable as a 'text' input field:
  <input type="text" name="loadtime" value="time();" />
  If you type something in the field and the information is sent to your email address then it's NOT working.
  As mentioned in my previous post I would just be using the code below to check to see if the form field is empty or not:
  if(!empty ($_POST['loadtime'])) {
  exit;

• HT203200 Have deleted temp video, configured anti spam and firewall, and one specific video keeps giving me an error. Just tried downloading a previous episode of the show and it worked just fine. Always sunny in philly "Charlie rules the world" anyone el

  Have deleted temp video, configured anti spam and firewall, and one specific video keeps giving me an error. Just tried downloading a previous episode of the show and it worked just fine. Always sunny in philly "Charlie rules the world" anyone else??

  Have deleted temp video, configured anti spam and firewall, and one specific video keeps giving me an error. Just tried downloading a previous episode of the show and it worked just fine. Always sunny in philly "Charlie rules the world" anyone else??

• Selection boxes in Barracuda Anti Spam and Virus Firewall do not appear in 7.0. They appeared in previous versions, and in IE.

  Selection boxes in Barracuda Anti Spam and Virus Firewall do not appear in 7.0. They appeared in previous versions, and in IE.

  FIXED!
  I reverted back to 3.6.23 and all works fine. From everything I can tell; number of problems submitted, breadth of issues, no access to versions 4, 5, 6 (rapid version turnover with no support), and now beta being released for 8, it seems FF is having the user base do all it's alpha/beta testing without consent. Being in product marketing myself, I probably would have lost a significant percentage of my customer base by now. When FF begins to support a new mainstream release, then I'll be interested again.

• When entering the digits from an Anti Spam Image they are not accepted by the host web site why

  In e-bay when required to enter the digits from an anti spam image, ebay rejects the entered digets.
  This only occurs when using Firefox, Internet explorer works fine.
  Any body know why?

  hi john, you probably have to go trough your list of addons once (in the firefox ''menu ≡ > addons > extensions'') and disable them one by one to find out which in particular might be causing the problem.

• Is there anti-spam software for Ipad2?

  I have anti-spam software on my laptop and desk top.  But, seemingly, there is no anti-spam software for my iPad and/or iPhone.
  Or is there?

  You don't need such software, thus none is available.

• How to configure anti-spam in hub transport

  i have run the powershell commands to enable anti-spam on my hub transport. i do not have an edge transport.. are there any specific commands or configs i need to make other than enabling anti-spam? Im getting spam inside my organization from ip's that are
  blacklisted on the internet, so that leads me to believe anti-spam is not working..
  any assistance appreciated!

  The anti-spam features that are enabled on hub transports are very basic.:
  http://technet.microsoft.com/en-us/library/bb201691(v=exchg.141).aspx
  You should use 3rd party or a cloud provider for "real" anti-spam functionality.
  Twitter!: Please Note: My Posts are provided “AS IS” without warranty of any kind, either expressed or implied.

• Anti malware / anti spam / virus protection

  Greetings,
  With the introduce of Exchange Server 2013 along with its architecture, Microsoft has moved Transport services / roles to Mailbox Server Role. well, when it comes to anti malware / anti spam and viruses , Microsoft recommends deploying them on Mailbox Server
  role, while on CAS, not necessarily be deployed as long as messages are not inspected on CAS Servers.
  While some articles say the opposite, and mention configuration of Anti malware ,etc.. on CAS Servers.
  What is the best practice for deploying anti malware / spam / virus  Software on CAS, and what is the best recommended software for messaging and OS level protection, say Symantec for example.
  Thanking you
  Jamil

  Hi,
  Based on my knowledge, in Exchange 2013, the CAS server acts as a stateless proxy for all inbound and outbound external SMTP traffic, it does not inspect message content and does not queue any messages locally. Moreover, as you know, in Exchange 2013, 
  the Transport service, which runs on all Mailbox servers, is almost identical to the Hub Transport server role in previous versions of Exchange.
  Thus, anti-spam agents in Exchange 2013 run on Mailbox servers. And here is a reference about enabling Anti-Spam on Mailbox Servers:
  http://technet.microsoft.com/en-us/library/bb201691(v=exchg.150).aspx
  Thanks,
  Angela Shi
  TechNet Community Support

• Actually I have a problem is this when i submit my articles on Website the error is showin ANTI SPAM USER ID or 2nd one is this IMAGE CODE not showing Please please help me

  IMAGE CODE NOT SHOWING AND WHEN I POST ARTICLES ON WEBSITE SO THE ERROR WAS SHOWS ( ANTI SPAM USER ID ) EVEN I HAVE ALREADY LOGIN THAT WEBSITE ....
  KINDLY TELL ME ABOUT THIS PROBLEM
  == This happened ==
  Every time Firefox opened
  == Everytime when i visit websites

  Start Firefox in [[Safe Mode]] to check if one of your add-ons is causing your problem (switch to the DEFAULT theme: Tools > Add-ons > Themes).
  See [[Troubleshooting extensions and themes]] and [[Troubleshooting plugins]]
  See also [[Images or animations do not show]] and http://kb.mozillazine.org/Images_or_animations_do_not_load

• Send connector - e-mails from two domains to distinct anti-spam IPs

  I have an Exchange enviroment that has two domains. I want that e-mails sent from a domain do the relay to an anti-spam, and e-mails sent from another domain do the relay to another anti-spam.
  Example:
  I need to config send connector to send the e-mails from "test1.com" to IP 10.160.190.66 and from "test2.com" to IP 10.160.190.69
  How do I do?
  I need this because each domain uses distincts anti-spam
  Tks.

  Hi,
  Before going on, I would like to confirm the following information.
  What's the version of the Exchange?
  Whether the two domains have their own Exchange or share one Exchange?
  Thanks
  Allen

• Anti spam codes for website forms are not being accepted on my imac or iPad

  anti spam codes for website forms are not being accepted on my imac or iPad

  In Safari go to preferences click on privacy and on Block Cookies tick the never box