This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Scan external Mails with SMG

Hello all,

we are new th SMG and are trying to make it scan all our mail traffic. But we are experiencing problems with mails that are not scanned at all.

We want to scan mails from foreign domains that are not incoming mails. The SMG says they are external. These mails don´t come from our domains and don´t go to our domains. We have not found a way that these mails are beeing filtered by any filter policy.

How can we scan these mails?

Thank you,
Aspi

Tags:

  • 0  

    What are these foreign mails? Outgoing? Is SMG used as relay?

    We need a little bit more details ...


    Use "Verified Answers" if your problem/issue has been solved!

  • 0 in reply to   

    Yes these mails are technically outgoing and they are being relayed through the SMG. How can we make a filter that scans all mail coming through SMG for SPAM, no matter where it is from or where it goes?

  • 0   in reply to 

    Create a new policy for outbound mails.


    Use "Verified Answers" if your problem/issue has been solved!

  • 0 in reply to   

    We have this already. We have 3 filter policies now.

    1. For inbound mail that handles inbound and internal mail
    2. For outbound mail that handles outbound and internal mail
    3. For all the mails that are not handled by the first two rules the policy we tried looks like this:

    But the mails that I´m talking about are not scanned by any of the 3 policies. The SMG says they are "external" in the logs. They are not from our domains and they are going out to the internet. They don´t show up in the Message tracker and they are not beeing scanned for Spam. I can use a spam test text that should be blocked and put in quarantine by all of the rules and the mail will go through and is not blocked. So none of the rules is responsible for these external mails.

    Is there a rule that will just scan everything that comes through, no matter what the origin is and no matter who the recipient is?

  • 0   in reply to 

    If I see the screenshot above - try to use outbound (scan direction).

    However you have to take care, that if one policy hits, no other policy will be used. So policy 1 ist the strongest one. Policy 2 will capture the rest. I am not sure if policy 3 will work, except if your rule 2 for outbound mails is limited to a domain or any other filters.
    (and I see that policy 1 and 2 will capture internal mails - I doubt that policy 2 will get any "internal" feed because of policy 1). 


    Use "Verified Answers" if your problem/issue has been solved!

  • 0 in reply to   

    Yes our first policy is for inbound and internal, it scans all the mails that come from our domains, as far as I can see.
    The second policy is for outbound, it scans all the mails that come from our domains and go out, as far as I can see. And I understand that the internal is already in the first rule. But the outbound is already in the second rule and the third rule should catch everything that is left. But there is no check box for external mail.

    The third policy was meant for all the rest that wasn´t scanned by the 2 above. Meaning the mails that have a sender and a recipient that are both not from our domains. In the logs they are tagged EXTERNAL. But I can´t get this third rule to scan those mails. They just go through unscanned. I already tried all kinds of settings in the third policy.

    Can someone maybe try to send a testmail through SMG where the sender and the recipient that are both from foreign domains? Are they being scanned by any policy in your SMG system?

    I did find one way to have those mails scanned by adding a Domain with the name of * but then all mails are internal.

    Thank you and best regards

  • 0   in reply to 

    Hmm, maybe you are right. Dark in my brains I can remember that SMG did not check these mails. I.e. if someone relays via GWIA. So if you authenticate at your GWIA, you are allowed to send any mails (in most cases). So you can use bill.gates@microsoft.com. As I can remember, we could not detect any traces in SMG message tracker. But this observation happened more than 2 years ago. Maybe it's still the case (I will try).
    Nevertheless even GWIA does not provide helpful information in log files for this kind of relaying I think.


    Use "Verified Answers" if your problem/issue has been solved!