Messages from bad senders are seen bypassing the filtering and messages from good senders are causing false positives.
On closer inspection it is observed that verdicts are None for Missed Spam and Symantec Global Bad Sender for false positives.
The Symantec Messaging Gateway (SMG) has been incorrectly deployed.
The Symantec Messaging Gateway is a Gateway product and needs to be deployed at the Gateway level. In order to take advantage of the Reputation features such as Symantec Global Bad Sender and Connection Classification the SMG must be able to see the original connecting IP. If the SMG is behind a NAT or any SMTP which is relaying the email the original connecting IP will not be visible for the SMG and the Reputation technology will cause inconsistent result. To clarify Reputation features are not supported when the SMG is not deployed on the Gateway level as it can not work as designed. It leaves 3 options:
1. Disable the Reputation features
2. Change the deployment model from internal IPs to public ones putting the SMG at the gateway level
3. Expect inconsistency regarding Reputation features
The requirement is somewhat described on page 181 in the SMG 9.5 Administration Guide under Enabling reputation filtering - Managing email traffic at the gateway.
Symantec Messaging Gateway 8.x
Symantec Messaging Gateway 9.x
Imported Document ID: TECH158288
Subscribing will provide email updates when this Article is updated. Login is required.