Using mandatory filter "Connection IP" you can find several mails with no verdict but Message audit log shows "Action taken: Rejected message by MTA" on Symantec Brightmail Gateway. You want to know why the mails are rejected.
"Action taken: Rejected message by MTA" can be caused by any reputation policy with action set to [Reject SMTP Connection]. To check whether it's caused by Symantec Global Bad Sender, please refer to TECH184377. There is another possibility that it's caused by CONNECTION CLASSIFICATION.
The following is a sample auditlog output for mail that rejected by CONNECTION CLASSIFICATION.
You can search the IP 's repuation on control center, [Reputation] -> [IP repuation lookup] , input the IP address shown in Accepted From: , you may find the search result shows similar as below:
Total % Spam
Thursday, Nov 24, 2011 02:43:40 PM JST
This behavior is by design.
Using Connection Classification ensures that the most abusive senders cannot degrade the connection ability of your best senders. Connection Classification automatically classifies every incoming IP address into one of 10 classes. Symantec Brightmail Gateway automatically gathers local reputation data to inform the classification. Senders in the best class, because they rarely if ever send spam, benefit from the best connection parameters. Senders in the worst class are subject to the worst connection parameters.
For more information about Connection Classification, please refer to the according chapter of the Administration Guide.
Imported Document ID: TECH175299
Subscribing will provide email updates when this Article is updated. Login is required.