Messaging Gateway

 View Only
  • 1.  Exact same e-mail are treated with different verdicts.

    Posted Sep 14, 2021 10:35 PM
    Exact same e-mails are treated with different verdicts. The e-mails are getting verdict " Dliver messsage normally" and some recipients getting verdict "Hold message in Spam Quarantine". Exact same sender and content. Is it any reason for this behavior?

    What can i do to fix this issue?


  • 2.  RE: Exact same e-mail are treated with different verdicts.

    Posted Sep 14, 2021 10:37 PM
    Is the ip and header the same in all these messages?




  • 3.  RE: Exact same e-mail are treated with different verdicts.

    Posted Sep 15, 2021 03:50 AM
    Same IP and header in the message. And multiple recipients receive with these two verdicts.


  • 4.  RE: Exact same e-mail are treated with different verdicts.

    Posted Sep 15, 2021 04:41 AM
    Mae a support case.




  • 5.  RE: Exact same e-mail are treated with different verdicts.

    Broadcom Employee
    Posted Sep 15, 2021 03:24 PM
    First off "deliver normally" and "hold message in Spam Quarantine" are not "verdicts", but "actions".   
    The distinction is important because "verdicts" are used to drive "policies" and within "policies" specific actions are specified.
    First things first:  search for the message(s) in the Message Audit Log (MAL). 
    The MAL record will show you which rules fired, as well as the verdict and, most importantly, which policy or policies were invoked.
    (it will also show you what, if any things weren't tested).

    Next thing is to examine your configured policies and, VERY IMPORTANT, which groups they apply to.
    Armed with that information, you can then decide how to "fix" the issue.

    From what little information you provided, my first suspicion is that you have a some people in the cc list that are having one policy applied and others in the cc list that are having a different policy applied.

    For example:
    you have an "admin" group, and one of the members of that group is "Vashan"
    you also have a recipient "tpa" who is not a member of any special group, so is a member of the "default" group.
    You have created a policy that says "if subject contains 'Foo'" with an action of "deliver normally", and you have enabled that policy for the "admin" group.
    You also have a policy that says "if subject contains 'Foo'" with an action of "hold in spam quarantine, and you have enabled that polciy for the "default" group.

    An email comes in that looks like:
    ------------------
    To:  Vashan; tpa
    Subject:  Foo

    blah, blah
    --------------------
    Vashan will have the message delivered normally and see it in his inbox.
    The message to tpa will be sent to the spam quarantine.

    The above is a simplification, but hopefully you get the idea.
    Recap:  check the MAL, check your policies, and you should be able to parse out what is going on and adjust it (or leave it alone, maybe that's the intended behaviour??) as needed.

    Hope this helps.