cancel
Showing results for 
Search instead for 
Did you mean: 

IronPort anti-spam migration FAQ

IronPort anti-spam migration FAQ

IronPort anti-spam migration FAQ

IronPort Systems & PlusnetThose of you who've been following our recent Service Status Announcements and blog posts will know that we're currently in the process of migrating all of our customers to a new anti-spam platform based on hardware supplied by the well-respected email security experts, IronPort. We're now well into the migration plan, and we're hoping to have everybody moved across over the next fortnight. We're sure a lot of you will have questions about the migration so we've knocked together a quick FAQ below that should hopefully answer some of the more commonly asked ones.

How can I tell if I've been migrated? Each batch of migrations that we do is being announced in advance on our Service Status feed and you can expect to receive an email to your 'postmaster' address within 48 hours of being moved across. If you don't check this mailbox or for some reason you don't receive the notification email then there are a couple of other ways  you can check to see if you've been migrated. Check the email headers of your received mail. If your email is being routed through IronPort then you'll see reference to this in the headers.

X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AnMBAON3MUlCh8USkWdsb2JhbACCRCwyjm+BNwEBAQEJCwoHEQWoTSmBNyh2hCATCCeEeAWEZQWBdggKgUI X-IronPort-AV: E=McAfee;i="5300,2777,5449"; a="573186" X-IronPort-AV: E=Sophos;i="4.33,688,1220223600"; d="scan'208,217";a="573186"

Another method, is to perform a DNS Lookup to see what servers are responsible for handling email for your username or domain. This can be done using the DIG command in Unix or the NSLookup command in Windows. You can also do this using an online DNS lookup service like the one here. Enter ns1.force9.net for the Name server and Under Domain name enter the bit after the ‘@‘ sign of your email address. Select Mail Exchange (MX) from the drop-down below and click Perform Query. What you are looking for are the names of the servers that are handling your email. If you haven’t been migrated yet and you have spam filtering switched on then these will be Postini's servers and the output will look something like this: This is what the output looks like if you have been migrated and have spam filtering switched on: If the output looks like the example below then you have spam filtering switched off. Switch it on by visiting the Manage My Mail tool in the Member Centre.

 

[TOP]

Where's all my spam gone? Both internal testing and feedback from those who have been moved to the new platform suggests that you are very likely to notice a considerable reduction in the volume of spam emails that arrive in your inbox once you've been moved across. This is mainly due to the effectiveness of IronPort's reputation based filters that are very efficient at blocking junk email before it reaches your inbox. You can read more about reputation based filtering here. Further details about IronPort's reputation filters can be found here.

[TOP]

I'm still receiving email that's been filtered by Postini? Even after your DNS records have been updated to point to the IronPort platform, some email may still be getting sent to you via Postini's servers. This is because it can take 24-48 hours for a DNS change to propagate across the Internet. Another possibility is that a spammer has cached your MX records and is still sending messages directly to the Postini system. This will cease to be a problem once everybody has been migrated across and the Postini system has been decommissioned.

[TOP]

I'm currently using Postini Quarantine, how will these changes affect me? Once you’ve been moved across to IronPort, most of your email will stop getting scanned by Postini’s servers. This will render the current Quarantine system pretty useless as all of your email will be bypassing it. Instead you'll need to login to the IronPort Qurantine. One new feature we’ll be bringing to the table is the introduction of Quarantine Summary Notifications, that get sent to you each day where you’ve had email quarantined by the IronPort systems. These emails list the messages that have been identified as spam and offer a handy link that delivers the original message to your inbox if you decide it isn’t spam. For more information on the new Quarantine system take a look at our updated Help & Support pages.

[TOP]

Quarantine keeps telling me that my username or password is wrong? You will only be able to login to Quarantine directly if you have a paid-for subscription account. Customers with non-subscription accounts will not be able to login to Quarantine but will still be able to take advantage of the daily Quarantine Summary Notifications and use the links in those emails to release any messages that aren't spam.

[TOP]

Why am I receiving more spam? Because there's no easy way to disable IronPort's reputation filters, we have made some changes to the way your email is routed if you have spam filtering switched off. Before now, turning spam filtering off did not actually stop your messages getting routed via Postini. This has now changed so If you have spam filtering switched off, your email now completely bypasses IronPort and Postini and is instead sent directly to our mail delivery servers (mx.cores). Whilst Postini did minimal filtering of your email when the spam filter was switched off, it's possible that you might receive more spam email now if you have anti-spam disabled. If you're worried about the volumes of spam you're receiving then switch the filter back on using the Manage My Mail tool in the Member Centre.

[TOP]

I've received a confirmation email but my messages aren't being routed through IronPort. Check that you haven't got spam filtering switched off. If you have your email will be bypassing both Postini and IronPort.

[TOP]

I've turned spam filtering off and my emails are still getting spam filtered! Because of the changes described above, switching spam filtering off is now dependent on a DNS change. DNS changes can take 24-48 hours to propagate across the Internet so it can take this long before the spam filter is completely switched off.

[TOP]

I have spam filtering switched off an i no longer have access to the Edge Protection controls.

When you turn spam filtering off your email is no longer routed through Postini or IronPort. This means that it's no longer possible to offer Edge Protection whilst the anti-spam service is disabled. An alternative is to switch spam filtering on, switch spam tagging off and select the option to deliver spam email to your Inbox - this is equivalent to having Edge Protection switched on but spam filtering switched off.

[TOP]

I can't see the 'List' tab in Manage My Mail anymore? We have decided to remove Mailing List functionality for customers that aren't using the service. You can find more details about this decision over on our Community Site forums.

[TOP]

I run my own mail server, does this still apply to me? No, you will not be affected by these changes.

[TOP]

I have another problem? If you are experiencing a different problem, or have a question about IronPort that isn't answered above, then why not head over to our Community Site forums where we've set up a dedicated forum where you can discuss our plans for the future of the email platform. . Bob Pullen Plusnet Comms Team

0 Thanks
19 Comments
3886 Views
19 Comments
Not applicable
[...] Update: This article now has an updated Frequently Asked Questions. You can find the latest information in our IronPort anti-spam migration FAQ [...]
Nick_Shields
Not applicable
Can anyone (including Plusnet) tell me why we are losing Postini? Spam has been a shambles here in the past with tekki systems that didn't work, lack of feedback, hacked e-mail addresses and so on: then Postini comes & the problem is solved. I still get 25 or so spams a day & about 99 percent are quarantined. Why change-is this a case of "it works, so we'll fix it!"?
Not applicable
[...] the email spam protection system we use is in the process of migrating from Positni to Ironport – more information on this is available. Usually a refresh of the mail component alleviates any [...]
Philip4
Not applicable
I notice mention of McAffe!*? That organisation has given me grief on a new DELL three years ago. DELL gave its new owners three months of McAffe protection. In seeking to extend that period I contacted McAffe who informed me that the credit card that had bought the DELL was invalid The cover was due to expire on 26 February 2006. On 27th February a red message appeared on screen demanding to be connected to the internet to be told what I had lost by not extending the McAffe protection. I discovered McAffe loaded my new DELL with a vast array of nasties and I could not get rid of McAffe who effectively blocked the loading of any other form of protection! Within four months from new - it cost me over £300 to get my new computer 'cleaned!' But it is still preventing me from gaining the best advantage for the use of a PC. In the circumstances I hope I do not again have to have any direct contact with McAffe who continues to claim my credit ccard is invalid! kylic2
bobpullen1
Not applicable
The IronPort platform uses Integrated McAfee and Sophos anti-virus engines. You've nothing to worry about though as all of the IronPort filtering is server side and will never interfere with your local computer setup. http://www.ironport.com/technology/ironport_virus_defense.html
ajd
Newbie
Could you please add details of how to access quarantined emails?
bobpullen1
Not applicable
@AndyDob, the help article here should explain that - http://www.plus.net/support/security/spam/spam_protection_advanced_guide.shtml#usingquarantineiron If you don't have Quarantine enabled then anything that gets through and is identified as spam will be handled according to your anti-spam preferences (e.g. moved to 'Spam' folder, marked as [-SPAM-], delivered to another mailbox etc.)
kenneth_Smyth
Not applicable
Where the bleep's my Email gone. People are trying to contact me and they're bounced back. I'm doing an ou course and need constant connection with my tutor. I don't need this bleep.
Not applicable
[...] write dear reader and some good news.  Today marks the day we completed our move from Postini to Ironport.  The last remaining customers moved over to Ironport earlier today. I think it’s fair to [...]
Simon_Waldron
Not applicable
In response to the comment by Kenneth Smyth; I am appaled at the 'head in the sand' approach of PlusNet. They keep telling me that Ironport is a third party system which blocks emails from 'known spammers'. In my case (and hundreds of others) my domain name is hosted by DSVR (Demon) with email forwarding to my PlusNet email, but Ironport is blocking all email from DSVR. Consequently I have had no email for 4 days and have spent hours on the phone trying to get the issue resolved, currently with no success.
bobpullen1
Not applicable
@Simon Waldron, I'm sorry to hear that you're having difficulty with the messages forwarded from your hosting provider. An internal problem is open regarding this (ref: 54522), however the problem is due to the reputation of Demon's mail servers. From what I can tell they have four that are used for domain forwarding: 213.253.179.5 - Good 213.253.179.6 - Good 213.253.179.7 - Poor (Critical) 213.253.179.8 - Poor (Very High) The value after each IP address is the servers current reputation. As you can see, some of them are really bad - http://www.senderbase.org/senderbase_queries/rep_lookup?search_name=213.253.179.7&action%3ASearch=Search This doesn't seem all that dissimilar to the problems we've had with uk2.net in the past (although the senderbase reputation of their servers wasn't quite as bad as this). We'll try getting in touch with Demon (have you queried this with them yourselves?), and assess whether or not we can put any measures in place at this side to sort this out for you. In the meantime, you might want to consider switching spam protection off on your account. This would result in your email completely bypassing the spam filters (but would also result in an increase in the volume of junk email that gets through to you).
Jayne1
Not applicable
Ironports... A great choice, we implemented Ironports a couple of years ago when the Unix systems could no longer cope. A year ago, we were getting 1 million mails a day, the ironports stop practically all of our SPAM, which is a staggering 98%. A very robost and strong SPAM, Content filtering, virus solution... (despite the costly price to buy:) We are virtually virus free with this solution. Was pleased to hear of this solution... It is a shame that those who are so quick to critise this solution and think your intend is to break what is perceived as a fixed solution don't really appreciate the time and human effort it has taken to help rid us all of a problem created by a small number of destructive people. Well done:)
tony1
Not applicable
i download my email via pop3 does spam filtering have any effect on emails downloaded in this way.
mgillespie1
Dabbler
Is it possible to train the spam filter? I got spam from Frontierpharmacies.com about some blue pills. Clearly spam.
Joe4
Not applicable
Maybe Ironport are trying to tell you something.
bobpullen1
Not applicable
@tony, yes spam filtering is applied to mail that you download using pop3. @Mark G, not on an individual basis it isn't. IronPort do have training addresses that you can forward emails to though and we'll probably decide to start forwarding email sent to our spam training addresses to them at some point. Have you checked the headers of this message though as there's a chance it came via Postini (we haven't switched it off yet).
Ala_Al-Khouri
Not applicable
Please help me confirm, or corretly answer the following: A character string has been placed in the subject header of all emails that needs to be encrypted. This string is [LOCKIT] Enter the syntax that is needed to search for this string in the Condition Menu of the content filter. Answer: subject == "^\\[LOCKIT\\]" is this correct? What command string from a sending MTA, tells a recieving MTA that a new mail transaction is about to occur and who it is coming from? Answer: HELO is this correct After an installation of an ESA, you need to verify that it will be able to access the Active Directory server my.ad.server.com. What CLI command string would you enter to verify this? Not sure what command tring i would Enter? After installing an IronPort email appliance, you need to verify that it has SMTP access to your internal mail server smtp.myserver.com. You do this by logging into the appliance cli and entering a test string. Enter that string below. Not sure of the answer? last question, the high lighted item what I think is correct only, but would love to confirm A character string has been placed in the subject header of all email that needs to be encrypted. The string is [SECURE]. Which of the following options in the subject header menu of the content filter conditions must be chosen to trigger this filter? (please confirm asnswers) select all that apply and we selected only 1 item. (Select all that apply), i think contains (correct only) but I can be wrong Does not contain Ends with Does not begin with Contains (correct) Does not equal Begins w Equals Does not end with please help me with these questins, very much limited info out there and I am hoping you will be able to help. thank you in advance Ala Al-khouri ala.al-khouri@hotmail.com
Hilary_McNeill
Not applicable
We are now unable to send emails to any of our correspondents who are on rambler.ru. Whenever we try we are told that the spam filter won't let us and to contact you. Please allow us to make contact with our correspondents using rambler.ru. Thanks.
bobpullen1
Not applicable
Hi McNeill, Have you raised a ticket? If not I'd suggest you do this and include a copy of the return message that you're getting complete with the mail headers. We should then be able to assess why it's happening and hopefully sort it out for you.