English
Chinese (Simplified)
French
German
Italian
Japanese
Russian
Spanish
Vietnamese
SDQ results
-
I signed up for the SDQ trial in SecurityGateway, but I am unable to figure out where I can find statistics on what it has actually caught. Would need to know its effectiveness before I considered a subscription for it. Thanks.
-
Arron Staff
There are not any specific graphs in SecurityGateway that will show you how effective the service is. You can look at individual messages and see what checks added points, or you can look at the inbound SecurityGateway logs.
You can also look at the SpamHaus website to see the number of requests they are receiving and the number of requests that were listed.
-
@Arron thanks, it occurred to me right after I posted this that perhaps Spamhaus had a log or something that showed it.
A couple of suggestions: there doesn't appear to be a "reason code" for an SDQ hit so when you're looking at the incoming mail logs, there doesn't appear to be any way to know or filter if something was blocked due to an SDQ hit.
And looking at the message transcript, I'm not able to find where the SDQ filtering happens. Can you tell me what I should be looking for?
-
Arron Staff
DQS filtering is actually happening in multiple different places and multiple lookups occur for each message. Its not as simple as looking for a single response.
For example, there are 5 different DNSBL lookups setup for DQS. You can see them by going to Security / Anti-Spam / DNSBL. There are 15 different URIBL lookups configured. Then additional lookups that can be done by SpamAssassin if you are using the HBL.
You will only see the URIBL lookups occur if a URI is found in the email. And there are a number of URIs that are excluded from the lookups to reduce the number of lookups that occur.
You will only see the SpamAssassin rules for the HBL if they match.
You can use Spamhaus's blocklist tester at https://www.spamhaus.com/product/blocklist-tester/ to test your configurations. If the messages are delivered, don't fret. SecurityGateway uses points for each one and does not block messages directly based on the results. It adds points to a score and if the score exceeds the threshold the message is blocked. So the results on the spamhaus website may not look great, but if you check your logs you will see all the test messags coming in and all the checks that are being done and points being added. And you can adjust the scoring as you see fit.
