- Products
- Network Security
Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
Security ServicesComprehensive security for your network security solution
Network Security ManagerModern Security Management for today’s security landscape
- Advanced Threat Protection
Capture ATPMulti-engine advanced threat detection
Capture Security applianceAdvanced Threat Protection for modern threat landscape
- Access Security
Cloud Edge Secure AccessDeploy Zero-Trust Security in minutes
Secure Mobile AccessRemote, best-in-class, secure access
Wireless Access PointsEasy to manage, fast and secure Wi-FI
SwitchesHigh-speed network switching for business connectivity
- Email Security
Email SecurityProtect against today’s advanced email threats
- Cloud Security
Cloud App SecurityVisibility and security for Cloud Apps
Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
- Endpoint Security
Capture ClientStop advanced threats and rollback the damage caused by malware
Content Filtering ClientControl access to unwanted and unsecure web content
- Product Widgets
- Product Menu Right Image
-
- Network Security
- Solutions
- Solutions Widgets
- Solutions Image Widgets
-
- Solutions Widgets
- Partners
- Partner Widgets
- Partners Image Widgets
-
- Partner Widgets
- Support
- Support Widget
- Support Image Widgets
-
- Support Widget
- Products
- Network Security
- Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
- Security ServicesComprehensive security for your network security solution
- Network Security ManagerModern Security Management for today’s security landscape
- Advanced Threat Protection
- Capture ATPMulti-engine advanced threat detection
- Capture Security applianceAdvanced Threat Protection for modern threat landscape
- Access Security
- Cloud Edge Secure AccessDeploy Zero-Trust Security in minutes
- Secure Mobile AccessRemote, best-in-class, secure access
- Wireless Access PointsEasy to manage, fast and secure Wi-FI
- SwitchesHigh-speed network switching for business connectivity
- Email Security
- Email SecurityProtect against today’s advanced email threats
- Cloud Security
- Cloud App SecurityVisibility and security for Cloud Apps
- Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
- Endpoint Security
- Capture ClientStop advanced threats and rollback the damage caused by malware
- Content Filtering ClientControl access to unwanted and unsecure web content
- Product Widgets
- Product Menu Right Image
-
- Network Security
- Solutions
- Solutions Widgets
- Solutions Image Widgets
-
- Solutions Widgets
- Partners
- Partner Widgets
- Partners Image Widgets
-
- Partner Widgets
- Support
- Support Widget
- Support Image Widgets
-
- Support Widget
Comprehensive Anti-Spam Services (CASS) Troubleshooting Guide
03/26/2020 
64 People found this article helpful
99,571 Views
Description
This article covers troubleshooting steps for Comprehensive Anti-Spam Services (CASS).
Resolution
1. Check the SonicOS firmware customer is running. This will help determine the CASS version.
2. Check the Anti-Spam | Status page and ensure that the status of SonicWall Anti-Spam Service, SonicWall Junk Store and Destination Mail Server are Operational.
3. If the SonicWall Anti-Spam Service status is not Operational:
- Check the Anti-Spam licenses and the IP address it is pointing to. If it points to an internal IP then use a public DNS server for the UTM device, so that the anti-spam service can resolve to the correct IP address of the COLO server.
- Make sure that ISP is not blocking port 25 and 10025.
- If the issue persists collect a packet capture on destination port 25 and 10025 for at least 5 minutes.
4. If the SonicWall Junk Store status is not Operational:
- Try to access http://localhost:10080 on the server where the Junk Store is installed.
- If the Junk Store is running properly the browser should open http://localhost:10080/index.htmlpage. If it fails this indicates the Tomcat service is not running and further troubleshooting requires to be done. The most common reason could be a port conflict with another application using Tomcat.
- If the page is accessible then ensure that Windows or any other personal firewall software (eg. TrendMicro) is not blocking port 10080, 10443 and 10025.
5. If the Destination Mail Server is not Operational:
- Test whether the mail server is accepting connections on port TCP 25 from the UTM LAN IP address and the Junk Store IP address.
6. Not able to receive emails and all 3 services of CASS, viz., SonicWall Anti-Spam Service, SonicWall Junk Store and Destination Mail Server, are Operational:
- Ensure that Disable SYN Flood Protection for Anti-Spam-related connections is checked in the diag page.
- If using MS Exchange Server then the option Anonymous User should be checked in the Exchange Server.
- If the issue persists collect MlfAsgSMTP logs in Log Level 2 under Anti-Spam > Advanced page.
7. Check to see if Junk Summary is configured under the Anti-Spam | Junk Summary page. Junk Summary is important if the admin wants the users to be able to un-junk or delete their own emails from CASS Junk Box. Junk Summary is an email sent to users notifying them about the emails detected by CASS as junk. By clicking on the Junk Summary links, users can manage their Junk Box. If the Junk Summary is not being received by the users, then collect the commonlogs:junknotification logs in log level 2 for that date from the Anti-Spam | Advance page.
8. CASS 2.0 supports user based (per user) Allowed/Blocked list only if LDAP is configured under the Anti-Spam | LDAP Configuration page. Admin can use Corporate Allowed/Blocked list irrespective of LDAP if they are running CASS 2.0. This helps in addressing effectiveness issues like spam coming in or good emails being judged as spam. If allowed/blocked list is not enough to address the issues related to effectiveness then collect mail samples in .msg or .eml format, so that the same can be submitted to our Back-end Effectiveness Team for analysis.
9. Logs under the Anti-Spam | Advance page are useful for troubleshooting CASS related issues. Listed below are some logs that are useful in troubleshooting CASS related issues:
- Users not able to un-junk - commonlogs:webui (based on date)
- Not receiving junk summary - commonlogs:junknotifications (based on date)
- All emails processed by junk store - mfe:hostname (hourly logs)
10. The following should be kept in mind when troubleshooting CASS related issues:
- CASS works only for SMTP traffic on port 25. Custom ports are not supported.
- CASS won't work if the customer is using a hosted mail server on the WAN side of the SonicWall and uses POP to receive emails.
- The SonicWall should be running in NAT mode.
- CASS is NOT supported when the SonicWall is running in Layer 2 Bridged Mode or Transparent Mode.
Related Articles
Categories
- Firewalls > TZ Series
- Firewalls > SonicWall SuperMassive E10000 Series
- Firewalls > SonicWall SuperMassive 9000 Series
- Firewalls > SonicWall NSA Series
YES
NO