ESET Staff
  • Content count

  • Joined

  • Last visited

  • Days Won


filips last won the day on April 6 2017

filips had the most liked content!

Profile Information

  • Gender
    Not Telling

Recent Profile Visitors

1,215 profile views
  1. Hi, unfortunately, the message "Infected attachment has been deleted by ESET Mail Security" cannot be changed
  2. Spoofed Email Address

    One more thing i forgot to mention: You can (should ) use rule action "Log to events" for some time to check if the rule works correctly before enabling action like reject/drop/quarantine
  3. Spoofed Email Address

    Hi davidenco, The SPF check is evaluated using domain from HELO or MAIL FROM. It does not protect You against spoofing of "From" header. This means that if the sending domain (in HELO or MAIL FROM) does not have SPF record or has a valid SPF record, the mail is valid even if it is spoofing your domain in From header (it could be a valid mail forwarder). This problem can be solved by using DMARC: You could also create a transport rule like this: Conditions: Message headers match regular expression \nFrom: .* Sender's IP address is not one of (list of your IPs or IPs that are allowed to send mail for your domain) Actions: Quarantine message Or something like this: Conditions: Message headers match regular expression "\nFrom: .*" Message headers do not match regular expression "\nReply-To: .*" Actions: Quarantine message
  4. Hi davidenco, You are right, if an email fails the SPF check or if there is no SPF record for the sending domain, greylisting will be performed.
  5. Hi, this option is not available
  6. Hi, this option is not available. Something similar will be available in EMSX v7 - it will have a customizable SMTP reject response message (apart from default "Invalid content").