Jump to content


ESET Staff
  • Content count

  • Joined

  • Last visited

  • Days Won


Everything posted by filips

  1. Hi Russ, SPF uses only IP whitelists (or domain to IP). Approved senders list is not used in SPF, it applies only to antispam. The domain to IP lists should work - you could compare resolved IP addresses in GUI with connecting IP (maybe it wasn't resolved?). The rule you created didn't work because if "Automatically reject messages if SPF fails" is enabled, SPF is evaluated right on MAIL FROM command and if it fails, message is rejected right away and no rules/antispam are evaluated. To handle SPF in rules disable setting "Automatically reject messages if SPF fails" and then create a rule. It could look like: Condition 1 - Sender's IP address is not (list of customer's IPs) Condition 2 - SPF result is Failed Action - Reject message (You should test it with "Log to events" action first to see if it works correctly) or a simple version (but this one will not protect against spoofing of their own domain) Condition 1 - Sender's domain is not mydomain.com Condition 2 - SPF result is Failed Action - Reject message
  2. Hi Dean, All available keywords are mentioned in tooltip for "Format of event messages" Attachment name keyword will be available in EMSX v7 (%ATTNAME%, %ATTSIZE%). We improved the mailserver log in v7 as well so you will see all blocked attachments in mailserver log detail.
  3. Users are read from Sharepoint and checked against AD (once every 24 hours), deleted ones should be ignored Please PM me: 1. the output of usercount command 2. some user names that are deleted/disabled and are counted 3. number of active users you have 4. how you deactivate users we will check it thanks
  4. Hi, try running this command to see which user accounts were counted: shpio13 usercount /print /withnames /diag
  5. Hi, i can confirm this is a bug - resolving of domains runs asynchronously and the IP addresses are not always transferred to transport agent. It will be fixed in EMSX v7 Thank you for reporting a problem
  6. Greylisting whitelists use IP address of sender - HELO domain is not used at all. The problem can be caused by EMSX not resolving all of hotmail.com IP addresses. What IP addresses from hotmail.com do you see in greylist log that were rejected (and should be whitelisted)?
  7. Hi Dean, wildcards are ignored - you can combine 2 conditions: Sender's domain is "aol.com" Sender contains "mobile_" or you can use regex: Sender matches regular expression "mobile.*@aol.com"
  8. Hi davidenco, "Add domain to greylisting whitelist" adds the domain to "Domain to IP whitelist". Domains in this list are resolved to IP addresses and these IP addresses are then whitelisted. Resolving may take some time - you can check advanced settings to see if the IP addresses were already resolved (and which IP addresses were found). hotmail.com, outlook.com and hotmail.co.uk share some IP addresses/ranges so if you add one of them to whitelist it may whitelist others as well. If you see an email rejected by greylisting (that should be whitelisted), you can check the IP address against "Domain to IP whitelist".