filips

ESET Staff
  • Content count

    114
  • Joined

  • Last visited

  • Days Won

    2

Everything posted by filips

  1. Hi, antispam in EMSX v6 requires different firewall settings than v4, You should check those as well: https://support.eset.com/kb332/#antispam
  2. Hi, This feature has already been discussed with some customers. The problem is that it defeats the purpose of rules - if an admin wants to block certain type of files then why give users an easy way to "smuggle" these files into your company (e.g. just put it in a DOC file)? The problem with *.tmp can be solved easily, but if we find a good use case for "Is in a container" setting we will certainly implement it.
  3. Hi jdashn, You can remove the *.tmp extension from the rule. We already removed it in newer versions because it caused this problem. You can see Office documents blocked because they are archives and some of them may contain *.tmp files (rules are evaluated on each file in archive).
  4. Hi, Blocked body domain list marks an email as spam - spam action is performed. EMSX v7 will have body content filtering rule as well - it will support different actions, logging etc.
  5. Hi, unfortunately, the message "Infected attachment has been deleted by ESET Mail Security" cannot be changed
  6. Spoofed Email Address

    One more thing i forgot to mention: You can (should ) use rule action "Log to events" for some time to check if the rule works correctly before enabling action like reject/drop/quarantine
  7. Spoofed Email Address

    Hi davidenco, The SPF check is evaluated using domain from HELO or MAIL FROM. It does not protect You against spoofing of "From" header. This means that if the sending domain (in HELO or MAIL FROM) does not have SPF record or has a valid SPF record, the mail is valid even if it is spoofing your domain in From header (it could be a valid mail forwarder). This problem can be solved by using DMARC: https://blogs.technet.microsoft.com/eopfieldnotes/2015/02/26/using-dmarc-to-prevent-spoofing/ You could also create a transport rule like this: Conditions: Message headers match regular expression \nFrom: .*@OurDomain.co.uk Sender's IP address is not one of (list of your IPs or IPs that are allowed to send mail for your domain) Actions: Quarantine message Or something like this: Conditions: Message headers match regular expression "\nFrom: .*@OurDomain.co.uk" Message headers do not match regular expression "\nReply-To: .*@OurDomain.co.uk" Actions: Quarantine message
  8. Hi davidenco, You are right, if an email fails the SPF check or if there is no SPF record for the sending domain, greylisting will be performed.
  9. Hi, this option is not available
  10. Hi, this option is not available. Something similar will be available in EMSX v7 - it will have a customizable SMTP reject response message (apart from default "Invalid content").