Jump to content


ESET Staff
  • Content count

  • Joined

  • Last visited

  • Days Won


Everything posted by filips

  1. I updated the answer - there was a problem with encoding of some characters...
  2. filips

    Mail security Office file with macro

    Hi Guillaume, [apart from using EDTD] to disable the rule for certain users, you can update the default rule with new condition. You could add "Sender is not one of {list of whitelisted senders}" or "Sender's IP address is not one of {list of whitelisted IPs}" etc. This shouldn't happen, but we need some diagnostic data to examine the issue - you could contact customer care for further assistance.
  3. Hi Richard, EMSX v7 has a "From header - display name" condition in transport rules so you can create a rule like this: Conditions: From header - display name contains one of {My User1, My User2..} Sender's IP address is not {list of my IPs} (or Internal message is false) Actions: log/reject/delete/quarantine
  4. Hi davidenco, The error in logs is caused by an exception while parsing "Received:" headers. We will address the issue in next hotfix of EMSX. Could you PM me a procdump file(s) capturing the exception? It would help us to track it down: procdump -ma -e 1 -f "nullreferenceexception" edgetransport.exe
  5. Hi, it looks like the mail server had limited connectivity to ESET antispam cloud services (already discussed here).
  6. Hi, unfortunately, this is not supported. Quarantine web access rights support only administration of whole quarantine and delegated access to one mailbox. Though you can assign the access rights to user group as well, you would still have to create one access right record for each mailing list. I filed an improvement to add delegation to domain/multiple mailboxes (e.g. wildcard support).
  7. Hi Russ, SPF uses only IP whitelists (or domain to IP). Approved senders list is not used in SPF, it applies only to antispam. The domain to IP lists should work - you could compare resolved IP addresses in GUI with connecting IP (maybe it wasn't resolved?). The rule you created didn't work because if "Automatically reject messages if SPF fails" is enabled, SPF is evaluated right on MAIL FROM command and if it fails, message is rejected right away and no rules/antispam are evaluated. To handle SPF in rules disable setting "Automatically reject messages if SPF fails" and then create a rule. It could look like: Condition 1 - Sender's IP address is not (list of customer's IPs) Condition 2 - SPF result is Failed Action - Reject message (You should test it with "Log to events" action first to see if it works correctly) or a simple version (but this one will not protect against spoofing of their own domain) Condition 1 - Sender's domain is not mydomain.com Condition 2 - SPF result is Failed Action - Reject message