filips
ESET Staff-
Posts
160 -
Joined
-
Last visited
-
Days Won
3
Everything posted by filips
-
EMSX V7: Database scan could not be started
filips replied to davidenco's topic in ESET Products for Windows Servers
Hi, We managed to reproduce the issue - the problem is that Database scan task scheduled in policy is not created correctly. A workaround exists: When you create a scheduled Database scan task in ESMC, click edit and go through the wizard again. When you click finish the task should be saved correctly. The issue will be fixed in configuration module for ESMC -
EMSX V7: Database scan could not be started
filips replied to davidenco's topic in ESET Products for Windows Servers
Please ignore that sentence, of course you don't need Hyper-V -
EMSX V7: Database scan could not be started
filips replied to davidenco's topic in ESET Products for Windows Servers
There seems to be a problem when the database scan is scheduled in ESMC policy - we will investigate it I didn't know you were using ESMC - to schedule a scan from ESMC, you can use Client tasks/Server scan (https://help.eset.com/esmc_admin/70/en-US/dashboard.html?client_task_server_scan.html). But you have to enable sending of scan targets to ESMC first: https://help.eset.com/emsx/7.0/en-US/idh_config_era_targets.html This is the most up to date option and it gives you the ability to select mailboxes/public folders just like in EMSX. -
EMSX V7: Database scan could not be started
filips replied to davidenco's topic in ESET Products for Windows Servers
Hi davidenco, you can try enabling Diagnostic logging (Menu->Setup->Tools) for a minute and run the Database scan. Then check "Events" log to get more information. -
Mail security Office file with macro
filips replied to Guillaume Chartrand's topic in ESET Products for Windows Servers
Hi Guillaume, [apart from using EDTD] to disable the rule for certain users, you can update the default rule with new condition. You could add "Sender is not one of {list of whitelisted senders}" or "Sender's IP address is not one of {list of whitelisted IPs}" etc. This shouldn't happen, but we need some diagnostic data to examine the issue - you could contact customer care for further assistance. -
Hi Richard, EMSX v7 has a "From header - display name" condition in transport rules so you can create a rule like this: Conditions: From header - display name contains one of {My User1, My User2..} Sender's IP address is not {list of my IPs} (or Internal message is false) Actions: log/reject/delete/quarantine
-
Hi davidenco, The error in logs is caused by an exception while parsing "Received:" headers. We will address the issue in next hotfix of EMSX. Could you PM me a procdump file(s) capturing the exception? It would help us to track it down: procdump -ma -e 1 -f "nullreferenceexception" edgetransport.exe
-
Hi, unfortunately, this is not supported. Quarantine web access rights support only administration of whole quarantine and delegated access to one mailbox. Though you can assign the access rights to user group as well, you would still have to create one access right record for each mailing list. I filed an improvement to add delegation to domain/multiple mailboxes (e.g. wildcard support).
-
Whitelist a domain from SPF checks
filips replied to Russ's topic in ESET Products for Windows Servers
Hi Russ, SPF uses only IP whitelists (or domain to IP). Approved senders list is not used in SPF, it applies only to antispam. The domain to IP lists should work - you could compare resolved IP addresses in GUI with connecting IP (maybe it wasn't resolved?). The rule you created didn't work because if "Automatically reject messages if SPF fails" is enabled, SPF is evaluated right on MAIL FROM command and if it fails, message is rejected right away and no rules/antispam are evaluated. To handle SPF in rules disable setting "Automatically reject messages if SPF fails" and then create a rule. It could look like: Condition 1 - Sender's IP address is not (list of customer's IPs) Condition 2 - SPF result is Failed Action - Reject message (You should test it with "Log to events" action first to see if it works correctly) or a simple version (but this one will not protect against spoofing of their own domain) Condition 1 - Sender's domain is not mydomain.com Condition 2 - SPF result is Failed Action - Reject message -
Question to usercount Sharepoint ESET
filips replied to HSW's topic in ESET Products for Windows Servers
Users are read from Sharepoint and checked against AD (once every 24 hours), deleted ones should be ignored Please PM me: 1. the output of usercount command 2. some user names that are deleted/disabled and are counted 3. number of active users you have 4. how you deactivate users we will check it thanks -
Question to usercount Sharepoint ESET
filips replied to HSW's topic in ESET Products for Windows Servers
Hi, try running this command to see which user accounts were counted: shpio13 usercount /print /withnames /diag -
Is EMSX greylisting the wrong domain?
filips replied to davidenco's topic in ESET Products for Windows Servers
Hi, i can confirm this is a bug - resolving of domains runs asynchronously and the IP addresses are not always transferred to transport agent. It will be fixed in EMSX v7 Thank you for reporting a problem -
Is EMSX greylisting the wrong domain?
filips replied to davidenco's topic in ESET Products for Windows Servers
Greylisting whitelists use IP address of sender - HELO domain is not used at all. The problem can be caused by EMSX not resolving all of hotmail.com IP addresses. What IP addresses from hotmail.com do you see in greylist log that were rejected (and should be whitelisted)? -
EMSX 6.5 Mail transport rules wildcard support
filips replied to Dean Lazar's topic in ESET Products for Windows Servers
Hi Dean, wildcards are ignored - you can combine 2 conditions: Sender's domain is "aol.com" Sender contains "mobile_" or you can use regex: Sender matches regular expression "mobile.*@aol.com" -
Is EMSX greylisting the wrong domain?
filips replied to davidenco's topic in ESET Products for Windows Servers
Hi davidenco, "Add domain to greylisting whitelist" adds the domain to "Domain to IP whitelist". Domains in this list are resolved to IP addresses and these IP addresses are then whitelisted. Resolving may take some time - you can check advanced settings to see if the IP addresses were already resolved (and which IP addresses were found). hotmail.com, outlook.com and hotmail.co.uk share some IP addresses/ranges so if you add one of them to whitelist it may whitelist others as well. If you see an email rejected by greylisting (that should be whitelisted), you can check the IP address against "Domain to IP whitelist". -
Mail Quarantine Web Interface not working
filips replied to wineglass's topic in ESET Products for Windows Servers
Hi, this error is shown also when there is no certificate bound to the quarantine address. You should be able to fix it with new binding. Open IIS->Sites->Default web site->Bindings... and add a new https binding with port 4443 and your certificate. -
Move from EMSX 4.5 to 6.X Increased spam?
filips replied to jdashn's topic in ESET Products for Windows Servers
Hi, antispam in EMSX v6 requires different firewall settings than v4, You should check those as well: https://support.eset.com/kb332/#antispam -
Hi, This feature has already been discussed with some customers. The problem is that it defeats the purpose of rules - if an admin wants to block certain type of files then why give users an easy way to "smuggle" these files into your company (e.g. just put it in a DOC file)? The problem with *.tmp can be solved easily, but if we find a good use case for "Is in a container" setting we will certainly implement it.
-
How to block shortened URL's in EMSX
filips replied to BCS-E's topic in ESET Products for Windows Servers
Hi, Blocked body domain list marks an email as spam - spam action is performed. EMSX v7 will have body content filtering rule as well - it will support different actions, logging etc.