Jump to content

filips

ESET Staff
  • Posts

    160
  • Joined

  • Last visited

  • Days Won

    3

Everything posted by filips

  1. Hi, only no action/quarantine/reject/drop silently actions are available. You could select No action and set the SCL value of spam messages using rules - and let the exchange server's content filter/transport rules decide what to do (but i am not sure whether you could combine these 2 actions or not)
  2. Hi, To install an equivalent of Core installation, execute following command: Msiexec /qn /i efsw_nt64_ENU.msi /l inst.log ADDLOCAL=HIPS,_Base,SERVER,_FeaturesCore,WMIProvider,Scan,Updater,eShell,UpdateMirror,RealtimeProtection,_License
  3. Hi, this KB article describes how to contact support: hxxp://support.eset....2/?locale=en_US
  4. Hi, Which version of EMSX do you have? Some issues related to antispam whitelists were already fixed - upgrade of EMSX could probably help. To remove a trusted domain from cloud blacklist please contact support.
  5. hi ivanp74, which version of EMSX do you use? If you use 6.3+ then you can create a transport rule (Advanced setup/Server/Rules) condition: Message headers contain "RDNS failed" action: quarantine/drop/reject If you use 6.4 then you can enable SPF
  6. We use our own reputation servers with more complex evaluation. There is no public documentation to this topic at this time. As for user-defined RBL and DNSBL servers – an example of a RBL server could be https://www.spamhaus.org/sbl/, and an example for an additional DNSBL server could be https://www.spamhaus.org/dbl/.
  7. Hi, this problem is caused by DMARC condition in rules. Next release of EMSX (6.4.10008) will fix it. Workaround: temporarily disable DMARC rule (No need to install EMSX 6.3)
  8. Hi, this KB article describes how to contact support: hxxp://support.eset.com/kb3742/?locale=en_US
  9. Hi burgundy, Are these NDRs missed by antispam protection? If yes then please collect some samples and submit a support ticket to your local ESET office.
  10. Hi, We managed to find a bug while examining DKIM signatures from mail1.eventbrite.com - this will be fixed in next release of EMSX (6.4.10008) We weren't able to find any problems related to DKIM signatures from smtp21.email4-beyond.com. Please send us a sample .eml file that gives wrong DKIM result (to support or PM me). thanks
  11. Hi, there are no special recommendations for DAG setups. If you do not use ERA, ESET cluster can be used to synchronize EMSX settings between nodes. EMSX 6.4 adds option to synchronize also greylisting databases across ESET cluster.
  12. Hi ajal, To make your custom ports work with quaratnine web interface open IIS and add a binding to this port to Default web site. Messages stuck in the Shadow redundancy queue is a known issue. We were able to reproduce this problem even without our product installed (using MS Exchange transport rules). Quarantined messages are discarded from the queue after specified period (ShadowMessageAutoDiscardInterval - default is 2 days).
  13. Hi jadorwin, this should help: - edit your rule - add condition "Internal message: false" We will investigate the problem you described - SPF check could be skipped when scanning authenticated emails. Does the domain where authenticated users/services send from have valid SPF records?
  14. Hi hungtt, unfortunately there is no message body rule (yet) that could be used. Maybe you could use "Blocked body domain list"? (Advanced setup/Server/Antispam/Filtering and verification/Blocked body domain list) You can specify a list of domains that are forbidden in message body and antispam engine will mark these messages as spam
  15. EMSX 6.4.10007.0 is already available for download. You need to download the file from website and start the upgrade manually
  16. Please disable "Search for sender's originating IP address in headers" and check if it helps - hopefully it will solve also problems with Office365. "Search for sender's originating IP address in headers" is intended only for servers that are behind a gateway that hides the original SMTP connection IP address.
  17. To see the reason why antispam catches your emails check Mail server protection log (in GUI go to Log Files and choose "Mail server protection"). The problem you describe sounds like antispam using client's IP address - did you enable "Advanced settings/Mail transport protection/Advanced settings/Search for sender's originating IP address in headers"? You can check Mail server protection log to see why the messages from Office365 are moved to quarantine
  18. To approve all emails from a domain just enter: (no wildcard needed) domain.dom
  19. You can use this command to disable interactive paging: eShell ui eshell>set lister disabled Or you can just redirect the output to null (eShell server as greylisting add domain-to-ip-whitelist test.com > $null) One more thing - there is a new import/export function coming in EMSX 6.4 (end of this month), so if you wait a while you can use this: eShell server as greylisting import domain-to-ip-whitelist \\192.168.9.11\test\Greylist.txt
  20. You need to disable cleaning in scanner settings: Server/Antivirus and antispyware/Mail transport protection/Threatsense Parameters/Cleaning level to "No cleaning" and to redirect infected messages to quarantine set: Server/Mail transport protection/Action to take if cleaning not possible to "Quarantine message" NOTE: you may need to enable cleaning when releasing such email - otherwise it would return to quarantine (or create a rule to skip AV scan for such emails)
  21. Hi katbert, you could create a mail transport rule like this Condition: Antivirus scan result - is not - Clean Action: Quarantine message
  22. Yes, you can use antispam lists to bypass both greylisting and antispam
  23. Sorry, wrong context :/ This is antispam whitelist: eShell server as filtering>add approved-domain-to-ip-list domain.com This is greylisting whitelist (antispam scan is still performed): eShell server as greylisting>add domain-to-ip-whitelist domain.com Greylisting uses also antispam lists if "Use antispam lists to automatically bypass Greylisting" enabled
  24. Unfortunately there is no IP address "is not" condition (will be available in EMSX 6.4) In current version you have to specify addresses that are invalid, e.g. if domain abc.com has address 1.2.3.4, invalid ranges are: 0.0.0.0-1.2.3.3 1.2.3.5-255.255.255.255
  25. Hi volodomyr, If you rename your exported configuration to cfg.xml and place it next to the installation package it gets imported automatically during installation.
×
×
  • Create New...