Jump to content

filips

ESET Staff
  • Posts

    154
  • Joined

  • Last visited

  • Days Won

    3

Everything posted by filips

  1. Hi, this problem is caused by DMARC condition in rules. Next release of EMSX (6.4.10008) will fix it. Workaround: temporarily disable DMARC rule (No need to install EMSX 6.3)
  2. Hi, this KB article describes how to contact support: hxxp://support.eset.com/kb3742/?locale=en_US
  3. Hi burgundy, Are these NDRs missed by antispam protection? If yes then please collect some samples and submit a support ticket to your local ESET office.
  4. Hi, We managed to find a bug while examining DKIM signatures from mail1.eventbrite.com - this will be fixed in next release of EMSX (6.4.10008) We weren't able to find any problems related to DKIM signatures from smtp21.email4-beyond.com. Please send us a sample .eml file that gives wrong DKIM result (to support or PM me). thanks
  5. Hi, there are no special recommendations for DAG setups. If you do not use ERA, ESET cluster can be used to synchronize EMSX settings between nodes. EMSX 6.4 adds option to synchronize also greylisting databases across ESET cluster.
  6. Hi ajal, To make your custom ports work with quaratnine web interface open IIS and add a binding to this port to Default web site. Messages stuck in the Shadow redundancy queue is a known issue. We were able to reproduce this problem even without our product installed (using MS Exchange transport rules). Quarantined messages are discarded from the queue after specified period (ShadowMessageAutoDiscardInterval - default is 2 days).
  7. Hi jadorwin, this should help: - edit your rule - add condition "Internal message: false" We will investigate the problem you described - SPF check could be skipped when scanning authenticated emails. Does the domain where authenticated users/services send from have valid SPF records?
  8. Hi hungtt, unfortunately there is no message body rule (yet) that could be used. Maybe you could use "Blocked body domain list"? (Advanced setup/Server/Antispam/Filtering and verification/Blocked body domain list) You can specify a list of domains that are forbidden in message body and antispam engine will mark these messages as spam
  9. EMSX 6.4.10007.0 is already available for download. You need to download the file from website and start the upgrade manually
  10. Please disable "Search for sender's originating IP address in headers" and check if it helps - hopefully it will solve also problems with Office365. "Search for sender's originating IP address in headers" is intended only for servers that are behind a gateway that hides the original SMTP connection IP address.
  11. To see the reason why antispam catches your emails check Mail server protection log (in GUI go to Log Files and choose "Mail server protection"). The problem you describe sounds like antispam using client's IP address - did you enable "Advanced settings/Mail transport protection/Advanced settings/Search for sender's originating IP address in headers"? You can check Mail server protection log to see why the messages from Office365 are moved to quarantine
  12. To approve all emails from a domain just enter: (no wildcard needed) domain.dom
  13. You can use this command to disable interactive paging: eShell ui eshell>set lister disabled Or you can just redirect the output to null (eShell server as greylisting add domain-to-ip-whitelist test.com > $null) One more thing - there is a new import/export function coming in EMSX 6.4 (end of this month), so if you wait a while you can use this: eShell server as greylisting import domain-to-ip-whitelist \\192.168.9.11\test\Greylist.txt
  14. You need to disable cleaning in scanner settings: Server/Antivirus and antispyware/Mail transport protection/Threatsense Parameters/Cleaning level to "No cleaning" and to redirect infected messages to quarantine set: Server/Mail transport protection/Action to take if cleaning not possible to "Quarantine message" NOTE: you may need to enable cleaning when releasing such email - otherwise it would return to quarantine (or create a rule to skip AV scan for such emails)
  15. Hi katbert, you could create a mail transport rule like this Condition: Antivirus scan result - is not - Clean Action: Quarantine message
  16. Yes, you can use antispam lists to bypass both greylisting and antispam
  17. Sorry, wrong context :/ This is antispam whitelist: eShell server as filtering>add approved-domain-to-ip-list domain.com This is greylisting whitelist (antispam scan is still performed): eShell server as greylisting>add domain-to-ip-whitelist domain.com Greylisting uses also antispam lists if "Use antispam lists to automatically bypass Greylisting" enabled
  18. Unfortunately there is no IP address "is not" condition (will be available in EMSX 6.4) In current version you have to specify addresses that are invalid, e.g. if domain abc.com has address 1.2.3.4, invalid ranges are: 0.0.0.0-1.2.3.3 1.2.3.5-255.255.255.255
  19. Hi volodomyr, If you rename your exported configuration to cfg.xml and place it next to the installation package it gets imported automatically during installation.
  20. Hi wyzwolenia, you can use eShell to add domains to "Domain to IP whitelist" (eShell server as filtering>add approved-domain-to-ip-list domain.com) If you want to run eShell from a script, you may need to change the ESET Shell execution policy (see documentation for more info) Regarding the "Time limit for the initial connection denial (min)" setting - 2 minutes should be fine
  21. Hi piotrpotega, Mail server protection log keeps track of all messages that were modified by ESET Mail Security - by antispam protection, antivirus protection, rules. What are you trying to achieve? Why do you need to log all messages?
  22. Hi, SPF check will be available in 6.4 version of EMSX (end of August) Meanwhile you can use rules - create a rule with "Sender's domain" and "Sender's IP address" conditions
  23. hi wyzwolenia, This problem can occur if the sending domain uses more IP addresses to send emails (e.g. gmail). If the IP address changes after temporary reject by greylisting, new connection cannot be paired with the one that already exists in the greylisting database. and/or Receiving domain uses more servers to receive emails. If the receiving server changes between temporary rejects, a new record has to be added to its greylisting database. (assuming you have V6 version of EMSX) If it is the first case, you could add domains like gmail.com to "Domain to IP whitelist" (Server/Antispam protection/Greylisting), this should help. You can also try to increase the "Unverified connections expiration time (hours)". There is no solution for the second case yet, but EMSX v6.4 will be able to share greylisting databases between servers using ESET cluster. filip
  24. Hi ezeitoun, This feature will be added to new version of EMSL and EMSX that is scheduled to be released at the end of August
  25. This is most likely a certificate problem. Can you try other certificate? It can be set in 5443 port binding in IIS - Default Web Site. Also this might help: (https://support.mozilla.org/en-US/questions/1058856) - Open Firefox's about:config - Set security.tls.insecure_fallback_hosts = mail-kse.test-kse.local
×
×
  • Create New...