Jump to content


ESET Staff
  • Posts

  • Joined

  • Last visited

  • Days Won


M.K. last won the day on May 12

M.K. had the most liked content!

About M.K.

  • Rank

Profile Information

  • Location

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. You can add a condition "Sender's IP address ... is not" to the rule and list the addresses for which you want to skip the rule. Currently it is not possible to reference directly the existing IP lists defined in Advanced settings/Antispam protection/Filtering and verification. But we do track this market requirement in our backlog already and plan to add it in the future.
  2. Hi, the problematic domain you reported has been already removed from the cloud blacklist. The quickest way to solve such cases is to send the email sample to nospam_ecos@eset.com (https://support.eset.com/en/kb141-submit-a-virus-website-or-potential-false-positive-sample-to-the-eset-lab#spam) as those are handled almost immediately. Also based on the sample we have identified a problem in the algorithm that selects the sender's address from email headers in some cases (Return-path: header), and it will be also addressed by an automatic update. Regards, Matej
  3. EMSX tries to resolve as many IP addresses associated with that domain as possible - using A, MX, and SPF records. All resolved IP's could be checked in the Edit dialog in Advanced settings. If the IP is on the list (approved domain to IP list) and the email is still being marked as spam, please submit a support ticket so we can have a look at it.
  4. First question - yes, exactly. Regarding the blacklist check - if the IP is on Ignored list, then no checks are performed with the IP, including neither cloud nor local blacklists. But the email could be, for example, marked as spam due to the blacklisted domain in the message body.
  5. IP addresses found on "Ignored IP List" will be skipped during classification, the rest of the email will be still checked. When IP is whitelisted, the whole email is automatically considered as ham.
  6. Hi, ESET Mail Security for Exchange uses '451 4.7.1 Please try again later' response for greylisted messages, but Greylisting is turned off by default. Have you checked in-product logs or transaction logs to verify whether messages were rejected by Mail Security?
  7. Hi, try using Get-TransportPipeline command, that will give you better information about the order in which the agents are actually called. Get-TransportAgent shows an overall priority, it is applied separately for every event that Exchange processes during email transport.
  8. Hi, your customer can use additional rules with conditions: SMTP Sender's domain, Sender's IP address, From header - address, to check if emails with From: "supplier-mail-address" have also corresponding IP address range or SMTP Sender. Note: we plan to add the Sender Spoofing Protection feature to the upcoming vNext version of EMSX, to help to automate tasks like these.
  9. You need to use one of the IP & Domain-to-IP whitelists, for example Greylisting and SPF -> IP whitelist Greylisting and SPF -> Domain to IP whitelist
  10. Hi, have you tried using custom rules with the combinations of conditions From header - address From header - display name? You can also have all macro-enabled office documents quarantined, using the Attachment type condition.
  11. Hi, also please note that ESET Mail Security for Exchange can also be used to scan Exchange Online mailboxes with on-demand scan in case of hybrid deployments (on-premise + cloud). Mail transport in hybrid deployments is scanned only if emails are routed first to on-premise server and then to cloud. Matej
  12. Hi Brent, currently this is not possible to do, other than to have the archives password protected and thus bypassing the attachment filtering rules. Matej
  13. Hi Joe, yes, Exchange can move spam to recipients' Junk folder based on the SCL score, so setting up a rule to insert the SCL header should be enough. Best regards, Matej
  14. Hi, yes, by default Mail Transport protection adds X-Eset... headers to all scanned emails, unless it's turned off in settings. So if headers are missing, it's better to check why (settings, logs, topology, ...). Best regards, Matej
  • Create New...