M.K.

Hi, currently it's not possible. You could write a market requirement for this.

Hi, one way to do it is to import a xml containing only the empty BlockedIPs property. This should remove all entries in the Blocked IP list. clean_BlockedIPs.txt

Hi, a possible workaround is to switch the type of quarantine from "Local quarantine" to "Quarantine mailbox". That way you can access the quarantined emails also via Outlook/OWA/... and get access to the attachments before releasing them via ESET Mail Security.

Hi, this should be possible. The condition "Internal message = false" should filter only the incoming messages.

Hi, when there is a limit on number of IP addresses from Received headers set by user, they are counted from the most recent (appears on top). Local IP addresses and addresses on Ignore list are skipped i.e. not counted towards the limit. Note: besides Received headers, we also acquire the IP address of the connecting server from the SMTP session - this address is always checked against our cloud blacklists/whitelists, independent on whether it is part of Received headers or not.

Hi, Ad. Internal: messages are consider as internal if the SMTP connection is not marked as external by Exchange server, or when the email comes from the internal mailbox, or when is submitted via local pickup. Ad. Outgoing: this is based on the email recipients categories. EMSX checks all recipients of the email to determine whether they are located in the same organization, in different organization, or are marked by Exchange as external.

Hi, ESET Mail Security doesn't use any third party RBL by default, only our own cloud service.

Hi Daenni, yes in Mail Quarantine you can check the original headers of quarantined emails, in the Details window.

Hi, RBL servers are queried with IP addresses extracted from 'Received:' headers, DNSBL servers are queried with IP's and domains extracted from message body. Hope that helps.

There is a setting in product "Enable temporary rejecting of undetermined messages" in Advanced antispam settings, that can help to fight first waves of spam by temporarily rejecting suspicious emails for the specified period until our antispam cloud gathers enough data. For malware it is recommended to enable ESET LiveGuard (cloud sandbox).

The "UseOriginalIPHeader" setting is relevant only for the Mail security, not for Network protection component. So yes, that was a misunderstanding from our part.

You can verify it in the Mail server protection log - e.g. turn on logging of all messages <?xml version="1.0" encoding="utf-8"?> <ESET> <PRODUCT NAME="emsx"> <ITEM NAME="plugins"> <ITEM NAME="01004100"> <ITEM NAME="settings"> <ITEM NAME="MAILSERVER_CONFIG"> <NODE NAME="LogAllMessages" TYPE="number" VALUE="1" /> </ITEM> </ITEM> </ITEM> </ITEM> </PRODUCT> </ESET> send an email containing the header (i.e. X-Originating-IP: X.Y.Z.W) and you should see the X.Y.Z.W address in the "IP Address" column instead of the address of the sending server. The column has zero width by default, you need to resize it first - it is the second column right after "Time". If that address is on the Blocked IP list, the whole email should be marked as spam.

Hi, Microsoft has recently discontinued the Basic Authentication for EWS by default (https://learn.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/deprecation-of-basic-authentication-exchange-online). We are working on a solution which we plan to include in the next major EMSX release. In the meantime it is still possible to re-enable the Basic Authentication in tenant settings: https://learn.microsoft.com/en-us/azure/active-directory/fundamentals/concept-fundamentals-security-defaults

You don't need to edit exported settings, you can just import that XML I've copied here in the chat. Just save those 15 lines to a file and import it - only those two settings will be affected by it. As for the "the originating IP Address is detected automatically in all new versions of Mail Security" - that could be a bit misleading. It's true that our antispam engine tries to verify/detect the correct sender's IP address from the message headers automatically if the IP address provided from Exchange Server SMTP session is e.g. a local address (Edge server, other server in DAG etc...). But that has nothing to do with this setting (UseOriginalIPHeader) where you can explicitly specify which particular header contain the correct IP.

The setting should work the same as before, i.e. when turned on (UseOriginalIPHeader=1) and with the header name defined (OriginalIPHeader), then whenever EMSX finds such header in the email, it's value - if it's valid IP address - is used instead of the connecting server IP address. That should relate to all protection layers that process the connecting IP (antispam, SPF ...). It has been removed from GUI, as it was often used in a way that was not intended. For the legitimate cases it is still available for advanced users.