M.K.
ESET Staff-
Posts
47 -
Joined
-
Last visited
-
Days Won
2
M.K. last won the day on May 9 2023
M.K. had the most liked content!
About M.K.
-
Rank
Newbie
Profile Information
-
Location
Slovakia
Recent Profile Visitors
The recent visitors block is disabled and is not being shown to other users.
-
How to remove tags from quarantined emails.
M.K. replied to Yafu Ji's topic in ESET Products for Windows Servers
Hi, currently it's not possible. You could write a market requirement for this. -
Mail security for Exchange: Quarantine management
M.K. replied to THG's topic in ESET Products for Windows Servers
Hi, a possible workaround is to switch the type of quarantine from "Local quarantine" to "Quarantine mailbox". That way you can access the quarantined emails also via Outlook/OWA/... and get access to the attachments before releasing them via ESET Mail Security. -
SLV reacted to a post in a topic: Mail Security - Rule Condition - Internal message and Outgoing message
-
SLV reacted to a post in a topic: RBL and DNSBL advanced antispam protection on Mail Security for Exchange
-
Peter Randziak reacted to a post in a topic: RBL and DNSBL advanced antispam protection on Mail Security for Exchange
-
Hi, when there is a limit on number of IP addresses from Received headers set by user, they are counted from the most recent (appears on top). Local IP addresses and addresses on Ignore list are skipped i.e. not counted towards the limit. Note: besides Received headers, we also acquire the IP address of the connecting server from the SMTP session - this address is always checked against our cloud blacklists/whitelists, independent on whether it is part of Received headers or not.
-
Hi, Ad. Internal: messages are consider as internal if the SMTP connection is not marked as external by Exchange server, or when the email comes from the internal mailbox, or when is submitted via local pickup. Ad. Outgoing: this is based on the email recipients categories. EMSX checks all recipients of the email to determine whether they are located in the same organization, in different organization, or are marked by Exchange as external.
-
Which standard RBLs are using in ESET Mail Security?
M.K. replied to Daenni's topic in ESET Products for Windows Servers
Hi, ESET Mail Security doesn't use any third party RBL by default, only our own cloud service. -
How to get Mailheader from quarantined or Spammail?
M.K. replied to Daenni's topic in ESET Products for Windows Servers
Hi Daenni, yes in Mail Quarantine you can check the original headers of quarantined emails, in the Details window. -
schuetzdentalCB reacted to a post in a topic: Exchange Mailsecurity
-
Peter Randziak reacted to a post in a topic: Exchange Mailsecurity
-
There is a setting in product "Enable temporary rejecting of undetermined messages" in Advanced antispam settings, that can help to fight first waves of spam by temporarily rejecting suspicious emails for the specified period until our antispam cloud gathers enough data. For malware it is recommended to enable ESET LiveGuard (cloud sandbox).
-
Search for sender's originating IP address in headers
M.K. replied to pronto's topic in ESET Products for Windows Servers
The "UseOriginalIPHeader" setting is relevant only for the Mail security, not for Network protection component. So yes, that was a misunderstanding from our part. -
Search for sender's originating IP address in headers
M.K. replied to pronto's topic in ESET Products for Windows Servers
You can verify it in the Mail server protection log - e.g. turn on logging of all messages <?xml version="1.0" encoding="utf-8"?> <ESET> <PRODUCT NAME="emsx"> <ITEM NAME="plugins"> <ITEM NAME="01004100"> <ITEM NAME="settings"> <ITEM NAME="MAILSERVER_CONFIG"> <NODE NAME="LogAllMessages" TYPE="number" VALUE="1" /> </ITEM> </ITEM> </ITEM> </ITEM> </PRODUCT> </ESET> send an email containing the header (i.e. X-Originating-IP: X.Y.Z.W) and you should see the X.Y.Z.W address in the "IP Address" column instead of the address of the sending server. The column has zero width by default, you need to resize it first - it is the second column right after "Time". If that address is on the Blocked IP list, the whole email should be marked as spam. -
Hi, Microsoft has recently discontinued the Basic Authentication for EWS by default (https://learn.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/deprecation-of-basic-authentication-exchange-online). We are working on a solution which we plan to include in the next major EMSX release. In the meantime it is still possible to re-enable the Basic Authentication in tenant settings: https://learn.microsoft.com/en-us/azure/active-directory/fundamentals/concept-fundamentals-security-defaults
-
Search for sender's originating IP address in headers
M.K. replied to pronto's topic in ESET Products for Windows Servers
You don't need to edit exported settings, you can just import that XML I've copied here in the chat. Just save those 15 lines to a file and import it - only those two settings will be affected by it. As for the "the originating IP Address is detected automatically in all new versions of Mail Security" - that could be a bit misleading. It's true that our antispam engine tries to verify/detect the correct sender's IP address from the message headers automatically if the IP address provided from Exchange Server SMTP session is e.g. a local address (Edge server, other server in DAG etc...). But that has nothing to do with this setting (UseOriginalIPHeader) where you can explicitly specify which particular header contain the correct IP. -
Search for sender's originating IP address in headers
M.K. replied to pronto's topic in ESET Products for Windows Servers
The setting should work the same as before, i.e. when turned on (UseOriginalIPHeader=1) and with the header name defined (OriginalIPHeader), then whenever EMSX finds such header in the email, it's value - if it's valid IP address - is used instead of the connecting server IP address. That should relate to all protection layers that process the connecting IP (antispam, SPF ...). It has been removed from GUI, as it was often used in a way that was not intended. For the legitimate cases it is still available for advanced users.