M.K.
ESET Staff-
Posts
47 -
Joined
-
Last visited
-
Days Won
2
Everything posted by M.K.
-
huge email Q with deferred message 451 4.7.1
M.K. replied to Sameer's topic in ESET Products for Windows Servers
Hi, ESET Mail Security for Exchange uses '451 4.7.1 Please try again later' response for greylisted messages, but Greylisting is turned off by default. Have you checked in-product logs or transaction logs to verify whether messages were rejected by Mail Security? -
ESET File Server 7.3.12002 and WS2008 R2 support
M.K. replied to joloriquelme's topic in ESET Products for Windows Servers
Hi, just Windows Server 2008 (NT 6.0). MK -
Hi, your customer can use additional rules with conditions: SMTP Sender's domain, Sender's IP address, From header - address, to check if emails with From: "supplier-mail-address" have also corresponding IP address range or SMTP Sender. Note: we plan to add the Sender Spoofing Protection feature to the upcoming vNext version of EMSX, to help to automate tasks like these.
-
Mail Security: SPF Fail even if Domain in Whitelist
M.K. replied to strivoli's topic in ESET Products for Windows Servers
You need to use one of the IP & Domain-to-IP whitelists, for example Greylisting and SPF -> IP whitelist Greylisting and SPF -> Domain to IP whitelist -
Hi, also please note that ESET Mail Security for Exchange can also be used to scan Exchange Online mailboxes with on-demand scan in case of hybrid deployments (on-premise + cloud). Mail transport in hybrid deployments is scanned only if emails are routed first to on-premise server and then to cloud. Matej
-
Allow specific file types inside archive
M.K. replied to Brent_Stobbs's topic in ESET Products for Windows Servers
Hi Brent, currently this is not possible to do, other than to have the archives password protected and thus bypassing the attachment filtering rules. Matej -
A Simple Question About EMSX
M.K. replied to mathisbilgi's topic in ESET Products for Windows Servers
Hi, yes, by default Mail Transport protection adds X-Eset... headers to all scanned emails, unless it's turned off in settings. So if headers are missing, it's better to check why (settings, logs, topology, ...). Best regards, Matej -
Hi, RBL servers are queried with IP addresses extracted from message headers, DNSBL server are queried with domains and IP addresses extracted from the message body. So the answer depends on the type of the BL, i.e. Spamhaus could be in both, Spamcop collects only IP's so it's probably sufficient to put it only in Additional RBL servers list, etc.. Best regards, Matej
-
Hi, just to clarify, when evaluating Recipient condition, Mail Security currently uses values of "To" and "Cc" MIME headers and all addresses passed in RCPT commands in SMTP envelope - that includes all Bcc recipients too. Note: for incoming messages the "Bcc" MIME header shouldn't be present at all - at least according to RFC (5322). But for outgoing messages it could be useful to add it to the condition evaluation - if that's the case. We can track it as a feature request. Best regards, Matej
-
Remove any macro in Microsoft Office documents
M.K. replied to pronto's topic in ESET Products for Windows Servers
Hi, a quick update to this older thread. With the upcoming update of the Archive support module (v1303, currently on pre-release servers) it should be now possible to remove macros from office documents in incoming emails, even in previously released Mail security products. If you define a custom rule with Attachment type condition, select "Office files/Generic OLE2 Compound Document", and choose Quarantine attachment (or Delete attachment) as an action, Office documents will be delivered without any macros. Note: you can of course combine additional conditions in the rule to target it to specific groups or types of emails. Matej -
eset mail box count tool (for eset mail security)
M.K. replied to Joe-ESET2016's topic in ESET Products for Windows Servers
Hi Joe, typically the tool should produce the same results. Have you tried running it with parameters (/names, /details) to see which mailboxes make the difference? M.K. -
Hi, I meant sender's IP address in this context - this is usually the topmost Received header. M.K.
-
Hi, Our GeoIP DB correctly identifies this IP as Chinese. But only the sender's address (last hop) is verified against Blocked countries list, not all intermediate servers from Received headers.
-
Remove any macro in Microsoft Office documents
M.K. replied to pronto's topic in ESET Products for Windows Servers
Hi Tom, in Mail Security there is an option to define a custom rule to move all emails containing macro-enabled office documents to quarantine. You need to define an Attachment type condition and mark "Microsoft Office Macro-Enabled Document (97-2003)", "Microsoft Word Macro-Enabled (2007+) (*docm, *dotm)", etc... Matej -
ESET Mail Security blocking GMail??
M.K. replied to JPVG's topic in ESET Products for Windows Servers
Hi, from your description it seems that the email has been marked as a spam because of it's content ("Rule system classified mail as SPAM"), despite the fact that it came from a trusted source ("IP (209.85.208.175) isn't found on cloud black list"). Ad. "Any ideas why this software is blocking trusted email?": In order to answer this, please open a ticket with our support and provide them with sample(s) of mis-classified email(s). Ad. "Does this software not send a quarantine report to end users?": Yes it can, please refer here (https://help.eset.com/emsx/7.1/en-US/idh_scheduler_task_qreports.html). Matej -
Hi Tom, in general multiple transport agents can act on an email independently, in order based on their priority (see cmdlet Get-TransportAgent, or https://help.eset.com/emsx/7.1/en-US/idh_agent_priority2.html). Ad "Is it possible to setup that spam mails will be delivered in the Junk Mail folder again": Yes, for example set the action to take on spam to "No action" and configure a rule to set the SCL header (https://help.eset.com/emsx/7.1/en-US/idh_wizard_rule_action.html). By default Exchange will then move all emails with SCL above threshold to Junk folder (https://docs.microsoft.com/en-us/exchange/antispam-and-antimalware/antispam-protection/configure-antispam-settings?view=exchserver-2019). Matej
-
Hi Tom, "we see an 'X-ESET-Antispam: OK' tag, which menas to me, that ESET didn't apply any anti spam action": you are right, based on this ESET Mail Security is not responsible for placing the email to the Junk folder. It could be Oulook's state-of-art antispam, or one of the Exchange server's default antispam agents. Check the X-MS-Exchange-Organization-SCL header. The format of X-ESET-AS header is not public, it's used for diagnostic purposes. Matej