M.K.
-
Posts
47 -
Joined
-
Last visited
-
Days Won
2
Kudos
-
M.K. received kudos from SLV in Mail Security - Rule Condition - Internal message and Outgoing message
Hi,
Ad. Internal: messages are consider as internal if the SMTP connection is not marked as external by Exchange server, or when the email comes from the internal mailbox, or when is submitted via local pickup.
Ad. Outgoing: this is based on the email recipients categories. EMSX checks all recipients of the email to determine whether they are located in the same organization, in different organization, or are marked by Exchange as external.
-
M.K. received kudos from SLV in RBL and DNSBL advanced antispam protection on Mail Security for Exchange
Hi, when there is a limit on number of IP addresses from Received headers set by user, they are counted from the most recent (appears on top). Local IP addresses and addresses on Ignore list are skipped i.e. not counted towards the limit.
Note: besides Received headers, we also acquire the IP address of the connecting server from the SMTP session - this address is always checked against our cloud blacklists/whitelists, independent on whether it is part of Received headers or not.
-
M.K. received kudos from Peter Randziak in RBL and DNSBL advanced antispam protection on Mail Security for Exchange
Hi, when there is a limit on number of IP addresses from Received headers set by user, they are counted from the most recent (appears on top). Local IP addresses and addresses on Ignore list are skipped i.e. not counted towards the limit.
Note: besides Received headers, we also acquire the IP address of the connecting server from the SMTP session - this address is always checked against our cloud blacklists/whitelists, independent on whether it is part of Received headers or not.
-
M.K. received kudos from schuetzdentalCB in Exchange Mailsecurity
There is a setting in product "Enable temporary rejecting of undetermined messages"
in Advanced antispam settings, that can help to fight first waves of spam by temporarily rejecting suspicious emails for the specified period until our antispam cloud gathers enough data.
For malware it is recommended to enable ESET LiveGuard (cloud sandbox).
-
M.K. received kudos from Peter Randziak in Exchange Mailsecurity
There is a setting in product "Enable temporary rejecting of undetermined messages"
in Advanced antispam settings, that can help to fight first waves of spam by temporarily rejecting suspicious emails for the specified period until our antispam cloud gathers enough data.
For malware it is recommended to enable ESET LiveGuard (cloud sandbox).
-
M.K. received kudos from Peter Randziak in Exchange server exclusions - clarification
Hi, with automatic exclusions for Exchange Servers we have followed recommendations from Microsoft, i.e. https://learn.microsoft.com/en-us/exchange/antispam-and-antimalware/windows-antivirus-software?view=exchserver-2019
-
M.K. received kudos from TvM in Mail security - Office 365 Mailbox scan - shared mailbox
Hi, this have been fixed in the upcoming 9.0 release.
-
M.K. gave kudos to rekun in ESET Mail Security
If i remember correctly you have to do a regular scan to scan file system, and not mailbox database scan
-
M.K. received kudos from Peter Randziak in Policy not whitelisting spam
Hi,
the problematic domain you reported has been already removed from the cloud blacklist. The quickest way to solve such cases is to send the email sample to nospam_ecos@eset.com (https://support.eset.com/en/kb141-submit-a-virus-website-or-potential-false-positive-sample-to-the-eset-lab#spam) as those are handled almost immediately.
Also based on the sample we have identified a problem in the algorithm that selects the sender's address from email headers in some cases (Return-path: header), and it will be also addressed by an automatic update.
Regards, Matej
-
M.K. received kudos from MichalJ in Policy not whitelisting spam
Hi,
the problematic domain you reported has been already removed from the cloud blacklist. The quickest way to solve such cases is to send the email sample to nospam_ecos@eset.com (https://support.eset.com/en/kb141-submit-a-virus-website-or-potential-false-positive-sample-to-the-eset-lab#spam) as those are handled almost immediately.
Also based on the sample we have identified a problem in the algorithm that selects the sender's address from email headers in some cases (Return-path: header), and it will be also addressed by an automatic update.
Regards, Matej
-
M.K. received kudos from TomasP in Policy not whitelisting spam
Hi,
the problematic domain you reported has been already removed from the cloud blacklist. The quickest way to solve such cases is to send the email sample to nospam_ecos@eset.com (https://support.eset.com/en/kb141-submit-a-virus-website-or-potential-false-positive-sample-to-the-eset-lab#spam) as those are handled almost immediately.
Also based on the sample we have identified a problem in the algorithm that selects the sender's address from email headers in some cases (Return-path: header), and it will be also addressed by an automatic update.
Regards, Matej
-
M.K. received kudos from Peter Randziak in How to deal with display name spoofing, when contains right mailadress also in reply, but "name@abc.com" is different
Hi,
have you tried using custom rules with the combinations of conditions
From header - address
From header - display name?
You can also have all macro-enabled office documents quarantined, using the Attachment type condition.
-
M.K. received kudos from Mike_Kintaru in Eset Mail Security
Hi,
also please note that ESET Mail Security for Exchange can also be used to scan Exchange Online mailboxes with on-demand scan in case of hybrid deployments (on-premise + cloud). Mail transport in hybrid deployments is scanned only if emails are routed first to on-premise server and then to cloud.
Matej
-
M.K. received kudos from HenrysCat in DNSBL vs RBL Mail security
Hi,
RBL servers are queried with IP addresses extracted from message headers, DNSBL server are queried with domains and IP addresses extracted from the message body.
So the answer depends on the type of the BL, i.e. Spamhaus could be in both, Spamcop collects only IP's so it's probably sufficient to put it only in Additional RBL servers list, etc..
Best regards,
Matej
-
M.K. received kudos from Nightowl in Remove any macro in Microsoft Office documents
Hi,
a quick update to this older thread.
With the upcoming update of the Archive support module (v1303, currently on pre-release servers) it should be now possible to remove macros from office documents in incoming emails, even in previously released Mail security products.
If you define a custom rule with Attachment type condition, select "Office files/Generic OLE2 Compound Document", and choose Quarantine attachment (or Delete attachment) as an action, Office documents will be delivered without any macros.
Note: you can of course combine additional conditions in the rule to target it to specific groups or types of emails.
Matej
-
M.K. received kudos from Peter Randziak in Remove any macro in Microsoft Office documents
Hi,
a quick update to this older thread.
With the upcoming update of the Archive support module (v1303, currently on pre-release servers) it should be now possible to remove macros from office documents in incoming emails, even in previously released Mail security products.
If you define a custom rule with Attachment type condition, select "Office files/Generic OLE2 Compound Document", and choose Quarantine attachment (or Delete attachment) as an action, Office documents will be delivered without any macros.
Note: you can of course combine additional conditions in the rule to target it to specific groups or types of emails.
Matej
-
M.K. received kudos from JPVG in ESET Mail Security blocking GMail??
Hi,
from your description it seems that the email has been marked as a spam because of it's content ("Rule system classified mail as SPAM"), despite the fact that it came from a trusted source ("IP (209.85.208.175) isn't found on cloud black list").
Ad. "Any ideas why this software is blocking trusted email?":
In order to answer this, please open a ticket with our support and provide them with sample(s) of mis-classified email(s).
Ad. "Does this software not send a quarantine report to end users?":
Yes it can, please refer here (https://help.eset.com/emsx/7.1/en-US/idh_scheduler_task_qreports.html).
Matej
-
M.K. received kudos from Nightowl in Remove any macro in Microsoft Office documents
Hi Tom,
in Mail Security there is an option to define a custom rule to move all emails containing macro-enabled office documents to quarantine. You need to define an Attachment type condition and mark "Microsoft Office Macro-Enabled Document (97-2003)", "Microsoft Word Macro-Enabled (2007+) (*docm, *dotm)", etc...
Matej