SLV

Well, I have one more idea Could you please implement rule action something like "Increase or Decrease SCL value". Now it is available action "Set SCL value", where we can set static SCL value. Will be useful to have possibility set here incremental value, for example +2 or -3. Thus, we can make several dependent rules, and when SCL will reach the threshold, an email will be marked as SPAM.

Hello, ESET team! This is continuation of the topic: ESET Mail Security - to add some improvements - ESET Products for Windows Servers - ESET Security Forum I rechecked in Mail Security 11.0.10005 for Microsoft Exchange Server and variable %FROMADDRESS% don't work in rule actions like "Send event notification to administrator" and "Log to events". As a result, I see same string - %FROMADDRESS%, as this is wrong variable name. At the same time %EnvelopeSender% and %ReplyTo% work perfect. Could you please recheck this as well. And second question, it would be useful for analysis to have in rule actions one more variable something like %HeaderFromDisplayName%, Could you please add it? Thank you.

It looks like %FROMADDRESS% doesn't supported in rule actions. Could you please check this as well. It would be very useful to have in rule actions environment variable %HeaderFromDisplayName%, Could you please add it as well.

Unfortunately, at least %FROMADDRESS% doesn't work in actions "Send event notification to administrator" and "Log to events". At the same time %EnvelopeSender% and %ReplyTo% works well.

Thanks for new variables, we will try them. Regarding #4 Yes, we use that negation logic but in some cases will be more practical to use general exception.

Hello ESET! I have some questions / ideas for ESET Mail Security for Exchange. Maybe you have special form or topic for suggestions (wish list), please share it. 1. Could you please add in rules one more environment variable - %From%. I see it is available %EnvelopeSender% and even %ReplyTo%, but I can't find variable for HeaderFrom, 2. Separate Attachments scan result from "Antivirus scan result" in rule conditions. Now after attachment processing rules the result will be "Infected - cleaned" even for non-infected files like multimedia or archive files in attachments. This is not logic. 3. Add new type of attachments - "Password protected PDF" 4. Add exception in conditions for rules. To create logic like "If some conditions are True except other conditions do Actions" Thank you in advance.

Hello again! To say the truth, we can't use RBL feature with other providers (spamhaus). Because of many false positive. At least one setting doesn't work properly: "Maximum number of verified addresses from Received: headers" "You can limit the number of IP addresses that are checked by Antispam. This concerns the IP addresses written in Received: from headers. The default value is 0, which means that only the last identified sender's IP address is checked." Copied from online help: https://help.eset.com/emsx/10.0/en-US/idh_antispam_engine.html For some reason EMSX parse more IP addresses from header (not only last). Here is the log example: Antispam scan result: Spam IP (X.Y.Z.61) listed on RBL service (zen.spamhaus.org:127.0.0.11) IP (A.B.C.220) wasn't found on cloud blacklist 2 Actually A.B.C.220 address is last from header, and from it was initiated the SMTP session. Could you please check is this is an issue? Used EMSX version 9

Hello ESET Could you please describe how EMSX determines that message is Internal or is Outgoing? Here are official descriptions from online manual https://help.eset.com/emsx/10.0/en-US/idh_wizard_rule_condition.html Internal message: Applies depending on whether a message is internal or not internal. Outgoing message: Applies to outgoing messages. Could you give some more details how EMSX works with these conditions. Thank you in advance.

Thank you for fast answer. You confirmed what I found experimentally. Could you please change Online help to make this topic clearer? It is a bit confusing to understand it because RBL and DNSBL means the same at present. What about second questions? Does it make sense to use well known DNSBL providers. And one more question. Where can I find something like wish-list, where I could request to realize some improvements or features in Mail Security for Exchange?

Hello I have some questions regarding Advanced settings under Antispam protection. 1. Not clear what is the difference between "Additional RBL servers" and "Additional DNSBL servers"? The is no hints in administrative console/ And still not clear from Online help: https://help.eset.com/emsx/10.0/en-US/idh_antispam_engine.html 2. Does it make sense to add in RBL servers well known providers like zen.spamhaus.org, b.barracudacentral.org or bl.spamcop.net? As I see in logs each time an IP is listed in RBL provider it also is found in cloud blacklist 1 or cloud blacklist 2.

Hello I'd support DarrylRH's idea. Why not to create filter in ESET Mail Security for email with “PidLidReminderFileParameter” and quarantine\block such emails? Here you can find some information about this parameter: https://www.bleepingcomputer.com/news/security/critical-microsoft-outlook-bug-poc-shows-how-easy-it-is-to-exploit/