SLV

Hello again! To say the truth, we can't use RBL feature with other providers (spamhaus). Because of many false positive. At least one setting doesn't work properly: "Maximum number of verified addresses from Received: headers" "You can limit the number of IP addresses that are checked by Antispam. This concerns the IP addresses written in Received: from headers. The default value is 0, which means that only the last identified sender's IP address is checked." Copied from online help: https://help.eset.com/emsx/10.0/en-US/idh_antispam_engine.html For some reason EMSX parse more IP addresses from header (not only last). Here is the log example: Antispam scan result: Spam IP (X.Y.Z.61) listed on RBL service (zen.spamhaus.org:127.0.0.11) IP (A.B.C.220) wasn't found on cloud blacklist 2 Actually A.B.C.220 address is last from header, and from it was initiated the SMTP session. Could you please check is this is an issue? Used EMSX version 9

Hello ESET Could you please describe how EMSX determines that message is Internal or is Outgoing? Here are official descriptions from online manual https://help.eset.com/emsx/10.0/en-US/idh_wizard_rule_condition.html Internal message: Applies depending on whether a message is internal or not internal. Outgoing message: Applies to outgoing messages. Could you give some more details how EMSX works with these conditions. Thank you in advance.

Thank you for fast answer. You confirmed what I found experimentally. Could you please change Online help to make this topic clearer? It is a bit confusing to understand it because RBL and DNSBL means the same at present. What about second questions? Does it make sense to use well known DNSBL providers. And one more question. Where can I find something like wish-list, where I could request to realize some improvements or features in Mail Security for Exchange?

Hello I have some questions regarding Advanced settings under Antispam protection. 1. Not clear what is the difference between "Additional RBL servers" and "Additional DNSBL servers"? The is no hints in administrative console/ And still not clear from Online help: https://help.eset.com/emsx/10.0/en-US/idh_antispam_engine.html 2. Does it make sense to add in RBL servers well known providers like zen.spamhaus.org, b.barracudacentral.org or bl.spamcop.net? As I see in logs each time an IP is listed in RBL provider it also is found in cloud blacklist 1 or cloud blacklist 2.

Hello I'd support DarrylRH's idea. Why not to create filter in ESET Mail Security for email with “PidLidReminderFileParameter” and quarantine\block such emails? Here you can find some information about this parameter: https://www.bleepingcomputer.com/news/security/critical-microsoft-outlook-bug-poc-shows-how-easy-it-is-to-exploit/