SPF Checking in Mail Security for Exchange v7

[Stephen Dolphin 0]

I have started using the SPF checking feature in Mail Security for Exchange v7.0. I have, following the documentation, turned off the automatic rejection and instead set up a rule which quarantines the message so that I can then later inspect it and release it.

It appears to me that the software does not understand how to do with soft-fails at the end of SPF records. Normally a "~all" would indicate to the checking software (ESET) that it should allow the message but provide some sort of warning? It seems widely understood that such a soft-fail would result in the outright rejection of a message, but within ESET it does. Moreso there aren't different ways of handling soft and hard fails (e.g. it might be expected that a hard fail is rejected, but a soft fail quarantined). 

Has anyone else experienced this? Is there a workaround?

[jadorwin 1]

Hello,

I confirm that I have the same problem. I never understood why a soft fail was interpreted by a fail at the level of ESET.

I think there should be way to nuance the treatment of an SPF result (main configuration + rules) following a soft or hard fail.

Edited October 17, 2018 by jadorwin

[CNNS 0]

Hi there,

i too have configured some ESET Mailsecurity Installations with rules to test for SPF records. 

To mitigate this issue i am for the moment running a SPF-exception rule before the SPF-failure-to-quarantine rule to allow certain domains from being checked. This however covers only regularly incoming mails and requires a certain amount of management to release others from quarantine.

Please advise how to improve this solution.

Do we have to sign up for a feature request on this?

 

greetings

[Marcos 5,074]

It appears it was implemented today so the change will be included in the next version of EMSX:

"Automatically reject messages if SPF check fails" will reject email only if it hard-fails.

In the future we plan to introduce a new condition in rules, enabling to differentiate hard-failed and soft-failed messages.

[CNNS 0]

Neat, awesome timing.

Thank you for this, will have a look at coming updates.

[igi008 19]

Thank you very much to Marcos for great work in this forum. We are planning release EMSX 7.0.10024.0 on Thursday 20th December (here will be accessible).  We are very happy that you are using ESET products and of course many thanks for providing your valuable feedback.

[CNNS 0]

Hi there again (and a happy new year),

I see that the Autoreject has been altered to hard-fails. Which is nice.

May I ask if there is a schedule for the upcoming rules feature?

As in:

On 12/12/2018 at 5:30 PM, Marcos said:

In the future we plan to introduce a new condition in rules, enabling to differentiate hard-failed and soft-failed messages.

 

Thanks in advance

[igi008 19]

Hello (and happy new year to you too),

we are planning to release build with mentioned rule on the end of January or on the beginning of February.

Thank you very much for your interest, we are very happy that we can build products according the customers needs.

42 minutes ago, CNNS said:

Hi there again (and a happy new year),

I see that the Autoreject has been altered to hard-fails. Which is nice.

May I ask if there is a schedule for the upcoming rules feature?

As in:

 

Thanks in advance

 

[igi008 19]

Hello guys,
the new version of EMSX has been released (7.0.10025).
https://www.eset.com/int/business/mail-security-exchange/download/
SPF result rule was extended (currently is possible to configure an action for "Soft fail").

Enjoy the newest version.

Many thanks for using ESET products!

Edited March 5, 2019 by igi008
link