Eset Mail Security recipient rule condition for bcc recipient

[jadorwin 1]

Hi,

When I create a "recipient rule condition" for a rule, it did not check in the bcc field.

Is it normal ? If yes, can you add an option so that the "rule recipient condition" also applies to the content of the bcc header field ?

Br,

[Rademacher 0]

Hello,

 

we have the same problem. We receive Mails with datasheets, with are distributed to many other customers to in bcc, the filter can't whitelist our adresses.

It would be a good feature to implement this.

 

With kind regards,

Wolfgang Rademacher

[M.K. 17]

Hi,

just to clarify, when evaluating Recipient condition, Mail Security currently uses values of "To" and "Cc" MIME headers and all addresses passed in RCPT commands in SMTP envelope - that includes all Bcc recipients too.

Note: for incoming messages the "Bcc" MIME header shouldn't be present at all - at least according to RFC (5322). But for outgoing messages it could be useful to add it to the condition evaluation - if that's the case. We can track it as a feature request.

Best regards,

Matej

[jadorwin 1]

Hi,

That’s strange. I have a rule in place like in the snapshot attached to this message but I still receive email in outlook with these headers:

Quote

Reply-To: <mikeeze337@gmail.com>
From: "MR. MIKE EZE" <peterobi2222@gmail.com>
Date: Tue, 9 Jun 2020 04:10:10 +0100
Message-ID: <CAETN52sPh_1JGquueB8cTXSRasScMn4EbC1aBmV3xmFuWoYYww@mail.gmail.com>
Subject: Your ATM Card Delivery
To: undisclosed-recipients:;
Content-Type: text/plain; charset="UTF-8"
BCC: <test@domain.com>
Return-Path: peterobi2222@gmail.com
X-MS-Exchange-Organization-Network-Message-Id: b25de970-9266-406a-5747-08d80c22a02e
X-MS-Exchange-Organization-AuthSource: XXX
X-MS-Exchange-Organization-AuthAs: Anonymous
X-ESET-AS: R=OK;S=0;OP=CALC;TIME=1591672213;VERSION=7854;MC=1438527220;TRN=21;CRV=0;IPC=209.85.167.196;SP=0;SIPS=3;PI=3;F=0
X-ESET-Antispam: OK
X-EsetResult: clean, is OK
X-EsetId: 37303A2977B7916B627461

But you are right, in exchange log, the email address is in the RCPT TO:

Quote

2020-06-09T03:10:12.872Z,XXX,12,XXX,<,MAIL FROM:<peterobi2222@gmail.com> SIZE=4557,
2020-06-09T03:10:12.872Z,XXX,13,XXX,*,08D80487F4B1FCCF;2020-06-09T03:10:12.210Z;1,receiving message
2020-06-09T03:10:12.872Z,XXX,14,XXX,>,250 2.1.0 Sender OK,
2020-06-09T03:10:12.872Z,XXX,15,XXX,<,RCPT TO:<test@domain.com>,
2020-06-09T03:10:12.873Z,XXX,16,XXX,<,BDAT 4557 LAST,
2020-06-09T03:10:13.226Z,XXX,18,XXX,>,250 2.1.5 Recipient OK,

So why eset is not rejecting the email with the rule attached to this post ?

To be clear, it's always when the email is in BCC in outlook that the rule is not working.

Br,

[M.K. 17]

Hi,

the way you can test this is to create another rule with condition that always hit on the email above, and add Action of type "Log to events" and use a variable %Recipients% in the text. That way you can verify all the addresses Mail Security sees when evaluating the rule.

Best regards,

Matej

[jadorwin 1]

It's not easy to create a rule that always hit... If it was possible, I would have done it to reject the messages....

I will think about it.