Jump to content

Eset Mail Security recipient rule condition for bcc recipient


Recommended Posts

Hi,

When I create a "recipient rule condition" for a rule, it did not check in the bcc field.

Is it normal ? If yes, can you add an option so that the "rule recipient condition" also applies to the content of the bcc header field ?

Br,

Link to comment
Share on other sites

Hello,

 

we have the same problem. We receive Mails with datasheets, with are distributed to many other customers to in bcc, the filter can't whitelist our adresses.

It would be a good feature to implement this.

 

With kind regards,

Wolfgang Rademacher

Link to comment
Share on other sites

  • ESET Staff

Hi,

just to clarify, when evaluating Recipient condition, Mail Security currently uses values of "To" and "Cc" MIME headers and all addresses passed in RCPT commands in SMTP envelope - that includes all Bcc recipients too.

Note: for incoming messages the "Bcc" MIME header shouldn't be present at all - at least according to RFC (5322). But for outgoing messages it could be useful to add it to the condition evaluation - if that's the case. We can track it as a feature request.

Best regards,

Matej

Link to comment
Share on other sites

Hi,

That’s strange. I have a rule in place like in the snapshot attached to this message but I still receive email in outlook with these headers:

Quote

Reply-To: <mikeeze337@gmail.com>
From: "MR. MIKE EZE" <peterobi2222@gmail.com>
Date: Tue, 9 Jun 2020 04:10:10 +0100
Message-ID: <CAETN52sPh_1JGquueB8cTXSRasScMn4EbC1aBmV3xmFuWoYYww@mail.gmail.com>
Subject: Your ATM Card Delivery
To: undisclosed-recipients:;
Content-Type: text/plain; charset="UTF-8"
BCC: <test@domain.com>
Return-Path: peterobi2222@gmail.com
X-MS-Exchange-Organization-Network-Message-Id: b25de970-9266-406a-5747-08d80c22a02e
X-MS-Exchange-Organization-AuthSource: XXX
X-MS-Exchange-Organization-AuthAs: Anonymous
X-ESET-AS: R=OK;S=0;OP=CALC;TIME=1591672213;VERSION=7854;MC=1438527220;TRN=21;CRV=0;IPC=209.85.167.196;SP=0;SIPS=3;PI=3;F=0
X-ESET-Antispam: OK
X-EsetResult: clean, is OK
X-EsetId: 37303A2977B7916B627461

But you are right, in exchange log, the email address is in the RCPT TO:

Quote

2020-06-09T03:10:12.872Z,XXX,12,XXX,<,MAIL FROM:<peterobi2222@gmail.com> SIZE=4557,
2020-06-09T03:10:12.872Z,XXX,13,XXX,*,08D80487F4B1FCCF;2020-06-09T03:10:12.210Z;1,receiving message
2020-06-09T03:10:12.872Z,XXX,14,XXX,>,250 2.1.0 Sender OK,
2020-06-09T03:10:12.872Z,XXX,15,XXX,<,RCPT TO:<test@domain.com>,
2020-06-09T03:10:12.873Z,XXX,16,XXX,<,BDAT 4557 LAST,
2020-06-09T03:10:13.226Z,XXX,18,XXX,>,250 2.1.5 Recipient OK,

So why eset is not rejecting the email with the rule attached to this post ?

To be clear, it's always when the email is in BCC in outlook that the rule is not working.

Br,

ESET Mail Security Rule.png

Link to comment
Share on other sites

  • ESET Staff

Hi,

the way you can test this is to create another rule with condition that always hit on the email above, and add Action of type "Log to events" and use a variable %Recipients% in the text. That way you can verify all the addresses Mail Security sees when evaluating the rule.

Best regards,

Matej

Link to comment
Share on other sites

It's not easy to create a rule that always hit... If it was possible, I would have done it to reject the messages....

I will think about it.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...