jadorwin 1 Posted June 9, 2020 Share Posted June 9, 2020 Hi, When I create a "recipient rule condition" for a rule, it did not check in the bcc field. Is it normal ? If yes, can you add an option so that the "rule recipient condition" also applies to the content of the bcc header field ? Br, Link to comment Share on other sites More sharing options...
Rademacher 0 Posted June 10, 2020 Share Posted June 10, 2020 Hello, we have the same problem. We receive Mails with datasheets, with are distributed to many other customers to in bcc, the filter can't whitelist our adresses. It would be a good feature to implement this. With kind regards, Wolfgang Rademacher Link to comment Share on other sites More sharing options...
ESET Staff M.K. 22 Posted June 10, 2020 ESET Staff Share Posted June 10, 2020 Hi, just to clarify, when evaluating Recipient condition, Mail Security currently uses values of "To" and "Cc" MIME headers and all addresses passed in RCPT commands in SMTP envelope - that includes all Bcc recipients too. Note: for incoming messages the "Bcc" MIME header shouldn't be present at all - at least according to RFC (5322). But for outgoing messages it could be useful to add it to the condition evaluation - if that's the case. We can track it as a feature request. Best regards, Matej Link to comment Share on other sites More sharing options...
jadorwin 1 Posted June 10, 2020 Author Share Posted June 10, 2020 Hi, That’s strange. I have a rule in place like in the snapshot attached to this message but I still receive email in outlook with these headers: Quote Reply-To: <mikeeze337@gmail.com> From: "MR. MIKE EZE" <peterobi2222@gmail.com> Date: Tue, 9 Jun 2020 04:10:10 +0100 Message-ID: <CAETN52sPh_1JGquueB8cTXSRasScMn4EbC1aBmV3xmFuWoYYww@mail.gmail.com> Subject: Your ATM Card Delivery To: undisclosed-recipients:; Content-Type: text/plain; charset="UTF-8" BCC: <test@domain.com> Return-Path: peterobi2222@gmail.com X-MS-Exchange-Organization-Network-Message-Id: b25de970-9266-406a-5747-08d80c22a02e X-MS-Exchange-Organization-AuthSource: XXX X-MS-Exchange-Organization-AuthAs: Anonymous X-ESET-AS: R=OK;S=0;OP=CALC;TIME=1591672213;VERSION=7854;MC=1438527220;TRN=21;CRV=0;IPC=209.85.167.196;SP=0;SIPS=3;PI=3;F=0 X-ESET-Antispam: OK X-EsetResult: clean, is OK X-EsetId: 37303A2977B7916B627461 But you are right, in exchange log, the email address is in the RCPT TO: Quote 2020-06-09T03:10:12.872Z,XXX,12,XXX,<,MAIL FROM:<peterobi2222@gmail.com> SIZE=4557, 2020-06-09T03:10:12.872Z,XXX,13,XXX,*,08D80487F4B1FCCF;2020-06-09T03:10:12.210Z;1,receiving message 2020-06-09T03:10:12.872Z,XXX,14,XXX,>,250 2.1.0 Sender OK, 2020-06-09T03:10:12.872Z,XXX,15,XXX,<,RCPT TO:<test@domain.com>, 2020-06-09T03:10:12.873Z,XXX,16,XXX,<,BDAT 4557 LAST, 2020-06-09T03:10:13.226Z,XXX,18,XXX,>,250 2.1.5 Recipient OK, So why eset is not rejecting the email with the rule attached to this post ? To be clear, it's always when the email is in BCC in outlook that the rule is not working. Br, Link to comment Share on other sites More sharing options...
ESET Staff M.K. 22 Posted June 12, 2020 ESET Staff Share Posted June 12, 2020 Hi, the way you can test this is to create another rule with condition that always hit on the email above, and add Action of type "Log to events" and use a variable %Recipients% in the text. That way you can verify all the addresses Mail Security sees when evaluating the rule. Best regards, Matej Link to comment Share on other sites More sharing options...
jadorwin 1 Posted June 14, 2020 Author Share Posted June 14, 2020 It's not easy to create a rule that always hit... If it was possible, I would have done it to reject the messages.... I will think about it. Link to comment Share on other sites More sharing options...
Recommended Posts