Jump to content
jadorwin

Eset Mail Security recipient rule condition for bcc recipient

Recommended Posts

Hi,

When I create a "recipient rule condition" for a rule, it did not check in the bcc field.

Is it normal ? If yes, can you add an option so that the "rule recipient condition" also applies to the content of the bcc header field ?

Br,

Share this post


Link to post
Share on other sites

Hello,

 

we have the same problem. We receive Mails with datasheets, with are distributed to many other customers to in bcc, the filter can't whitelist our adresses.

It would be a good feature to implement this.

 

With kind regards,

Wolfgang Rademacher

Share this post


Link to post
Share on other sites

Hi,

just to clarify, when evaluating Recipient condition, Mail Security currently uses values of "To" and "Cc" MIME headers and all addresses passed in RCPT commands in SMTP envelope - that includes all Bcc recipients too.

Note: for incoming messages the "Bcc" MIME header shouldn't be present at all - at least according to RFC (5322). But for outgoing messages it could be useful to add it to the condition evaluation - if that's the case. We can track it as a feature request.

Best regards,

Matej

Share this post


Link to post
Share on other sites

Hi,

That’s strange. I have a rule in place like in the snapshot attached to this message but I still receive email in outlook with these headers:

Quote

Reply-To: <mikeeze337@gmail.com>
From: "MR. MIKE EZE" <peterobi2222@gmail.com>
Date: Tue, 9 Jun 2020 04:10:10 +0100
Message-ID: <CAETN52sPh_1JGquueB8cTXSRasScMn4EbC1aBmV3xmFuWoYYww@mail.gmail.com>
Subject: Your ATM Card Delivery
To: undisclosed-recipients:;
Content-Type: text/plain; charset="UTF-8"
BCC: <test@domain.com>
Return-Path: peterobi2222@gmail.com
X-MS-Exchange-Organization-Network-Message-Id: b25de970-9266-406a-5747-08d80c22a02e
X-MS-Exchange-Organization-AuthSource: XXX
X-MS-Exchange-Organization-AuthAs: Anonymous
X-ESET-AS: R=OK;S=0;OP=CALC;TIME=1591672213;VERSION=7854;MC=1438527220;TRN=21;CRV=0;IPC=209.85.167.196;SP=0;SIPS=3;PI=3;F=0
X-ESET-Antispam: OK
X-EsetResult: clean, is OK
X-EsetId: 37303A2977B7916B627461

But you are right, in exchange log, the email address is in the RCPT TO:

Quote

2020-06-09T03:10:12.872Z,XXX,12,XXX,<,MAIL FROM:<peterobi2222@gmail.com> SIZE=4557,
2020-06-09T03:10:12.872Z,XXX,13,XXX,*,08D80487F4B1FCCF;2020-06-09T03:10:12.210Z;1,receiving message
2020-06-09T03:10:12.872Z,XXX,14,XXX,>,250 2.1.0 Sender OK,
2020-06-09T03:10:12.872Z,XXX,15,XXX,<,RCPT TO:<test@domain.com>,
2020-06-09T03:10:12.873Z,XXX,16,XXX,<,BDAT 4557 LAST,
2020-06-09T03:10:13.226Z,XXX,18,XXX,>,250 2.1.5 Recipient OK,

So why eset is not rejecting the email with the rule attached to this post ?

To be clear, it's always when the email is in BCC in outlook that the rule is not working.

Br,

ESET Mail Security Rule.png

Share this post


Link to post
Share on other sites

Hi,

the way you can test this is to create another rule with condition that always hit on the email above, and add Action of type "Log to events" and use a variable %Recipients% in the text. That way you can verify all the addresses Mail Security sees when evaluating the rule.

Best regards,

Matej

Share this post


Link to post
Share on other sites

It's not easy to create a rule that always hit... If it was possible, I would have done it to reject the messages....

I will think about it.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...