jadorwin 1 Posted September 8, 2016 Posted September 8, 2016 Hi, I just upgrade to ESET Email Security for exchange 6.4. I create a rule to delete email with bad SPF result. I have some services sending email by SMTP. These services authenticate themselves with the SMTP service and send emails with a FROM like service@company.com TO user@company.com. These emails are erased with a false result from the SPF check and this is not correct. FYI I select in the mail transport option that authenticated users are not scanned with the antispam module. In fact, every email send by SMTP (by authenticated users to an internal user) is rejected with a false result from SPF. Is it normal ? Seems strange to me. Br,
ESET Staff filips 44 Posted September 12, 2016 ESET Staff Posted September 12, 2016 Hi jadorwin,this should help:- edit your rule- add condition "Internal message: false"We will investigate the problem you described - SPF check could be skipped when scanning authenticated emails.Does the domain where authenticated users/services send from have valid SPF records?
jadorwin 1 Posted September 13, 2016 Author Posted September 13, 2016 Hi, Adding the condition resolve the problem. Thanks. Yes, our domain name has SPF, DKIM and DMARC records for 2 years. Everything is working (especially Gmail accept our mail and check everything). Another remark : I have strange rejection with DKIM too with mail coming from smtp21.email4-beyond.com, mail1.eventbrite.com and other legitimate domain. I'm quite sure that these emails are good but maybe they misconfigured their server (but it's strange from big services relying on email). Anyway, many many thanks for implementing these SPF, DKIM DMARC checks. I was eagerly waiting for them. Br,
ESET Staff filips 44 Posted September 20, 2016 ESET Staff Posted September 20, 2016 Hi,We managed to find a bug while examining DKIM signatures from mail1.eventbrite.com - this will be fixed in next release of EMSX (6.4.10008)We weren't able to find any problems related to DKIM signatures from smtp21.email4-beyond.com. Please send us a sample .eml file that gives wrong DKIM result (to support or PM me). thanks
jadorwin 1 Posted September 20, 2016 Author Posted September 20, 2016 Hi filips, Great that you find and fixed a bug. I will try to catch some mail from smtp21.email4-beyond.com with the problem but it's a problem that I found in EMSX logs as these mails are not sent to me and I can't ask the user easily to send me the problematic email. I will keep in touch. Br,
Recommended Posts