jadorwin 1 Posted September 8, 2016 Share Posted September 8, 2016 Hi, I just upgrade to ESET Email Security for exchange 6.4. I create a rule to delete email with bad SPF result. I have some services sending email by SMTP. These services authenticate themselves with the SMTP service and send emails with a FROM like service@company.com TO user@company.com. These emails are erased with a false result from the SPF check and this is not correct. FYI I select in the mail transport option that authenticated users are not scanned with the antispam module. In fact, every email send by SMTP (by authenticated users to an internal user) is rejected with a false result from SPF. Is it normal ? Seems strange to me. Br, Link to comment Share on other sites More sharing options...
ESET Staff filips 44 Posted September 12, 2016 ESET Staff Share Posted September 12, 2016 Hi jadorwin,this should help:- edit your rule- add condition "Internal message: false"We will investigate the problem you described - SPF check could be skipped when scanning authenticated emails.Does the domain where authenticated users/services send from have valid SPF records? Link to comment Share on other sites More sharing options...
jadorwin 1 Posted September 13, 2016 Author Share Posted September 13, 2016 Hi, Adding the condition resolve the problem. Thanks. Yes, our domain name has SPF, DKIM and DMARC records for 2 years. Everything is working (especially Gmail accept our mail and check everything). Another remark : I have strange rejection with DKIM too with mail coming from smtp21.email4-beyond.com, mail1.eventbrite.com and other legitimate domain. I'm quite sure that these emails are good but maybe they misconfigured their server (but it's strange from big services relying on email). Anyway, many many thanks for implementing these SPF, DKIM DMARC checks. I was eagerly waiting for them. Br, Link to comment Share on other sites More sharing options...
ESET Staff filips 44 Posted September 20, 2016 ESET Staff Share Posted September 20, 2016 Hi,We managed to find a bug while examining DKIM signatures from mail1.eventbrite.com - this will be fixed in next release of EMSX (6.4.10008)We weren't able to find any problems related to DKIM signatures from smtp21.email4-beyond.com. Please send us a sample .eml file that gives wrong DKIM result (to support or PM me). thanks Link to comment Share on other sites More sharing options...
jadorwin 1 Posted September 20, 2016 Author Share Posted September 20, 2016 Hi filips, Great that you find and fixed a bug. I will try to catch some mail from smtp21.email4-beyond.com with the problem but it's a problem that I found in EMSX logs as these mails are not sent to me and I can't ask the user easily to send me the problematic email. I will keep in touch. Br, Link to comment Share on other sites More sharing options...
Recommended Posts