10-27-2016 04:40 AM
Hi all,
I've configured a content filter looking at the SPF and if the status equals fail the message will be dropped and according to the documentation only the PRA identity result is checked. My concern is that messages got dropped if the MAILFROM identity result is fail. Has anything changed recently in the ESA or is the documentation incorrect?
Content filter:
Output from message details:
27 Oct 2016 08:27:57 (GMT +02:00) | Message 50819 SPF: mailfrom identity prvs=10164049c=user@mydomain.com Fail |
---|---|
27 Oct 2016 08:27:57 (GMT +02:00) | Message 50819 SPF: pra identity user@mydomain.com None headers from |
27 Oct 2016 08:27:57 (GMT +02:00) | Message 50819 dropped by content filter 'SPF-Fail' in the inbound table. |
---|
/Per
Solved! Go to Solution.
10-27-2016 08:27 AM
When testing any SPF rule don't take an irrevocable action like Drop; instead, put the items in a quarantine or even deliver if there are no other problems and take a copy yourself for analysis.
Remember that there are lots of organisations out there implementing Office 365 badly (they don't even read or understand Microsoft's own advisories on SPF). A number of your SPF HARDFAILs will be false positives, with the sending SPF record reading v=spf1 include:spf.protection.outlook.com -all when the mail is really from an overlooked back office system or third party that pre-dates the implementation.
Once you have an idea of how SPF can help you, you can set up a more automated system.
10-27-2016 10:00 AM
Hello Per,
There is a defect where in older ASyncOS versions the Mail-From SPF validation is not checked via the Content Filter, and would have to be setup via a Message Filter.
Starting with ASyncOS 9.7.2-047 this has been fixed and the Content Filter should now properly trigger on the Mail-From verdict.
More info on the bug here : Content Filter will not trigger on SPF Verdict
Thanks!
-Dennis M.
10-27-2016 08:27 AM
When testing any SPF rule don't take an irrevocable action like Drop; instead, put the items in a quarantine or even deliver if there are no other problems and take a copy yourself for analysis.
Remember that there are lots of organisations out there implementing Office 365 badly (they don't even read or understand Microsoft's own advisories on SPF). A number of your SPF HARDFAILs will be false positives, with the sending SPF record reading v=spf1 include:spf.protection.outlook.com -all when the mail is really from an overlooked back office system or third party that pre-dates the implementation.
Once you have an idea of how SPF can help you, you can set up a more automated system.
10-27-2016 10:00 AM
Hello Per,
There is a defect where in older ASyncOS versions the Mail-From SPF validation is not checked via the Content Filter, and would have to be setup via a Message Filter.
Starting with ASyncOS 9.7.2-047 this has been fixed and the Content Filter should now properly trigger on the Mail-From verdict.
More info on the bug here : Content Filter will not trigger on SPF Verdict
Thanks!
-Dennis M.
10-28-2016 01:58 AM
Thanks Dennis for the clarification, than it make sense why the messages got dropped.
10-28-2016 11:27 AM
You're very welcome! I'm glad I could help! :)
Thanks!
-Dennis M.
10-28-2016 01:57 AM
[NOT THE CORRECT ANSWER]
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide