Buy or Renew
Buy or Renew
NEW! Stay up-to-date on Cisco Secure Access: Software Release Notes and Announcements
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1474
Views
0
Helpful
3
Replies

Adding Cisco C100V to Office 365 IP Allow list causes bypass of Outlook Junk Mail filter

SebastianG
Level 1
Level 1

‎01-29-2018 07:15 AM - edited ‎03-08-2019 07:32 PM

Hi,

 

We have 2 Cloud Cisco ESA C100V devices that forward incoming Internet messages to our Office 365 environment. As part of the setup the incoming Internet IP addresses of those 2 units are in our Office 365 IP allow list so no blocking/throttling occurs. The issue we see is that with the Outlook option to select an email as junk and adding it to the Outlook block sender list does not make future emails from that same sender go into the junk mail Outlook folder. The email address appears in the block sender list for Outlook but new messages from that sender stay in the inbox. I opened a ticket with Microsoft and they stated that by having the IP addresses in the IP allow list it causes the messages to ignore the user's local block sender list as it addess as it adds a -1 to the spam confidence level in Office 365.

Are others seeing this same issue? I would think that if that was the case then everyone who is using the Cisco ESAs this way would have the same issue. I wanted to just confirm if there is any other workaround or if something else is occurring.

 

Thank You,

 

Sebastian

Labels:
0 Helpful
3 Replies 3

marc.luescherFRE
Spotlight
Spotlight

‎01-29-2018 07:22 AM

Hi there,
We have been working with MS since 2 years to optimize our setup between ESA and O365. In short there is no easy way and we have run into the IP issue as well.
The workaround we found is to use for the sending interface (ESA to O365) a trusted SSL certificate like smtp.domain.com and to create an O365 filter to trust messages coming in with that cert as SCL -1.

Happy to share more if needed.

-Marc
0 Helpful

SebastianG
Level 1
Level 1
In response to marc.luescherFRE

‎01-29-2018 07:25 AM

Hi Marc,

 

Thanks for the information. With your setup using the trusted cert doesn't setting the SCL to -1 still cause the Outlook junk mail filter to be bypassed/ignored?

 

Thank You,

 

Sebastian

0 Helpful

marc.luescherFRE
Spotlight
Spotlight
In response to SebastianG

‎01-29-2018 07:41 AM

We have attempted multiple loops with MS on that matter.
Our current setup is similar to yours. We also do the following :

1. For messages as SPAm by ESA insert header X-Ironport-SPAM=1
2. For messages as suspicious SPAM insert header X-Ironport-Suspicious=1
3. In O365 create a rule to not set SCL to -1 if one of those two headers exists. That way O365 spam control will do its magic - some of it makes sense, some of it we still try to understand as we speak. That filter needs to be the first in your tenant.
0 Helpful
Customers Also Viewed These Support Documents