We have a cloud-based IronPort ESA and we perform LDAP lookup on all incoming mail. The problem we are having is that we want to turn off the NDR that is generated from the IronPort when an email is sent to a non-existent email address. In other wo...
Hi,
We have an incoming content filter that is used to quarantine suspicious mails, based on Attachment name, sender, and body content dictionaries, as well as a couple of other items.
These have grown over time, particularly with the recent macro ma...
Hi, Enabling the File reputation but not the File analysis would make the ironport to upload all the files to the cloud?
On the documentation it says enabling the file analysis makes the devide upload the file for further inspection but I'd like to k...
Does anyone know if there is a way to get the total number of items scanned by the AMP feature aside of getting the number of items AMP actually stopped? I've looked through a number of the console screens but none seem to give that indication of tot...
We are receiving a bunch of "irsxxxx.doc" attachments with x = random numbers. (example: irs62662.doc)
I've tried setting several filters to strip and quarantine these attachments, but it:
* either doesn't work at all
* strips any attachment with t...
A bit of an odd situation.
We are migrating to a cloud email provider.
For our early test users, email from external users comes to our ironports, flows through to exchange, then exchange forwards it out (through ironport again) to a shadow domain th...
Hi,
I created an incoming filter to quarantine an email recipient starts with 10, for example 109123@domain-y.com
Recipient_Start_With_10: if (rcpt-to == "^10") { quarantine("Policy"); }
I tested the filter and works fine. But, there are some email...
Hi,
I just install a new ESA to replace to old one. I would like to import the old logs to my new ESA.
Can some body let me know the procedure.
Thanks.
Hi All,
We are receiving Spam emails with blank TO address, is there any way we can Quarantine those mails in Cisco ESA.
Eg:
From : test@domain.com
To:
Date : 03/09/2016 11:00 AM
Subject : Payment
Thank you,
Vishnu
Hi everyone,
We received a couple of suspicious mails lately, one of which contained the zepto Ransomware.
Now we're in the process of figuring out why those mails were not blocked and i was wondering if i can check what SPAM Score those Mails recei...
Always I send a Mail across the Ironport C170 the McAfee-Virusscanner produced the following message:
Wed Aug 31 07:17:46 2016 Warning: McAfee watchdog thread terminated and will restart. Error was: ('_coro.pyx coro._coro.coro.__yield (coro/_coro.c:5...
Hi,
Has any one dealed with distribution groups in IronPort and Exchange 2010?
We have some distribution groups that have "Require that all senders are authenticated" to prevent receiving emails from outside organization.
However Ironport routes ema...
Hi,
I am doing a ESA POV for my customer. Deployed the ESA sitting on internal network with one-arm deployment. Firewall is doing the NAT to route incoming SMTP traffic to ESA and then their exchange server.
We are facing issue with Microsoft Office...
Hi all,
Can anyone tell me for mail filters, what about this regex means
(?i)@abc\.com|@efg\.com
The bold on the top means what? I cannot find a reference on this , why there must have ?i on it
Can someone explain what is that use and meaning of ...