Email Security

I have an issue blocking users in an LDAP group.  I can add myself to the group and the block works fine.  But if I add another user, it does not block.    Not sure it it if an issue with my Query Definition and Attributes* Query String.  (&(memberOf...

On ESA, I have two listeners configured on separated interfeaces:  Data1 incomming , Data2 - outgoing for processing incomming emails and outgoing emails.ESA is processing incomming messages from Internet to my emial domain, and sending outgoing emai...

Hi everyone,  I have 2 Ironport appliances X series in a cluster configuration, I want to configurate SNMP in both appliances but if I run the command snmpconfig it only allows me to configure snmp for the cluster, in this way I only can "ask" for st...

Hi everyone!I'm having a strange behavior with the disclaimers in my appliances.All the email sent to Internet has to have a disclaimer text, I add this disclaimer through a outgoing content filter and noticed that sometimes the email adds it correct...

Guys,Do you have any idea about license Cisco ESA in Cluster Configuration> If i have two appliance in cluster configuration and i have 1000 user, which option for license i must buy ?1. Just one license for two appliance (which in cluster configurat...

I have automated script to:1) SSH into ESA2) Generate configuration file3) Back it up.The script works fine until I did the upgrade in the past weekend, what I found is that now on version 8.5.6, the command "saveconfig no" is restricted to "cluster ...

I had URL Categories enabled on an inbound policy but it was blocking a lot of legitimate emails.  Is there a way to tell what category triggered the block in the body of the email?  I am trying to figure out the why behind the emails being bounced. 

I have outgoing e-mails scanned for SPAM at the highest thresholds to prevent compromised accounts from sending phishing attempts out from my environment. In the last week or two I have seen a huge increase in the number of false positives on meeting...

As part of Security Awareness training and testing we contracted a company called knowbe4 to initiate some random spoofed e-mail tests into our domain.  Normally I would have figured this would fail because when email comes into the C160 and it has o...

Hi,We have published SPF, DKIM and DMARC and now we start getting DMARC Reports. What is strange is that there are few messages that are send with email Ironport hostname? We have some situations when we return mail reject custome message but that me...

Hi all !Doing some TCP captures, I noticed that all packets originating from the Ironport's have the "Don't Fragment" Bit set...Is this normal / wanted ? Can this be disabled ? (I suspect this is causing problems in some situations...)Could these two...