cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Cisco Secure Email Support Community

Product Support Talos Support Cisco Support Reference + Current Release
Gateway Reputation Lookup Open a support case Secure Email Guided Setup
Gateway: 14.0.2-020
Cloud Gateway Email Status Portal Support & Downloads docs.ces.cisco.com
Email and Web Manager: 14.1.0-239
Email and Web Manager Web & Email Reputation Worldwide Contacts Product Naming Quick Reference
Reporting Plug-in: 1.1.0.136
Encryption Bug Search
Encryption Plug-in: 1.2.1.167
Cloud Mailbox Notification Service
Outlook Add-in(s): More info

1038
Views
0
Helpful
2
Replies
Sar
Cisco Employee
Cisco Employee

Bounced Envelope Sender for BCC configuration

Hi,

This is my first time configuring BCC mode for PoC. I have encountered a Bounced Envelope Sender for all the emails BCC-ed into CES.

I have removed the Address Tagging Keys, enable Consider Untagged Bounces to be Valid, enabled Smart Exceptions, but I still receive the same bounced email as per below.

Is this because when configured as BCC mode, the email will be eventually blackholed hence the bounce is bound to happen? How can we remove this tag? Thank you so much.

 

Update: This is BCC mode for CES+O365 integration PoC. So far we have followed the instructions here, under Appendix E and F1 but the Bounce Envelope Sender still appears: https://www.cisco.com/c/dam/en/us/products/collateral/security/ces-pov-best-pract.pdf

 

MAIL POLICY "DEFAULT" MATCHED THESE RECIPIENTS: anyone@ces.bcc
05 Jun 2021 11:56:12 (GMT +08:00) Incoming connection (ICID 351514) has sender_group: WHITELIST, sender_ip: x.x.x.x and sbrs: 3.5
05 Jun 2021 11:56:12 (GMT +08:00) Protocol SMTP interface Data 1 (IP 10.x.x.x) on incoming connection (ICID 351514) from sender IP x.x.x.x. Reverse DNS host x.outbound.protection.outlook.com verified yes.
05 Jun 2021 11:56:12 (GMT +08:00) (ICID 351514) ACCEPT sender group WHITELIST match .protection.outlook.com SBRS 3.5 sender IP x.x.x.x country Korea, Republic of
05 Jun 2021 11:56:13 (GMT +08:00) Incoming connection (ICID 351514) successfully accepted TLS protocol TLSv1.2 cipher xxxxxxx.
05 Jun 2021 11:56:13 (GMT +08:00) Message 410 Sender Domain: customer.domain
05 Jun 2021 11:56:13 (GMT +08:00) Start message 410 on incoming connection (ICID 351514).
05 Jun 2021 11:56:13 (GMT +08:00) Message 410 enqueued on incoming connection (ICID 351514) from bounces+ABC=DEFG+=H1@customer.domain.
05 Jun 2021 11:56:13 (GMT +08:00) Message 410 direction: incoming
05 Jun 2021 11:56:14 (GMT +08:00) Message 410 on incoming connection (ICID 351514) added recipient (anyone@ces.bcc).
05 Jun 2021 11:56:14 (GMT +08:00) Message 410 SPF: mailfrom identity bounces+ABC=DEFG+=H1@customer.domain Pass

 

 

2 REPLIES 2
SriramV
Cisco Employee

Check is the bounce profile is configured properly, follow the BCC traffic setup guide

https://www.cisco.com/c/en/us/support/docs/security/email-security-appliance/200413-How-to-configure-a-Beta-ESA-to-accept-pr.html

Sar
Cisco Employee
Cisco Employee

Hi Sriram,

Thank you for the link.

I'm sorry I forgot to mention that this is BCC mode for CES+O365 integration PoC. So far we have followed the instructions here under Appendix E and F1: https://www.cisco.com/c/dam/en/us/products/collateral/security/ces-pov-best-pract.pdf

But we're still facing the Bounce issue. The customer is currently using our on-prem ESA but I don't think we need to modify the existing ESA? Because the email arriving at the customer's mailbox is not bounced, only the ones arriving in the CES (after being BCC-ed) are. Appreciate your expertise here. Thank you.

Create
Recognize Your Peers
Content for Community-Ad