Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1774
Views
0
Helpful
2
Replies

Bounced Envelope Sender for BCC configuration

Sar
Cisco Employee
Cisco Employee

‎06-04-2021 11:17 PM - edited ‎06-05-2021 01:29 AM

Hi,

This is my first time configuring BCC mode for PoC. I have encountered a Bounced Envelope Sender for all the emails BCC-ed into CES.

I have removed the Address Tagging Keys, enable Consider Untagged Bounces to be Valid, enabled Smart Exceptions, but I still receive the same bounced email as per below.

Is this because when configured as BCC mode, the email will be eventually blackholed hence the bounce is bound to happen? How can we remove this tag? Thank you so much.

 

Update: This is BCC mode for CES+O365 integration PoC. So far we have followed the instructions here, under Appendix E and F1 but the Bounce Envelope Sender still appears: https://www.cisco.com/c/dam/en/us/products/collateral/security/ces-pov-best-pract.pdf

 

MAIL POLICY "DEFAULT" MATCHED THESE RECIPIENTS: anyone@ces.bcc
05 Jun 2021 11:56:12 (GMT +08:00) Incoming connection (ICID 351514) has sender_group: WHITELIST, sender_ip: x.x.x.x and sbrs: 3.5
05 Jun 2021 11:56:12 (GMT +08:00) Protocol SMTP interface Data 1 (IP 10.x.x.x) on incoming connection (ICID 351514) from sender IP x.x.x.x. Reverse DNS host x.outbound.protection.outlook.com verified yes.
05 Jun 2021 11:56:12 (GMT +08:00) (ICID 351514) ACCEPT sender group WHITELIST match .protection.outlook.com SBRS 3.5 sender IP x.x.x.x country Korea, Republic of
05 Jun 2021 11:56:13 (GMT +08:00) Incoming connection (ICID 351514) successfully accepted TLS protocol TLSv1.2 cipher xxxxxxx.
05 Jun 2021 11:56:13 (GMT +08:00) Message 410 Sender Domain: customer.domain
05 Jun 2021 11:56:13 (GMT +08:00) Start message 410 on incoming connection (ICID 351514).
05 Jun 2021 11:56:13 (GMT +08:00) Message 410 enqueued on incoming connection (ICID 351514) from bounces+ABC=DEFG+=H1@customer.domain.
05 Jun 2021 11:56:13 (GMT +08:00) Message 410 direction: incoming
05 Jun 2021 11:56:14 (GMT +08:00) Message 410 on incoming connection (ICID 351514) added recipient (anyone@ces.bcc).
05 Jun 2021 11:56:14 (GMT +08:00) Message 410 SPF: mailfrom identity bounces+ABC=DEFG+=H1@customer.domain Pass

 

 

Labels:
0 Helpful
2 Replies 2

SriramV
Cisco Employee
Cisco Employee

‎06-05-2021 12:12 AM

Check is the bounce profile is configured properly, follow the BCC traffic setup guide

https://www.cisco.com/c/en/us/support/docs/security/email-security-appliance/200413-How-to-configure-a-Beta-ESA-to-accept-pr.html

0 Helpful

Sar
Cisco Employee
Cisco Employee
In response to SriramV

‎06-05-2021 01:27 AM

Hi Sriram,

Thank you for the link.

I'm sorry I forgot to mention that this is BCC mode for CES+O365 integration PoC. So far we have followed the instructions here under Appendix E and F1: https://www.cisco.com/c/dam/en/us/products/collateral/security/ces-pov-best-pract.pdf

But we're still facing the Bounce issue. The customer is currently using our on-prem ESA but I don't think we need to modify the existing ESA? Because the email arriving at the customer's mailbox is not bounced, only the ones arriving in the CES (after being BCC-ed) are. Appreciate your expertise here. Thank you.

0 Helpful
Customers Also Viewed These Support Documents