cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
220
Views
10
Helpful
5
Replies
Highlighted
Beginner

Cisco esa SPF configuration

Dear all

İ configured spf and it seems work properly for now. Let me give you brief summery 

1. Created SPF quarantine

2. Enabled SPF in mail flow policy default Policy  parameters(Conformance Level-SPF, Downgrade PRA verification-NO, HELO Test-ON)

3.Created content filter to send Failed spf verification to quarantine.

When i looked at some logs i observed that although mailfromidentity Pass but HELO test Softfail, email is send to SPF quarantine. My question is that what is the recommended choice for HELO Test ? ON or OFF ?

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: Cisco esa SPF configuration

Hello,

 

The SPF record lookup is done using the mail-from domain. So, if the envelope sender address is test@domain.com then you would want to look at the SPF record for domain.com to see if it's configured properly, as they would need to be including the sending host mx.example.com in it. If it is misconfigured then there's nothing you're able to do about that since you do not control their DNS. You would need to contact them so that they can fix it on their end. 

 

If you can provide more details I can try to help confirm. 

 

Thanks!

-Dennis M.

5 REPLIES 5
Cisco Employee

Re: Cisco esa SPF configuration

Hello,

 

Most people are probably not going to have the HELO SPF record configured properly if at all, so my personal opinion would be that it's not necessary. I'd also recommend adding in DKIM and DMARC verification when possible.

 

If you wanted to just act on the mail-from within the filter, you could instead configure a message filter instead of a content filter, as with the message filter you have the ability to choose.

 

https://www.cisco.com/c/en/us/td/docs/security/esa/esa12-5/user_guide/b_ESA_Admin_Guide_12_5/b_ESA_Admin_Guide_12_1_chapter_01000.html#con_1132105

 

Thanks!

-Dennis M.

Beginner

Re: Cisco esa SPF configuration

Thank you Dennis. I have one last question. I would be happy if you help me. Yesterday as i said i configured spf. And one legitimate email came from different mail server and SPF blocked it. Sender's mail server is for example mx.example.com but email address is test@domain.com. The question is that where i have to add SPF record to let domain.com legitimately comes from mx.example.com? It is so urgent please help to solve this issue.Thanks
Cisco Employee

Re: Cisco esa SPF configuration

Hello,

 

The SPF record lookup is done using the mail-from domain. So, if the envelope sender address is test@domain.com then you would want to look at the SPF record for domain.com to see if it's configured properly, as they would need to be including the sending host mx.example.com in it. If it is misconfigured then there's nothing you're able to do about that since you do not control their DNS. You would need to contact them so that they can fix it on their end. 

 

If you can provide more details I can try to help confirm. 

 

Thanks!

-Dennis M.

Beginner

Re: Cisco esa SPF configuration

Thank you Dennis. I will send email to them to add their spf records 

Cisco Employee

Re: Cisco esa SPF configuration

You're very welcome! I'm glad that I was able to assist. :)

 

-Dennis M.