Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4416
Views
30
Helpful
13
Replies

ESA Bounce Verification

Go to solution
ccna_security
Level 3
Level 3

‎08-01-2019 11:43 PM

HI. I test bounce verification in esa. I googled how to do that and found this commands to test bounce verification functionality. 

  • Connecting to ESA using telnet: I connected to esa via telnet and write this command bellow
telnet  esa.example.com 25
Trying 192.168.1.254...
Connected to mail.texno.com
Escape character is '^]'.
220 mail.texno.com ESMTP
helo
250 mail.texno.com

  • MAIL FROM command with null sender address
mail from:
250 sender <> ok
rcpt to: frnak@texno.com
550 #5.1.0 Rejected by bounce verification.   (It is ok. I thought that my configuration works )


  • MAIL FROM command with MAILER-DEAMON@test.com
mail from: MAILER-DAEMON@test.com
250 sender <MAILER-DAEMON@test.com> ok
rcpt to: frnak@texno.com
250 recipient <frnak@texno.az> ok       (Shouldn't it show "Rejected by bounce verification")


https://www.cisco.com/c/en/us/support/docs/security/email-security-appliance/118466-qa-esa-00.html

  

Labels:
0 Helpful
3 Accepted Solutions

Accepted Solutions

Go to solution
Mathew Huynh
Cisco Employee
Cisco Employee

‎08-04-2019 07:37 PM

Hey Ccns90

 

Thank you for bringing this article to my attention.

I believe the article is inaccurate and we should not treat the email with MAILER-DAEMON@domain.com as a bounce event but as a standard envelope sender hence why it is allowed.

 

The ESA will treat envelope sender with a null value <> as a bounce email and without a proper address tagging it will be dropped due to bounce verification.


I will have this article updated.

 

Regards,

Mathew

View solution in original post

Go to solution
ppreenja
Cisco Employee
Cisco Employee
In response to ccna_security

‎08-04-2019 10:35 PM

Hi Ccns90,

Thank you for your query.

The value "Use Default (No)" and "No" is the same.

"Use Default (No)" means that if we are not selecting any option between "Yes" or "No" the ESA appliance takes the value as "No" by default.

I hope that answers your query.

Regards,
Pratham

View solution in original post

Go to solution
Mathew Huynh
Cisco Employee
Cisco Employee
In response to ppreenja

‎08-04-2019 10:57 PM

To add to Pratham,

Default (No) means it's inheriting the settings from the Default Policy Parameters.
Where "No" alone means, override the default parameters with this setting.
In your circumstance, both No will mean the same.
(If you go to the GUI > Mail Policies > Mail flow Policies you will see Default Policy Parameters).

View solution in original post

13 Replies 13

Go to solution
Mathew Huynh
Cisco Employee
Cisco Employee

‎08-04-2019 07:37 PM

Hey Ccns90

 

Thank you for bringing this article to my attention.

I believe the article is inaccurate and we should not treat the email with MAILER-DAEMON@domain.com as a bounce event but as a standard envelope sender hence why it is allowed.

 

The ESA will treat envelope sender with a null value <> as a bounce email and without a proper address tagging it will be dropped due to bounce verification.


I will have this article updated.

 

Regards,

Mathew

Go to solution
ccna_security
Level 3
Level 3
In response to Mathew Huynh

‎08-04-2019 08:35 PM

Hi Mathew

So i properly configured bounce verification right? 

0 Helpful

Go to solution
Mathew Huynh
Cisco Employee
Cisco Employee
In response to ccna_security

‎08-04-2019 08:42 PM

Hello Ccns90,
Yep your setup is correct if it is rejecting null envelope sender.
Please ensure that after you enabled bounce verification tagging key and on the destination controls, you have also enabled it on the relevant mail flow policies if not yet already done.
Regards,
Mathew

Go to solution
ccna_security
Level 3
Level 3
In response to Mathew Huynh

‎08-04-2019 08:46 PM

Thank you in order to warn me. I gave configured on destination control not on mail policies. Could you please tell me which mail policy i should apply to? I have 5 mail policies

0 Helpful

Go to solution
Mathew Huynh
Cisco Employee
Cisco Employee
In response to ccna_security

‎08-04-2019 08:56 PM

Hey Ccns90,
Bounce Verification is enabled at the mail flow policy level.
This means in GUI -> Mail Policies -> HAT Overview (or Mail Flow Policies) you need to make sure you enable it on the flow chosen.
Most emails would (by default) match the UNKNOWNLIST due to SBRS matching, but you can configure it on selective mail flow policy to your security requirement.

Go to solution
ccna_security
Level 3
Level 3
In response to Mathew Huynh

‎08-04-2019 09:21 PM

Do you think it would be enough to apply only to Unknown mail flow policy?

I am goung to configure spf as well and not sure which mail flow policy it should be applied. 

0 Helpful

Go to solution
ccna_security
Level 3
Level 3
In response to ccna_security

‎08-04-2019 09:38 PM

By the way i looked at configuration in mail policies flow there is no bounce verification line to enable. Only Consider Unragged Bounces to be valid shown with Use defaultNo Yes No choices. I choosed use default no

0 Helpful

Go to solution
Mathew Huynh
Cisco Employee
Cisco Employee
In response to ccna_security

‎08-04-2019 09:44 PM

Hey Ccns90,
Sorry for the late reply.
To the other query:
Do you think it would be enough to apply only to Unknown mail flow policy?
I am going to configure spf as well and not sure which mail flow policy it should be applied.

* Typically UNKNOWNLIST is fine, I would also put it into suspectlist as there can be instances of a potential spamming mail server trying to initiate a bounce-storm.
Consider untagged bounces as valid -> No is the bounce verification feature, if you have set this then you're all good.
The only other requirement is the address tagging to be configured in GUI > Mail Policies > Destination Controls.

0 Helpful

Go to solution
ppreenja
Cisco Employee
Cisco Employee

‎08-04-2019 09:41 PM - edited ‎08-04-2019 09:42 PM

Hi Ccns90,

I have checked on the same and could see that I am having similar results.
As informed by Mathew, it seems that the article needs to be corrected and we will work towards the same to get it updated.
Thank you for bringing this up to our notice.
Highly appreciated.

Regards,
Pratham

0 Helpful

Go to solution
ccna_security
Level 3
Level 3
In response to ppreenja

‎08-04-2019 09:55 PM

Thanks for your help i really appreciate. Could you please tell me the difference between Use default no and No? In a bounce verification field i choosed Use Default No

0 Helpful

Go to solution
ppreenja
Cisco Employee
Cisco Employee
In response to ccna_security

‎08-04-2019 10:35 PM

Hi Ccns90,

Thank you for your query.

The value "Use Default (No)" and "No" is the same.

"Use Default (No)" means that if we are not selecting any option between "Yes" or "No" the ESA appliance takes the value as "No" by default.

I hope that answers your query.

Regards,
Pratham

Go to solution
Mathew Huynh
Cisco Employee
Cisco Employee
In response to ppreenja

‎08-04-2019 10:57 PM

To add to Pratham,

Default (No) means it's inheriting the settings from the Default Policy Parameters.
Where "No" alone means, override the default parameters with this setting.
In your circumstance, both No will mean the same.
(If you go to the GUI > Mail Policies > Mail flow Policies you will see Default Policy Parameters).

Go to solution
ccna_security
Level 3
Level 3
In response to Mathew Huynh

‎08-04-2019 11:29 PM

Thank you so much guys for your help. My issue almost solved thanks to both of you.
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents