Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
985
Views
0
Helpful
3
Replies

ESA with Outlook 365 exposes huge risks to unfiltered mail

jwharrison
Level 1
Level 1

‎03-24-2017 10:44 AM

Microsoft insists that multiple class "B" network ranges be added to the RELAYLIST so that mail can flow through our ESA appliances.   Unfortunately, TAC is saying that mail cannot be subjected to filters. since the mail is being trusted by nature of the RELAY.   Can someone tell me how to configure my ESA's so the mail will be inspected, filtered, like all other non-365 mail?
 

Labels:
0 Helpful
3 Replies 3

Libin Varghese
Cisco Employee
Cisco Employee

‎03-24-2017 11:06 AM

Hi,

IPs added to the Relaylist are treated as outbound emails and would be subject to the configuration on Outgoing Mail Policies which includes anti-spam, anti-virus, content filters, dlp, etc.

However, enabling additional scanning for outbound emails would increase load on the appliance depending on the amount of mail flow.

To make use of senderbase reputation checks you could also create message filters for these outgoing emails to drop connections from IP's of poor reputation.

Thank You!

Libin Varghese

0 Helpful

jwharrison
Level 1
Level 1
In response to Libin Varghese

‎03-24-2017 12:58 PM

The challenge is with INBOUND mail as that is where the relay occurs.  TAC states that relays cannot be filtered.

0 Helpful

Libin Varghese
Cisco Employee
Cisco Employee
In response to jwharrison

‎03-24-2017 01:07 PM

I'm not sure what you mean by inbound email is being relayed.

Relay action in mail flow policies is for outbound emails.

Accept action in mail flow policies is for inbound emails.

What kind of filtering are you looking to implement?

- Libin V

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents