cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1154
Views
0
Helpful
3
Replies

ESA with Outlook 365 exposes huge risks to unfiltered mail

jwharrison
Level 1
Level 1

Microsoft insists that multiple class "B" network ranges be added to the RELAYLIST so that mail can flow through our ESA appliances.   Unfortunately, TAC is saying that mail cannot be subjected to filters. since the mail is being trusted by nature of the RELAY.   Can someone tell me how to configure my ESA's so the mail will be inspected, filtered, like all other non-365 mail?
 

3 Replies 3

Libin Varghese
Cisco Employee
Cisco Employee

Hi,

IPs added to the Relaylist are treated as outbound emails and would be subject to the configuration on Outgoing Mail Policies which includes anti-spam, anti-virus, content filters, dlp, etc.

However, enabling additional scanning for outbound emails would increase load on the appliance depending on the amount of mail flow.

To make use of senderbase reputation checks you could also create message filters for these outgoing emails to drop connections from IP's of poor reputation.

Thank You!

Libin Varghese

The challenge is with INBOUND mail as that is where the relay occurs.  TAC states that relays cannot be filtered.

I'm not sure what you mean by inbound email is being relayed.

Relay action in mail flow policies is for outbound emails.

Accept action in mail flow policies is for inbound emails.

What kind of filtering are you looking to implement?

- Libin V