04-19-2018 07:51 AM - edited 03-08-2019 07:36 PM
Hello,
I'm attempting to validate an incoming content filter using the Trace function before committing the changes to the ESA, however, it appears that it doesn't actually evaluate the country code from the IP address given. However, if I commit the change and review the mail_logs, the ESA matches on the country code.
Example filter:
Trace Information:
IP Address = 178.250.144.155
Senderbase indicates this IP is located in the Netherlands.
(https://talosintelligence.com/reputation_center/lookup?search=178.250.144.155)
However, the Trace results do not reflect that:
While the mail_logs do correctly reflect this, only when the content filter has been committed:
Info: MID123456 Custom Log Entry: Detect-NL-LogEntry detected connection from the Netherlands on IP 178.250.144.155
Should the ESA evaluate the country code in the Trace function?
Thanks!
Solved! Go to Solution.
04-19-2018 05:40 PM
04-19-2018 05:40 PM
04-25-2018 10:24 AM
Thanks, Mathew. I'll submit a feature request to TAC.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: