02-04-2017 02:47 AM
Hello,
Just using the ESA Spoofing message filter at the moment, however it is catching anything that has the specified domain name in it...
http://www.cisco.com/c/en/us/support/docs/security/email-security-appliance/200166-Quarantine-Spoofed-Email-Messages-on-the.html
ie, should be capturing example.com only, however it is capturing;
lmsflksd23s=example.com@sendgrid.net ---> which this type of format is used by alot of bounces/legitimate senders.
I have edited the dictionary to be;
@example.com
However it then fails to detect the spoofed addresses.
What am I missing here? I have a large number of domains, discussing with Cisco already and waiting on replies, but other thoughts would be good.
Thanks
02-04-2017 03:35 AM
I have found that using the example.com$ in the dictionary seems to resolve the issue.
Any thought if that would cause me issues?
02-04-2017 08:09 PM
Hello Damian,
We have a current open defect regarding dictionary entries starting with '@' not matching properly. You can find that here : Dictionary doesn't match as expected when the entries starts with "@" or "\@"
However, it looks like you found a viable workaround, which would be to try using the '$' regular expression symbol so that it looks for the string at the end of the line.
Thanks!
-Dennis M.
02-05-2017 01:59 AM
Thanks for the update - would you envision there being any issues with using the $ instead of matching the domain per the filter instructions?
02-05-2017 05:10 PM
Hello,
That really depends on the types of header formatting you're seeing. I would probably keep both of them within the dictionary so you can be sure to match on different scenarios. You could also use something like the following : example.com>$
I would advise modifying the dictionary entries as you need and then testing via manual SMTP telnet tests to confirm resolution.
Thanks!
-Dennis M.
04-03-2017 02:01 AM
Hello,
Do you have any update on this issue ?
Kr,
Vincent.
05-09-2018 07:20 AM
Hi,
I fix the problem just putting the domain without de @.
It works to me.
Bye
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide