Solved: X-IronPort-RemoteIP

michael-ribeiro · ‎05-31-2024

Hello,

I am testing Secure Email Threat Defense and I want to know the header generate by Cisco Secure Email : X-IronPort-RemoteIP.

I know that it contains the originating IP but I don't understand why is it created and when ? Is it for inbound message or outbound ?
I want you to notice that I use M365 + Secure Email + SETD.

Have a nice day,

Ken Stieers · ‎05-31-2024

This document says if you're using ETD and a Secure Email Gateway, you need to add the header in CES/ESA so that ETD knows where the mail really came from.
https://www.cisco.com/c/en/us/td/docs/security/email-threat-defense/user-guide/secure-email-threat-defense-user-guide/policy.pdf

It points you to this document on how to configure the header in CES
https://docs.ces.cisco.com/docs/configuring-asyncos-message-filter-to-add-sender-ip-header-for-email-threat-defense

So you have a Message Filter in CES that's adding that header.

View solution in original post

Ken Stieers · ‎05-31-2024

This document says if you're using ETD and a Secure Email Gateway, you need to add the header in CES/ESA so that ETD knows where the mail really came from.
https://www.cisco.com/c/en/us/td/docs/security/email-threat-defense/user-guide/secure-email-threat-defense-user-guide/policy.pdf

It points you to this document on how to configure the header in CES
https://docs.ces.cisco.com/docs/configuring-asyncos-message-filter-to-add-sender-ip-header-for-email-threat-defense

So you have a Message Filter in CES that's adding that header.

michael-ribeiro · ‎05-31-2024

Oh I see, thank you a lot for those informations, I understand now

Have a nice day