cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
283
Views
0
Helpful
2
Replies

X-IronPort-RemoteIP

michael-ribeiro
Level 1
Level 1

Hello,

I am testing Secure Email Threat Defense and I want to know the header generate by Cisco Secure Email : X-IronPort-RemoteIP.

I know that it contains the originating IP but I don't understand why is it created and when ? Is it for inbound message or outbound ?
I want you to notice that I use M365 + Secure Email + SETD.

Have a nice day,

1 Accepted Solution

Accepted Solutions

This document says if you're using ETD and a Secure Email Gateway, you need to add the header in CES/ESA so that ETD knows where the mail really came from.
https://www.cisco.com/c/en/us/td/docs/security/email-threat-defense/user-guide/secure-email-threat-defense-user-guide/policy.pdf

It points you to this document on how to configure the header in CES
https://docs.ces.cisco.com/docs/configuring-asyncos-message-filter-to-add-sender-ip-header-for-email-threat-defense

So you have a Message Filter in CES that's adding that header.

View solution in original post

2 Replies 2

This document says if you're using ETD and a Secure Email Gateway, you need to add the header in CES/ESA so that ETD knows where the mail really came from.
https://www.cisco.com/c/en/us/td/docs/security/email-threat-defense/user-guide/secure-email-threat-defense-user-guide/policy.pdf

It points you to this document on how to configure the header in CES
https://docs.ces.cisco.com/docs/configuring-asyncos-message-filter-to-add-sender-ip-header-for-email-threat-defense

So you have a Message Filter in CES that's adding that header.

Oh I see, thank you a lot for those informations, I understand now

Have a nice day