just tested and email goes through ok but does not seem to be filtered. It also never shows on mailwatch recent messages screen.
I pointed our firewall to efa and in efa all domains have been configured in the console
Any ideas??? gotta be close...
email not filtering
-
- Posts: 97
- Joined: 01 Jul 2017 02:32
Re: email not filtering
Are you able to post the headers of the message received? Just so this way we can verify the route the message took, and rule out misconfigured port forwarding on the firewall
Re: email not filtering
Code: Select all
Received: from xxxxEXCH01.xxxx.org (192.168.111.xx) by
xxxxEXCH01.xxxx.org (192.168.111.xx) with Microsoft SMTP Server
(version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.544.27
via Mailbox Transport; Tue, 8 Aug 2017 17:45:25 -0600
Received: from xxxxxEXCH01.xxx.org (192.168.111.xx) by
xxxxxexch01.xxxxorg (192.168.111.xxx) with Microsoft SMTP Server
(version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
15.1.544.27; Tue, 8 Aug 2017 17:45:25 -0600
Received: from mail.xxx.org (192.168.111.xx) by xxxxEXCH01.xxxx.org
(192.168.111.62) with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.544.27 via Frontend
Transport; Tue, 8 Aug 2017 17:45:25 -0600
Received: from NAM03-DM3-obe.outbound.protection.outlook.com (mail-oln040092008058.outbound.protection.outlook.com[40.92.8.58]) by mail.xxxx.org with Trustwave SEG (v7,5,5,8150) (using TLS: TLSv1.2, AES256-SHA256)
id <B598a4d130000>; Tue, 08 Aug 2017 17:45:23 -0600
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hotmail.com;
s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version;
bh=J/AV+4bv0pAHHYfq3fmag7HTX4iX0/JT4ZOfJTclk8c=;
b=CPaqlpv52pr9DBxfmJaF94Yw90frC8W+3jvgAEq28PRmDNGIrYyPRh1pktpkNdCQ7D5Z0+a7YADBSU9AF01zFGXwJ9AEJ+imXI7ZvSJhk2wo9oJ27wcmWFsneyMM9qnkarIfHc/477ELrcXFE0gGnqQP40Tj4nZkZADcMcNi46zVhy2w5aB5ZoiTEXkwZWLA5KbT/KaVieSmErPoTz5xIA5KNDu3eGaI8dpd1t8FnHqm1+zRXA7J7tkd06ZOve4EttWwlKJT8CmTFp+Ue0C/k09JFXLXDp70bBpSb4WSEcsSbJWyU0aFLN4nUNluv/aXen3n4icxTpb/H5/RRyiOPA==
Received: from DM3NAM03FT027.eop-NAM03.prod.protection.outlook.com
(10.152.82.52) by DM3NAM03HT007.eop-NAM03.prod.protection.outlook.com
(10.152.82.90) with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.1304.16; Tue, 8
Aug 2017 23:45:23 +0000
Received: from CY1PR15MB0533.namprd15.prod.outlook.com (10.152.82.51) by
DM3NAM03FT027.mail.protection.outlook.com (10.152.82.190) with Microsoft SMTP
Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id
15.1.1304.16 via Frontend Transport; Tue, 8 Aug 2017 23:45:23 +0000
Received: from CY1PR15MB0533.namprd15.prod.outlook.com ([10.164.72.151]) by
CY1PR15MB0533.namprd15.prod.outlook.com ([10.164.72.151]) with mapi id
15.01.1320.018; Tue, 8 Aug 2017 23:45:22 +0000
From: Da <dwshexxx@xx.com>
To: Da <dsxxx@xxxx.org>
Subject: test on efa
Thread-Topic: test on efa
Thread-Index: AdMQoGT6YLgdpAt8Sfaa4b8J8TcWOw==
Date: Tue, 8 Aug 2017 23:45:22 +0000
Message-ID: <CY1PR15MB0533781942BF87DA8E696225C98A0@CY1PR15MB0533.namprd15.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-incomingtopheadermarker: OriginalChecksum:FBCA9904FE3CA1E7275357BAD97ECCADA85D1BFC73A948607F9ADCA29C86BA4D;UpperCasedChecksum:FBAD20BC57AC03145FBC0B563054192E0D190D85B810A7FB7BDBF6D4D75DF4A6;SizeAsReceived:6929;Count:43
x-tmn: [M5syGRQOmYRFHPj9KLd7CqNF0Glr3LRj]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1;DM3NAM03HT007;7:VilKXQCSd+Y5/DrLGddtJs/wI9JyEDgD5xyWv+kH2vAbjOaX4z09CYD4HgVkET5pILsAhjUcUkWGS+AMEfJpN6q+J/LtMU3QSRmdxHyYBSAibQrjb0Z05qttgvhJC+Kn61HpdWAblG1VOQW6d8hy39nSLKwQdB/RP5OsW9fQqfdOa9GgdTVPWZK2AJ6I4/ON9smFG4nSBfHou7aJrPuEydtGfhAhUhMvtVB7OtsVn6TIOdRiYHsDEgHv4sowz/OQBk4DFds3DjrS4RS3zYWag/Ek/B2Zde0jd+XLJxIXK4GSzLt1I2ewZ0sCphpMZb8UqPJbk1ZoLSWE8c5cklfuFUp6YcgSLmKUqSpHUJU0XQ15wTg2kaWSDpDfEoRvlsiG8xZVpf754YrgQbXVeQT2/j4dcxzb2IlG1qrAEmu135okZNhSmkYYC11zJhQG1vDwFKGd2/QIS2JSSRpvvbF1tf6D9kR3zxaD54gyHU7pSoWANgJ8isYay0nVgKzAHPr2R7Y7oYw7OOT8uMDBZ02YcIqN5k4W1JCCLqo2aUOSEGcJWYklVufaUcEWeQBU2ZFxW2akm4g52/pUCX6Ozka2FrB2IBWc6UO4ULOR/l8aNvHHZDiI5I5ToyW+ugB8cfNg2xO+I44MrNjDoz97TjCuQ4qsGGeArmH+SvF65OzgWNtOwmxftc+Bpo10hk+WIyAyf1Xa01G/UJ319IOZdqVXa2vQKuCxfD9QuEhVveOzZTSTw/qPZ2Ws6EVCzPeHHLdqme6kvNdVGVDbQZgi+1hEdw==
x-incomingheadercount: 43
x-eopattributedmessage: 0
x-forefront-antispam-report: EFV:NLI;SFV:NSPM;SFS:(7070007)(98901004);DIR:OUT;SFP:1901;SCL:1;SRVR:DM3NAM03HT007;H:CY1PR15MB0533.namprd15.prod.outlook.com;FPR:;SPF:None;LANG:en;
x-ms-office365-filtering-correlation-id: 573d4018-133c-4a1a-e758-08d4deb7892f
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:(300000500095)(300135000095)(300000501095)(300135300095)(22001)(300000502095)(300135100095)(300000503095)(300135400095)(201702061074)(5061506573)(5061507331)(1603103135)(2017031320274)(2017031324274)(2017031323274)(2017031322377)(1603101448)(1601125374)(1701031045)(300000504095)(300135200095)(300000505095)(300135600095)(300000506095)(300135500095);SRVR:DM3NAM03HT007;
x-ms-traffictypediagnostic: DM3NAM03HT007:
x-exchange-antispam-report-test: UriScan:(194151415913766)(21748063052155);
x-exchange-antispam-report-cfa-test: BCL:0;PCL:0;RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(444000031);SRVR:DM3NAM03HT007;BCL:0;PCL:0;RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095);SRVR:DM3NAM03HT007;
x-forefront-prvs: 03932714EB
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative;
boundary="_000_CY1PR15MB0533781942BF87DA8E696225C98A0CY1PR15MB0533namp_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-originalarrivaltime: 08 Aug 2017 23:45:22.7300
(UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Internet
X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM3NAM03HT007
Return-Path: dwxxxx@hotmail.com
X-MS-Exchange-Organization-Network-Message-Id: eba84131-807f-4d35-104f-08d4deb78a98
X-MS-Exchange-Organization-AVStamp-Enterprise: 1.0
X-MS-Exchange-Organization-AuthSource: mymailserver.myco.org
X-MS-Exchange-Organization-AuthAs: Anonymous
X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.1670310
X-EsetId: 37303A298FABB263667660
Re: email not filtering
so tried to run a smtp test from innside my LAN using an SMTP test tool. here is the log :
Code: Select all
Connecting to mail server.
Connected.
220 .mydomain.org ESMTP
EHLO mymailservername
250-mail.mydomain.org
250-PIPELINING
250-SIZE 10240000
250-ETRN
250-STARTTLS
250-AUTH CRAM-MD5 LOGIN DIGEST-MD5 PLAIN
250-AUTH=CRAM-MD5 LOGIN DIGEST-MD5 PLAIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
RSET
250 2.0.0 Ok
MAIL FROM: <me@hotmail.com>
250 2.1.0 Ok
RCPT TO: <me@mydomain.org>
451 4.3.0 <me@mydomain.org>: Temporary lookup failure
Error: SMTP protocol error. 451 4.3.0 <me@mydomain.org>: Temporary lookup failure.
Failed to send messageForcing disconnection from SMTP server.
QUIT
221 2.0.0 Bye
Disconnected.
-
- Posts: 97
- Joined: 01 Jul 2017 02:32
Re: email not filtering
Do you happen to be using, or used Trustwave as your prior filter?
I take it that the mail.XXXXXX.org is the EFA appliance?
I see the message received from O365 (since that is hotmail's backend) via mail.XXXXX.org, but with a trustwave signature?
I take it that the mail.XXXXXX.org is the EFA appliance?
I see the message received from O365 (since that is hotmail's backend) via mail.XXXXX.org, but with a trustwave signature?
Re: email not filtering
trustwave is the old filter and mail.XXXXXX.org is the alias we use for our mail server