email not filtering

General eFa discussion
Post Reply
dsheetz
Posts: 35
Joined: 01 Jun 2017 17:36

email not filtering

Post by dsheetz »

just tested and email goes through ok but does not seem to be filtered. It also never shows on mailwatch recent messages screen.
I pointed our firewall to efa and in efa all domains have been configured in the console

Any ideas??? gotta be close...
TheGr8Wonder
Posts: 97
Joined: 01 Jul 2017 02:32

Re: email not filtering

Post by TheGr8Wonder »

Are you able to post the headers of the message received? Just so this way we can verify the route the message took, and rule out misconfigured port forwarding on the firewall
dsheetz
Posts: 35
Joined: 01 Jun 2017 17:36

Re: email not filtering

Post by dsheetz »

Code: Select all


Received: from xxxxEXCH01.xxxx.org (192.168.111.xx) by
 xxxxEXCH01.xxxx.org (192.168.111.xx) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.544.27
 via Mailbox Transport; Tue, 8 Aug 2017 17:45:25 -0600
Received: from xxxxxEXCH01.xxx.org (192.168.111.xx) by
xxxxxexch01.xxxxorg (192.168.111.xxx) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.1.544.27; Tue, 8 Aug 2017 17:45:25 -0600
Received: from mail.xxx.org (192.168.111.xx) by xxxxEXCH01.xxxx.org
 (192.168.111.62) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.544.27 via Frontend
 Transport; Tue, 8 Aug 2017 17:45:25 -0600
Received: from NAM03-DM3-obe.outbound.protection.outlook.com (mail-oln040092008058.outbound.protection.outlook.com[40.92.8.58]) by mail.xxxx.org with Trustwave SEG (v7,5,5,8150) (using TLS: TLSv1.2, AES256-SHA256)
	id <B598a4d130000>; Tue, 08 Aug 2017 17:45:23 -0600
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hotmail.com;
 s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version;
 bh=J/AV+4bv0pAHHYfq3fmag7HTX4iX0/JT4ZOfJTclk8c=;
 b=CPaqlpv52pr9DBxfmJaF94Yw90frC8W+3jvgAEq28PRmDNGIrYyPRh1pktpkNdCQ7D5Z0+a7YADBSU9AF01zFGXwJ9AEJ+imXI7ZvSJhk2wo9oJ27wcmWFsneyMM9qnkarIfHc/477ELrcXFE0gGnqQP40Tj4nZkZADcMcNi46zVhy2w5aB5ZoiTEXkwZWLA5KbT/KaVieSmErPoTz5xIA5KNDu3eGaI8dpd1t8FnHqm1+zRXA7J7tkd06ZOve4EttWwlKJT8CmTFp+Ue0C/k09JFXLXDp70bBpSb4WSEcsSbJWyU0aFLN4nUNluv/aXen3n4icxTpb/H5/RRyiOPA==
Received: from DM3NAM03FT027.eop-NAM03.prod.protection.outlook.com
 (10.152.82.52) by DM3NAM03HT007.eop-NAM03.prod.protection.outlook.com
 (10.152.82.90) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.1304.16; Tue, 8
 Aug 2017 23:45:23 +0000
Received: from CY1PR15MB0533.namprd15.prod.outlook.com (10.152.82.51) by
 DM3NAM03FT027.mail.protection.outlook.com (10.152.82.190) with Microsoft SMTP
 Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id
 15.1.1304.16 via Frontend Transport; Tue, 8 Aug 2017 23:45:23 +0000
Received: from CY1PR15MB0533.namprd15.prod.outlook.com ([10.164.72.151]) by
 CY1PR15MB0533.namprd15.prod.outlook.com ([10.164.72.151]) with mapi id
 15.01.1320.018; Tue, 8 Aug 2017 23:45:22 +0000
From: Da <dwshexxx@xx.com>
To: Da <dsxxx@xxxx.org>
Subject: test on efa
Thread-Topic: test on efa
Thread-Index: AdMQoGT6YLgdpAt8Sfaa4b8J8TcWOw==
Date: Tue, 8 Aug 2017 23:45:22 +0000
Message-ID: <CY1PR15MB0533781942BF87DA8E696225C98A0@CY1PR15MB0533.namprd15.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-incomingtopheadermarker: OriginalChecksum:FBCA9904FE3CA1E7275357BAD97ECCADA85D1BFC73A948607F9ADCA29C86BA4D;UpperCasedChecksum:FBAD20BC57AC03145FBC0B563054192E0D190D85B810A7FB7BDBF6D4D75DF4A6;SizeAsReceived:6929;Count:43
x-tmn: [M5syGRQOmYRFHPj9KLd7CqNF0Glr3LRj]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1;DM3NAM03HT007;7:VilKXQCSd+Y5/DrLGddtJs/wI9JyEDgD5xyWv+kH2vAbjOaX4z09CYD4HgVkET5pILsAhjUcUkWGS+AMEfJpN6q+J/LtMU3QSRmdxHyYBSAibQrjb0Z05qttgvhJC+Kn61HpdWAblG1VOQW6d8hy39nSLKwQdB/RP5OsW9fQqfdOa9GgdTVPWZK2AJ6I4/ON9smFG4nSBfHou7aJrPuEydtGfhAhUhMvtVB7OtsVn6TIOdRiYHsDEgHv4sowz/OQBk4DFds3DjrS4RS3zYWag/Ek/B2Zde0jd+XLJxIXK4GSzLt1I2ewZ0sCphpMZb8UqPJbk1ZoLSWE8c5cklfuFUp6YcgSLmKUqSpHUJU0XQ15wTg2kaWSDpDfEoRvlsiG8xZVpf754YrgQbXVeQT2/j4dcxzb2IlG1qrAEmu135okZNhSmkYYC11zJhQG1vDwFKGd2/QIS2JSSRpvvbF1tf6D9kR3zxaD54gyHU7pSoWANgJ8isYay0nVgKzAHPr2R7Y7oYw7OOT8uMDBZ02YcIqN5k4W1JCCLqo2aUOSEGcJWYklVufaUcEWeQBU2ZFxW2akm4g52/pUCX6Ozka2FrB2IBWc6UO4ULOR/l8aNvHHZDiI5I5ToyW+ugB8cfNg2xO+I44MrNjDoz97TjCuQ4qsGGeArmH+SvF65OzgWNtOwmxftc+Bpo10hk+WIyAyf1Xa01G/UJ319IOZdqVXa2vQKuCxfD9QuEhVveOzZTSTw/qPZ2Ws6EVCzPeHHLdqme6kvNdVGVDbQZgi+1hEdw==
x-incomingheadercount: 43
x-eopattributedmessage: 0
x-forefront-antispam-report: EFV:NLI;SFV:NSPM;SFS:(7070007)(98901004);DIR:OUT;SFP:1901;SCL:1;SRVR:DM3NAM03HT007;H:CY1PR15MB0533.namprd15.prod.outlook.com;FPR:;SPF:None;LANG:en;
x-ms-office365-filtering-correlation-id: 573d4018-133c-4a1a-e758-08d4deb7892f
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:(300000500095)(300135000095)(300000501095)(300135300095)(22001)(300000502095)(300135100095)(300000503095)(300135400095)(201702061074)(5061506573)(5061507331)(1603103135)(2017031320274)(2017031324274)(2017031323274)(2017031322377)(1603101448)(1601125374)(1701031045)(300000504095)(300135200095)(300000505095)(300135600095)(300000506095)(300135500095);SRVR:DM3NAM03HT007;
x-ms-traffictypediagnostic: DM3NAM03HT007:
x-exchange-antispam-report-test: UriScan:(194151415913766)(21748063052155);
x-exchange-antispam-report-cfa-test: BCL:0;PCL:0;RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(444000031);SRVR:DM3NAM03HT007;BCL:0;PCL:0;RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095);SRVR:DM3NAM03HT007;
x-forefront-prvs: 03932714EB
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative;
	boundary="_000_CY1PR15MB0533781942BF87DA8E696225C98A0CY1PR15MB0533namp_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-originalarrivaltime: 08 Aug 2017 23:45:22.7300
 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Internet
X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM3NAM03HT007
Return-Path: dwxxxx@hotmail.com
X-MS-Exchange-Organization-Network-Message-Id: eba84131-807f-4d35-104f-08d4deb78a98
X-MS-Exchange-Organization-AVStamp-Enterprise: 1.0
X-MS-Exchange-Organization-AuthSource: mymailserver.myco.org
X-MS-Exchange-Organization-AuthAs: Anonymous
X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.1670310
X-EsetId: 37303A298FABB263667660
dsheetz
Posts: 35
Joined: 01 Jun 2017 17:36

Re: email not filtering

Post by dsheetz »

so tried to run a smtp test from innside my LAN using an SMTP test tool. here is the log :

Code: Select all

Connecting to mail server.
Connected.
220 .mydomain.org ESMTP 
EHLO mymailservername
250-mail.mydomain.org
250-PIPELINING
250-SIZE 10240000
250-ETRN
250-STARTTLS
250-AUTH CRAM-MD5 LOGIN DIGEST-MD5 PLAIN
250-AUTH=CRAM-MD5 LOGIN DIGEST-MD5 PLAIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
RSET
250 2.0.0 Ok
MAIL FROM: <me@hotmail.com>
250 2.1.0 Ok
RCPT TO: <me@mydomain.org>
451 4.3.0 <me@mydomain.org>: Temporary lookup failure

Error: SMTP protocol error. 451 4.3.0 <me@mydomain.org>: Temporary lookup failure.
Failed to send messageForcing disconnection from SMTP server.
QUIT
221 2.0.0 Bye
Disconnected.


TheGr8Wonder
Posts: 97
Joined: 01 Jul 2017 02:32

Re: email not filtering

Post by TheGr8Wonder »

Do you happen to be using, or used Trustwave as your prior filter?

I take it that the mail.XXXXXX.org is the EFA appliance?

I see the message received from O365 (since that is hotmail's backend) via mail.XXXXX.org, but with a trustwave signature?
dsheetz
Posts: 35
Joined: 01 Jun 2017 17:36

Re: email not filtering

Post by dsheetz »

trustwave is the old filter and mail.XXXXXX.org is the alias we use for our mail server
TheGr8Wonder
Posts: 97
Joined: 01 Jul 2017 02:32

Re: email not filtering

Post by TheGr8Wonder »

Sent you a PM
Post Reply