[KB3346] Spam emails with a null sender address are not quarantined by ESET Mail Security for Microsoft Exchange Server

Issue

  • Create a Transport rule in Microsoft Exchange that redirects emails with null sender addresses to a specified quarantine mailbox

Details


Click to expand
 

Although you can configure ESET Mail Security for Microsoft Exchange Server to delete all emails marked as spam, the drawback of this method is that if a legitimate email is deleted, it cannot be restored locally.

A Transport rule in Microsoft Exchange that redirects emails enables you to restore a  legitimate message in the event that it is incorrectly flagged as spam.


Solution


Microsoft Exchange 2013 and later users
 
  1. To open Microsoft Exchange Administrative Center click Start Microsoft Exchange Server 2019 Exchange Administrative Center.

  2. Type your Domain/username and Password and click Sign in.

    Figure 1-1
    Click the image to view larger in new window
  3. Click Mail flowRules, click the + plus icon and select Create a new rule.

    Figure 1-2
    Click the image to view larger in new window
  4. Type a Name for your rule and click More options.

    Figure 1-3
    Click the image to view larger in new window
  5. From the Apply this rule if drop-down menu, select A message header includes any of these words.

    Figure 1-4
    Click the image to view larger in new window
  6. Click Enter text, type Return-Path into the specify header name field and click OK.

    Figure 1-5
    Click the image to view larger in new window
  7. Click Enter words, type <> into the specify words or phrases field, click the + plus icon → OK.

    Figure 1-6
    Click the image to view larger in new window
  8. From the Do the following drop-down menu, select Redirect the message to these recipients.

    Figure 1-7
    Click the image to view larger in new window
  9. Select your quarantine mailbox and click AddOK.

    Figure 1-8
    Click the image to view larger in new window
  10. We recommend that you create exceptions to exclude the text patterns used in out-of-office emails, non-delivery reports (NDRs) and/or delivery status notifications (DSNs) to keep these messages from being quarantined even though they use a null sender address. To do so, follow the instructions below:

    1. Click add exception.
    Figure 1-9
    Click the image to view larger in new window
    1. From the Except if drop-down menu, select The subject or body matches these text patterns.  
    Figure 1-10
    Click the image to view larger in new window
    1. Into the specify words or phrases field, type the text patterns you want to create exceptions for and click the + plus icon after each one. We recommend that you include the patterns Automatic reply: and Undeliverable: because these are both commonly used by Microsoft Exchange to denote messages with null sender fields. You may want to also add certain patterns that are commonly used in out-of-office emails.
    Figure 1-11
    Click the image to view larger in new window
  11. Specify any additional actions you want Microsoft Exchange to take as part of your rule. We recommend that you log these messages as events and add a string to the message subjects to better track messages that trigger this rule.

  12. Click Save. Messages with blank return sender fields should now automatically be redirected to the quarantine mailbox by Microsoft Exchange.

    Figure 1-12
    Click the image to view larger in new window

Microsoft Exchange Server 2010 users
 
  1.  Open Microsoft Exchange Management Console by clicking Start → All programs Microsoft Exchange Server Exchange Management Console.
     
  2.  Expand Microsoft Exchange On-PremisesOrganization Configuration Hub Transport (select Edge Transport if that is the only role that your organization uses).
     
  3. Select the Transport Rules tab and click New Transport Rule.
Figure 1-1
  1. Type a name for your new rule into the Name field and include a description of your new rule (see Figure 1-2 for a sample description). Click Next when you are finished.
Figure 1-2
  1. Specify the conditions for your new rule:
    1. Select the check box next to When a message header contains specific words.

    2. Click message header underlined in the bottom field, type Return-Path into the Message header field and then click OK.

    3. Click specific words underlined in the bottom field, type <> into the Words field, click Add and then click OK.
Figure 1-3
    1. Click Next.

     6. Specify the actions for your new rule:

    1. Select the check box next to redirect the message to addresses.
       
    2. Click addresses underlined in the bottom field.
Figure 1-4
    1. Click Add in the Specify recipients window and then double-click your quarantine mailbox in the list of users, the quarantine mailbox will be displayed in the Specify recipients window. Click OK in both windows when you are finished.
Figure 1-5
    1. Specify any additional actions you want Exchange to take as part of your rule. We recommend that you log these messages as events and add a string to the message subjects to better track messages that trigger this rule.
       
    2. Click Next.

     7. Specify the Exceptions for your new rule. We recommend that you create exceptions to exclude the text patterns used in out-of-office emails, non-delivery reports (NDRs) and/or delivery status notifications (DSNs) to keep these messages from being quarantined even though they use a null sender address. To do so, follow the instructions below:

  1. Select the check box next to When the Subject field or the message body matches text patterns.
     
  2. Click text patterns in the bottom field.
Figure 1-6
    1. Type the text patterns you want to create exceptions for into the Text patterns field and click Add to add them to your list of excepted patterns. We recommend that you include the patterns Automatic reply: and Undeliverable: because these are both commonly used by Microsoft Exchange to denote messages with null sender fields. You may want to also add certain patterns that are commonly used in out-of-office emails.
       
    2. When you are finished, click OK and then click Next in the Exceptions window.
Figure 1-7
  1. Click New in the Create Rule window.
     
  2. Click Finish in the Completion window. Messages with blank return sender fields should now automatically be redirected to the quarantine mailbox by Microsoft Exchange.