[KB3346] Spam emails with a null sender address are not quarantined by ESET Mail Security for Microsoft Exchange Server

Details

Although it is possible to avoid this issue by configuring ESET Mail Security for Microsoft Exchange Server to delete all emails marked as spam, the drawback of this method is that if a legitimate email is deleted, it cannot be restored locally.

Use the solution below to create a Transport rule in Microsoft Exchange that will effectively apply a policy that redirects emails with null sender addresses to a specified quarantine mailbox. The use of this method allows you to restore a  legitimate message in the event that it is incorrectly flagged as spam.

Solution

  1.  Open Microsoft Exchange Management Console by clicking Start → All programs Microsoft Exchange Server Exchange Management Console.
     
  2.  Expand Microsoft Exchange On-PremisesOrganization Configuration Hub Transport (select Edge Transport if that is the only role that your organization uses).
     
  3. Select the Transport Rules tab and click New Transport Rule.
Figure 1-1
  1. Type a name for your new rule into the Name field and include a description of your new rule (see Figure 1-2 for a sample description). Click Next when you are finished.
Figure 1-2
  1. Specify the conditions for your new rule:
    1. Select the check box next to When a message header contains specific words.

    2. Click message header underlined in the bottom field, type Return-Path into the Message header field and then click OK.

    3. Click specific words underlined in the bottom field, type <> into the Words field, click Add and then click OK.
Figure 1-3
    1. Click Next.

     6. Specify the actions for your new rule:

    1. Select the check box next to redirect the message to addresses.
       
    2. Click addresses underlined in the bottom field.
Figure 1-4
    1. Click Add in the Specify recipients window and then double-click your quarantine mailbox in the list of users, the quarantine mailbox will be displayed in the Specify recipients window. Click OK in both windows when you are finished.
Figure 1-5
    1. Specify any additional actions you want Exchange to take as part of your rule. We recommend that you log these messages as events and add a string to the message subjects to better track messages that trigger this rule.
       
    2. Click Next.

     7. Specify the Exceptions for your new rule. We recommend that you create exceptions to exclude the text patterns used in out-of-office emails, non-delivery reports (NDRs) and/or delivery status notifications (DSNs) to keep these messages from being quarantined even though they use a null sender address. To do so, follow the instructions below:

  1. Select the check box next to When the Subject field or the message body matches text patterns.
     
  2. Click text patterns in the bottom field.
Figure 1-6
    1. Type the text patterns you want to create exceptions for into the Text patterns field and click Add to add them to your list of excepted patterns. We recommend that you include the patterns Automatic reply: and Undeliverable: because these are both commonly used by Microsoft Exchange to denote messages with null sender fields. You may want to also add certain patterns that are commonly used in out-of-office emails.
       
    2. When you are finished, click OK and then click Next in the Exceptions window.
Figure 1-7
  1. Click New in the Create Rule window.
     
  2. Click Finish in the Completion window. Messages with blank return sender fields should now automatically be redirected to the quarantine mailbox by Microsoft Exchange.

Extra hulp