Preview Tool

Cisco Bug: CSCul55090 - SPF-status in content filter only matches on PRA identity: Update Guide!

Last Modified

Jun 07, 2020

Products (1)

  • Cisco Email Security Appliance

Known Affected Releases

7.6.3-019 8.0.1-000 8.5.0-000

Description (partial)

The advanced user guide in chapter "Email Authentication" does not state that the Content Filter Condition "SPF-Status" only checks the PRA identity. This needs to be added in the that chapter as customers are not aware of that which causes confusion and unnecessary support cases.

SPF verification is enabled for all incoming messages on Cisco IronPort Mail Flow Policies. A content filter exists which will quarantine or drop the messages if SPF-Verification fails:

SPF-Verification  spf-status == "fail"
Action: 'Quarantine'

mail_log or message tracking shows the following details:

Thu Aug 20 17:27:37 2009 Info: MID 6153849 SPF: helo identity postmaster@example None
Thu Aug 20 17:27:37 2009 Info: MID 6153849 SPF: mailfrom identity Fail (v=spf1)
Thu Aug 20 17:28:15 2009 Info: MID 6153849 SPF: pra identity None headers from Thu Aug 20 17:28:15 2009 Info: MID 6153849 ready 197 bytes from <>
However, message is processed and delivered normally.
Bug details contain sensitive information and therefore require a account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.