Guest

Preview Tool

Cisco Bug: CSCul55090 - SPF-status in content filter only matches on PRA identity: Update Guide!

Last Modified

Jun 07, 2020

Products (1)

  • Cisco Email Security Appliance

Known Affected Releases

7.6.3-019 8.0.1-000 8.5.0-000

Description (partial)

Symptom:
The advanced user guide in chapter "Email Authentication" does not state that the Content Filter Condition "SPF-Status" only checks the PRA identity. This needs to be added in the that chapter as customers are not aware of that which causes confusion and unnecessary support cases.

Conditions:
SPF verification is enabled for all incoming messages on Cisco IronPort Mail Flow Policies. A content filter exists which will quarantine or drop the messages if SPF-Verification fails:

SPF-Verification  spf-status == "fail"
Action: 'Quarantine'

mail_log or message tracking shows the following details:

Thu Aug 20 17:27:37 2009 Info: MID 6153849 SPF: helo identity postmaster@example None
Thu Aug 20 17:27:37 2009 Info: MID 6153849 SPF: mailfrom identity user@example.com Fail (v=spf1)
Thu Aug 20 17:28:15 2009 Info: MID 6153849 SPF: pra identity user@example.com None headers from Thu Aug 20 17:28:15 2009 Info: MID 6153849 ready 197 bytes from <user@example.com>
However, message is processed and delivered normally.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.