Cisco Bug: CSCul55090 - SPF-status in content filter only matches on PRA identity: Update Guide!

Last Modified

Jun 07, 2020

Products (1)

Cisco Email Security Appliance

Known Affected Releases

7.6.3-019 8.0.1-000 8.5.0-000

Description (partial)

Symptom:
The advanced user guide in chapter "Email Authentication" does not state that the Content Filter Condition "SPF-Status" only checks the PRA identity. This needs to be added in the that chapter as customers are not aware of that which causes confusion and unnecessary support cases.

Conditions:
SPF verification is enabled for all incoming messages on Cisco IronPort Mail Flow Policies. A content filter exists which will quarantine or drop the messages if SPF-Verification fails:

SPF-Verification  spf-status == "fail"
Action: 'Quarantine'

mail_log or message tracking shows the following details:

Thu Aug 20 17:27:37 2009 Info: MID 6153849 SPF: helo identity postmaster@example None
Thu Aug 20 17:27:37 2009 Info: MID 6153849 SPF: mailfrom identity user@example.com Fail (v=spf1)
Thu Aug 20 17:28:15 2009 Info: MID 6153849 SPF: pra identity user@example.com None headers from Thu Aug 20 17:28:15 2009 Info: MID 6153849 ready 197 bytes from <user@example.com>
However, message is processed and delivered normally.

View Bug Details in Bug Search Tool Login Required

Why Is Login Required?

Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

Full Description (including symptoms, conditions and workarounds)
Status
Severity
Known Fixed Releases
Related Community Discussions
Number of Related Support Cases

Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.

Learn More About Cisco Service Contracts