Cisco Bug: CSCvu44322 - [ENH] ESA SDR domain exception list should match against other headers too than just 'env-from:'
Jun 05, 2020
- Cisco Email Security Appliance
Known Affected Releases
12.5.1-031 12.5.1-037 13.0.0-392
Symptom: ** Currently the logic that SDR domain exception list uses is: > To skip SDR check, by default, the domains in the Envelope From:, From:, and Reply-To: headers of the message must be the same and match the domains configured in the domain exception list. > To skip the SDR check based on the domain in the Envelope From: header only, we can enable the option of 'Match Domain Exception List based on domain in Envelope From:' under ESA GUI > Security Services > Domain Reputation. ** Some customers have valid senders that don't match either of the criteria mentioned above. And sometimes, domains other than the one present in 'Envelope From:' header come into the radar of SDR checks, even though they may be valid domains. Need the ability for ESA to skip SDR checks if the domain for any header (reverse DNS host:, helo:, env-from:, header_from:, reply_to:) matches a domain listed in the Domain Exception list. Conditions: SDR has been enabled and Domain exception list has been configured.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases