Restricting email recipient domain with content filter

Gents,
I am looking to restrict email receipient domain to two with the help of content filter instead of using RAT table.
Please help me out.

I understand that you want mail to be rejected for all but 2 Recipient users/domains. You also want to declare the users/domains via a Filter instead of in the RAT. This is not recommended, here is why:
- If you set the RAT to 'All Other Recipients' to 'Accept', other hosts may believe the ESA is an 'Open Relay' and may refuse mail from its IP.
- Bouncing mail after acceptance can cause 'backscatter' emails. This is where a mail server redistributes spam via bounces and it will cause some hosts to reject your mail.
- If done incorrectly, can cause valid mail to bounce.
- If done incorrectly, can make your ESA an Open Relay that can be abused by others.
If you still wish to proceed knowing that the above risks, here are the high-level steps:
1) Set 'All Other Recipients' to 'Accept' in RAT
2) Create a new Incoming Mail Policy
- Add the valid users and/or domains to this new Policy
3) Create new Incoming Content Filter:
- Rule: leave empty
- Action: Bounce
4) Disable all scanning on Default Incoming Mail Policy
5) Apply the new Filter to the Default Incoming Mail Policy
6) Verify that the new Incoming Mail Policy has appropriate scanning enabled
This method works by accepting all mail sent to the ESA, even if it is for a domain you do not control or for an invalid recipient for a domain you do control. When the messages reach the Incoming Mail Policies, valid recipients will match on the new Policy while every other address matches the Default Incoming Mail Policy. Using the Policies in this way is required so that the message is 'splintered' before processing through most scanning features. Now only users/domain that do not match your new Policy will be Bounced by the Content Filter.
Again, I wish to stress that I do _not_ recommend this approach: it is far safer to simply list the valid users or domains directly in the RAT.
- Jackie

Similar Messages

Can't send emails to domains with the new TLDs .care .events .credit

I recently got some of those new TLDs for our business and while I think they're great for short urls and links etc I don't see this picking up anytime soon. Most people I know think that the internet won't work unless you add .au at the end of stuff.
Having said this I now also discovered that my BlackBerry Z10 wont let me send emails to these domains since it thinks it's not a real domain. (which is funny since they've applied for .blackberry)
Is there a fix on the horizon for this soon?

Thanks for posting about this @numnut
I'm going to send you a private message so I can learn more and start investigating.
Did someone help you? Click Like! Did a post solve your issue? Click Accept as Solution!
Follow me on Twitter or Google+ and subscribe to the Inside BlackBerry Help Blog

Content filter on Cisco Email Security Virtual Appliance

Dear friend.
I have problem with Content Filter when configure Cisco Security Virtual Appliance.
You can see my rule on attachment picture.
But when I sent an email with subject : "RE: Nh? m? case l?i k?t n?i t? KH qua firewall Checkpoint", it's block by Content Filter "DenySubject"
I'm sure that in my Dictionary doesn't contains any word from this Subject.
Capture 3 is captured in Policy Quarantine.
Please help me to solve it asap.
Thanks so much.
Vinh Phan

It is not an issue with the virtual ESA. Using my vESA, I get the same results, using your "denysubject.txt" for custom dictionary...
Tue Jun 10 22:53:37 2014 Info: ICID 96 ACCEPT SG UNKNOWNLIST match sbrs[none] SBRS rfc1918
Tue Jun 10 22:53:37 2014 Info: Start MID 58 ICID 96
Tue Jun 10 22:53:37 2014 Info: MID 58 ICID 96 From: <[email protected]>
Tue Jun 10 22:53:37 2014 Info: MID 58 ICID 96 RID 0 To: <[email protected]>
Tue Jun 10 22:53:37 2014 Info: MID 58 Message-ID '<[email protected]>'
Tue Jun 10 22:53:37 2014 Info: MID 58 Subject 'RE: Nh? m? case l?i k?t n?i t? KH qua firewall Checkpoint'
Tue Jun 10 22:53:37 2014 Info: MID 58 ready 7764 bytes from <[email protected]>
Tue Jun 10 22:53:37 2014 Info: MID 58 matched all recipients for per-recipient policy mygmail_inbound in the inbound table
Tue Jun 10 22:53:37 2014 Info: MID 58 quarantined to "Policy" (content filter:DenySubject)
Tue Jun 10 22:54:36 2014 Info: ICID 96 close
Reviewing the contents --- one line is the culprit:
[NuocVIET], 1
Remove that one entry, and the dictionary works.
Tue Jun 10 23:34:19 2014 Info: New SMTP ICID 117 interface Management (172.16.6.165) address 172.16.6.1 reverse dns host unknown verified no
Tue Jun 10 23:34:19 2014 Info: ICID 117 ACCEPT SG UNKNOWNLIST match sbrs[none] SBRS rfc1918
Tue Jun 10 23:34:19 2014 Info: Start MID 91 ICID 117
Tue Jun 10 23:34:19 2014 Info: MID 91 ICID 117 From: <[email protected]>
Tue Jun 10 23:34:19 2014 Info: MID 91 ICID 117 RID 0 To: <[email protected]>
Tue Jun 10 23:34:19 2014 Info: MID 91 Message-ID '<[email protected]>'
Tue Jun 10 23:34:19 2014 Info: MID 91 Subject 'RE: Nh? m? case l?i k?t n?i t? KH qua firewall Checkpoint'
Tue Jun 10 23:34:19 2014 Info: MID 91 ready 4505 bytes from <[email protected]>
Tue Jun 10 23:34:19 2014 Info: MID 91 matched all recipients for per-recipient policy mygmail_inbound in the inbound table
Tue Jun 10 23:34:19 2014 Info: MID 91 queued for delivery
Tue Jun 10 23:34:19 2014 Info: New SMTP DCID 39 interface 172.16.6.165 address 173.37.93.161 port 25
Tue Jun 10 23:34:19 2014 Info: DCID 39 TLS success protocol TLSv1 cipher RC4-SHA
Tue Jun 10 23:34:20 2014 Info: Delivery start DCID 39 MID 91 to RID [0]
Tue Jun 10 23:34:20 2014 Info: Message done DCID 39 MID 91 to RID [0]
Tue Jun 10 23:34:20 2014 Info: MID 91 RID [0] Response '2.0.0 s5B3YLna030140 Message accepted for delivery'
Tue Jun 10 23:34:20 2014 Info: Message finished MID 91 done
Tue Jun 10 23:34:25 2014 Info: DCID 39 close
I hope this helps!
-Robert
(*If you have received the answer to your original question, and found this helpful/correct - please mark the question as answered, and be sure to leave a rating to reflect!)

I have one out of five email address's with coxmail that opens with a blank inbox but other browsers show the content of the same inbox

Question
I have one out of five email address's with coxmail that opens with a blank inbox. Other browsers like opera or IE show the content of the same inbox. I've contacted cox but they tell me the problem is on my computer. I've used three different anti virus/malware scanners to eliminate all the bugs they can find. I need a firefox guru with suggestions. Thanks, Charles

You can undo your permission changes. Probably the most relevant one is cookies. Try one or both of these methods:
(1) Page Info > Permissions tab
While viewing a page on the site:
* right-click and choose View Page Info > Permissions
* Alt+t (open the classic Tools menu) > Page Info > Permissions
(2) about:permissions
In a new tab, type or paste '''about:permissions''' and press Enter. Allow a few moments for the list on the left to populate, as this information needs to be extracted from a database.
Then type or paste ''rcn''' in the search box above the list to filter it to the most relevant domains. When you highlight a domain, you can adjust its permissions in the right pane.
Any luck?

Rule to avoid sending email to the wrong recipient based on content

Hi guys,
My customer has had bad experience with the auto-complete feature in Outlook in the past, and now that he's getting Office 365 Enterprise, he wants to know if there is a way to block any outgoing mail intended for another company. We would be detecting the
destination companies based on 1) company name mentioned somewhere in the email message and 2) company domain specified in the To, Cc and Bcc fields. Example:
I write an email containing confidential information for John Smith from Contoso with the word "Contoso" used at some point in the email body. When I start typing the recipient's address, I inadvertently select another John Smith, this guy from
Fabricam. If I click SEND, Fabricam will have sensitive information intended for Contoso.
Hell breaks loose.
So the solution comes from either Outlook (proactively via a mail-tip) or Exchange (in the background as a transport rule or DLP policy) stopping this from happening, but I can't for the life of me find how to create a rule that checks for a string of text
in the body or subject and compares that to the recipient domain. If a match is found, the email should leave the org just as usual. If one is not found, the email should be either blocked, sent to a manager for approval, or the user warned.
Oh, and the customer will primarily be using EOP1 or E1 plans, so I can't rely on DLP because that's on the EOP2 plans and our company doesn't offer them.
¿Has anybody pulled one of these off in the past? It seems like such a simple scenario yet it doesn't seem straightforward enough.
Thanks!

Hi Gregory,
i do believe your best bet would still be DLP, but i just check on one of our EOP1 customers and there is a possibility to create a Rule (under Mailflow in Exchange admin) that checks on subject and body contents. Hopefully that will allow you to create
the setup you need.
Kind regards, Philipp - Solid IT Solutions

Really Slow web surfing through ZBF with IOS Content filter

Edited: attached partial output of "sh policy-map type inspect zone-pair urlfilter"
Hey, all
We have a 1921 router with IOS Content filter subscribsion and it is also configured as ZBF running latest IOS v15.1. End-user keep complaining about slow web surfing. I connected to network and tested myself and found intermittent surfing experience.
For example, access to www.ibm.com or www.cnn.com hangs 7 times of 10 attempts and maybe only loads reasonablly quick in 1-2 time of the 3. This also affects the speed of download from websites.
I have the case openned with Cisco TAC and CCIE checked my configure but nothing caught his eyes...
I decide to post the issue here in case we both missed something:
Current configuration : 18977 bytes
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname abc_1921
boot-start-marker
boot system flash:/c1900-universalk9-mz.SPA.151-4.M4.bin
boot-end-marker
aaa new-model
aaa authentication login default local
aaa authentication login NONE_LOGIN none
aaa authorization exec default local
aaa session-id common
clock timezone AST -4 0
clock summer-time ADT recurring 3 Sun Mar 2:00 2 Sun Nov 2:00
no ipv6 cef
ip source-route
ip auth-proxy max-login-attempts 5
ip admission max-login-attempts 5
ip cef
ip dhcp excluded-address 192.168.1.1 192.168.1.9
ip dhcp excluded-address 192.168.1.111 192.168.1.254
ip dhcp pool DHCPPOOL
import all
network 192.168.1.0 255.255.255.0
domain-name abc.local
dns-server 192.168.10.200 192.168.10.202
netbios-name-server 4.2.2.4
default-router 192.168.1.150
option 202 ip 192.168.1.218
lease 8
ip domain name abc.locol
ip name-server 8.8.8.8
ip name-server 4.2.2.2
ip port-map user-port-1 port tcp 5080
ip port-map user-port-2 port tcp 3389
ip inspect log drop-pkt
multilink bundle-name authenticated
parameter-map type inspect global
log dropped-packets enable
parameter-map type urlfpolicy trend cprepdenyregex0
allow-mode on
block-page message "The website you have accessed is blocked as per corporate policy"
parameter-map type urlf-glob cpaddbnwlocparapermit2
pattern www.alc.ca
pattern www.espn.com
pattern www.bestcarriers.com
pattern www.gulfpacificseafood.com
pattern www.lafermeblackriver.ca
pattern 69.156.240.29
pattern www.tyson.com
pattern www.citybrewery.com
pattern www.canadianbusinessdirectory.ca
pattern www.homedepot.ca
pattern ai.fmcsa.dot.gov
pattern www.mtq.gouv.qc.ca
pattern licenseinfo.oregon.gov
pattern www.summitfoods.com
pattern www.marine-atlantic.ca
pattern www.larway.com
pattern www.rtlmotor.ca
pattern *.abc.com
pattern *.kijiji.ca
pattern *.linkedin.com
pattern *.skype.com
pattern toronto.bluejays.mlb.com
pattern *.gstatic.com
parameter-map type urlf-glob cpaddbnwlocparadeny3
pattern www.facebook.com
pattern www.radiofreecolorado.net
pattern facebook.com
pattern worldofwarcraft.com
pattern identityunknown.net
pattern static.break.com
pattern lyris01.media.com
pattern www.saltofreight.com
pattern reality-check.com
pattern reality-check.ca
parameter-map type ooo global
tcp reassembly timeout 5
tcp reassembly queue length 128
tcp reassembly memory limit 8192
parameter-map type trend-global global-param-map
cache-size maximum-memory 5000
crypto pki token default removal timeout 0
crypto pki trustpoint Equifax_Secure_CA
revocation-check none
crypto pki trustpoint NetworkSolutions_CA
revocation-check none
crypto pki trustpoint trps1_server
revocation-check none
crypto pki trustpoint TP-self-signed-3538579429
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3538579429
revocation-check none
rsakeypair TP-self-signed-3538579429
!! CERTIFICATE OMITED !!
redundancy
ip ssh version 2
class-map type inspect match-any INCOMING_VPN_TRAFFIC_MAP
match access-group name REMOTE_SITE_SUBNET
class-map type inspect match-all PPTP_GRE_INSPECT_MAP
match access-group name ALLOW_GRE
class-map type inspect match-all INSPECT_SKINNY_MAP
match protocol skinny
class-map type inspect match-all INVALID_SOURCE_MAP
match access-group name INVALID_SOURCE
class-map type inspect match-all ALLOW_PING_MAP
match protocol icmp
class-map type urlfilter match-any cpaddbnwlocclasspermit2
match server-domain urlf-glob cpaddbnwlocparapermit2
class-map type urlfilter match-any cpaddbnwlocclassdeny3
match server-domain urlf-glob cpaddbnwlocparadeny3
class-map type urlfilter trend match-any cpcatdenyclass2
class-map type inspect match-all cpinspectclass1
match protocol http
class-map type inspect match-any CUSTOMIZED_PROTOCOL_216
match protocol citriximaclient
match protocol ica
match protocol http
match protocol https
class-map type inspect match-any INSPECT_SIP_MAP
match protocol sip
class-map type urlfilter trend match-any cptrendclasscatdeny1
match url category Abortion
match url category Activist-Groups
match url category Adult-Mature-Content
match url category Chat-Instant-Messaging
match url category Cult-Occult
match url category Cultural-Institutions
match url category Gambling
match url category Games
match url category Illegal-Drugs
match url category Illegal-Questionable
match url category Internet-Radio-and-TV
match url category Joke-Programs
match url category Military
match url category Nudity
match url category Pay-to-surf
match url category Peer-to-Peer
match url category Personals-Dating
match url category Pornography
match url category Proxy-Avoidance
match url category Sex-education
match url category Social-Networking
match url category Spam
match url category Tasteless
match url category Violence-hate-racism
class-map type inspect match-any INSPECT_PROTOCOLS_MAP
match protocol pptp
match protocol dns
match protocol ftp
match protocol https
match protocol imap
match protocol pop3
match protocol netshow
match protocol shell
match protocol realmedia
match protocol rtsp
match protocol smtp
match protocol sql-net
match protocol streamworks
match protocol tftp
match protocol vdolive
match protocol tcp
match protocol udp
match protocol icmp
class-map type urlfilter trend match-any cptrendclassrepdeny1
match url reputation ADWARE
match url reputation DIALER
match url reputation DISEASE-VECTOR
match url reputation HACKING
match url reputation PASSWORD-CRACKING-APPLICATIONS
match url reputation PHISHING
match url reputation POTENTIALLY-MALICIOUS-SOFTWARE
match url reputation SPYWARE
match url reputation VIRUS-ACCOMPLICE
class-map type inspect match-all CUSTOMIZED_NAT_MAP_1
match access-group name CUSTOMIZED_NAT_1
match protocol user-port-1
class-map type inspect match-all CUSTOMIZED_NAT_MAP_2
match access-group name CUSTOMIZED_NAT_2
match protocol user-port-2
class-map type inspect match-any INSPECT_H323_MAP
match protocol h323
match protocol h323-nxg
match protocol h323-annexe
class-map type inspect match-all INSPECT_H225_MAP
match protocol h225ras
class-map type inspect match-all CUSTOMIZED_216_MAP
match class-map CUSTOMIZED_PROTOCOL_216
match access-group name CUSTOMIZED_NAT_216
policy-map type inspect OUT-IN-INSPECT-POLICY
class type inspect INCOMING_VPN_TRAFFIC_MAP
inspect
class type inspect PPTP_GRE_INSPECT_MAP
pass
class type inspect CUSTOMIZED_NAT_MAP_1
inspect
class type inspect CUSTOMIZED_NAT_MAP_2
inspect
class type inspect CUSTOMIZED_216_MAP
inspect
class class-default
drop
policy-map type inspect urlfilter cppolicymap-1
description Default abc Policy Filter
parameter type urlfpolicy trend cprepdenyregex0
class type urlfilter cpaddbnwlocclasspermit2
allow
class type urlfilter cpaddbnwlocclassdeny3
reset
log
class type urlfilter trend cptrendclasscatdeny1
reset
log
class type urlfilter trend cptrendclassrepdeny1
reset
log
policy-map type inspect IN-OUT-INSPECT-POLICY
class type inspect cpinspectclass1
inspect
service-policy urlfilter cppolicymap-1
class type inspect INSPECT_PROTOCOLS_MAP
inspect
class type inspect INVALID_SOURCE_MAP
inspect
class type inspect INSPECT_SIP_MAP
inspect
class type inspect ALLOW_PING_MAP
inspect
class type inspect INSPECT_SKINNY_MAP
inspect
class type inspect INSPECT_H225_MAP
inspect
class type inspect INSPECT_H323_MAP
inspect
class class-default
drop
zone security inside
description INTERNAL_NETWORK
zone security outside
description PUBLIC_NETWORK
zone-pair security INSIDE_2_OUTSIDE source inside destination outside
service-policy type inspect IN-OUT-INSPECT-POLICY
zone-pair security OUTSIDE_2_INSIDE source outside destination inside
service-policy type inspect OUT-IN-INSPECT-POLICY
crypto isakmp policy 10
encr 3des
authentication pre-share
group 2
crypto isakmp key password address 11.22.3.1
crypto ipsec security-association lifetime seconds 28800
crypto ipsec transform-set TunnelToCold esp-3des
crypto map TunnelsToRemoteSites 10 ipsec-isakmp
set peer 11.22.3.1
set transform-set TunnelToCold
match address TUNNEL_TRAFFIC2Cold
interface Embedded-Service-Engine0/0
no ip address
shutdown
interface GigabitEthernet0/0
description OUTSIDE_INTERFACE
ip address 1.1.1.186 255.255.255.248
ip nat outside
ip virtual-reassembly in
zone-member security outside
duplex full
speed 1000
crypto map TunnelsToRemoteSites
crypto ipsec df-bit clear
interface GigabitEthernet0/1
description INSIDE_INTERFACE
ip address 192.168.1.150 255.255.255.0
ip nat inside
ip virtual-reassembly in
zone-member security inside
duplex full
speed 1000
ip forward-protocol nd
ip http server
ip http access-class 10
ip http authentication local
ip http secure-server
ip nat inside source static tcp 192.168.1.217 5080 interface GigabitEthernet0/0 5080
ip nat inside source route-map NAT_MAP interface GigabitEthernet0/0 overload
ip nat inside source static tcp 192.168.1.216 80 1.1.1.187 80 extendable
ip nat inside source static tcp 192.168.1.216 443 1.1.1.187 443 extendable
ip nat inside source static tcp 192.168.1.216 1494 1.1.1.187 1494 extendable
ip nat inside source static tcp 192.168.1.216 2598 1.1.1.187 2598 extendable
ip nat inside source static tcp 192.168.1.213 3389 1.1.1.187 3390 extendable
ip nat inside source static tcp 192.168.1.216 5080 1.1.1.187 5080 extendable
ip route 0.0.0.0 0.0.0.0 1.1.1.185
ip access-list standard LINE_ACCESS_CONTROL
permit 192.168.1.0 0.0.0.255
ip access-list extended ALLOW_ESP_AH
permit esp any any
permit ahp any any
ip access-list extended ALLOW_GRE
permit gre any any
ip access-list extended CUSTOMIZED_NAT_1
permit ip any host 192.168.1.217
permit ip any host 192.168.1.216
ip access-list extended CUSTOMIZED_NAT_2
permit ip any host 192.168.1.216
permit ip any host 192.168.1.212
permit ip any host 192.168.1.213
ip access-list extended CUSTOMIZED_NAT_216
permit ip any host 192.168.1.216
ip access-list extended INVALID_SOURCE
permit ip host 255.255.255.255 any
permit ip 127.0.0.0 0.255.255.255 any
ip access-list extended NAT_RULES
deny   ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
deny   ip 192.168.1.0 0.0.0.255 192.168.3.0 0.0.0.255
deny   ip 192.168.1.0 0.0.0.255 192.168.4.0 0.0.0.255
deny   ip 192.168.1.0 0.0.0.255 192.168.5.0 0.0.0.255
deny   ip 192.168.1.0 0.0.0.255 192.168.6.0 0.0.0.255
deny   ip 192.168.1.0 0.0.0.255 192.168.7.0 0.0.0.255
deny   ip 192.168.1.0 0.0.0.255 192.168.8.0 0.0.0.255
deny   ip 192.168.1.0 0.0.0.255 192.168.9.0 0.0.0.255
deny   ip 192.168.1.0 0.0.0.255 192.168.10.0 0.0.0.255
permit ip 192.168.1.0 0.0.0.255 any
ip access-list extended REMOTE_SITE_SUBNET
permit ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255
permit ip 192.168.3.0 0.0.0.255 192.168.1.0 0.0.0.255
permit ip 192.168.4.0 0.0.0.255 192.168.1.0 0.0.0.255
permit ip 192.168.5.0 0.0.0.255 192.168.1.0 0.0.0.255
permit ip 192.168.6.0 0.0.0.255 192.168.1.0 0.0.0.255
permit ip 192.168.7.0 0.0.0.255 192.168.1.0 0.0.0.255
permit ip 192.168.8.0 0.0.0.255 192.168.1.0 0.0.0.255
permit ip 192.168.9.0 0.0.0.255 192.168.1.0 0.0.0.255
permit ip 192.168.10.0 0.0.0.255 192.168.1.0 0.0.0.255
ip access-list extended TUNNEL_TRAFFIC2ABM
permit ip 192.168.1.0 0.0.0.255 192.168.10.0 0.0.0.255
ip access-list extended TUNNEL_TRAFFIC2Bridgewater
permit ip 192.168.1.0 0.0.0.255 192.168.8.0 0.0.0.255
ip access-list extended TUNNEL_TRAFFIC2ColdbrookDispatch
permit ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
ip access-list extended TUNNEL_TRAFFIC2ColdbrookETL
permit ip 192.168.1.0 0.0.0.255 192.168.7.0 0.0.0.255
ip access-list extended TUNNEL_TRAFFIC2ColdbrookTrailershop
permit ip 192.168.1.0 0.0.0.255 192.168.3.0 0.0.0.255
ip access-list extended TUNNEL_TRAFFIC2Moncton
permit ip 192.168.1.0 0.0.0.255 192.168.6.0 0.0.0.255
ip access-list extended TUNNEL_TRAFFIC2MountPearl
permit ip 192.168.1.0 0.0.0.255 192.168.4.0 0.0.0.255
ip access-list extended TUNNEL_TRAFFIC2Ontoria
permit ip 192.168.1.0 0.0.0.255 192.168.5.0 0.0.0.255
ip access-list extended WEB_TRAFFIC
permit tcp 192.168.1.0 0.0.0.255 any eq www
access-list 10 permit 192.168.1.0 0.0.0.255
route-map NAT_MAP permit 10
match ip address NAT_RULES
snmp-server community 1publicl RO
control-plane
line con 0
logging synchronous
login authentication NONE_LOGIN
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
access-class LINE_ACCESS_CONTROL in
exec-timeout 30 0
logging synchronous
transport input all
scheduler allocate 20000 1000
ntp server 0.ca.pool.ntp.org prefer
ntp server 1.ca.pool.ntp.org
end

Hi,
I know this is for a different platform but have a look at this link:
https://supportforums.cisco.com/thread/2089462
Read through it to get some idea of the similarity, but in particular note the last entry almost a year after the original post.
I too am having trouble with http inspection, if I do layers 3 & 4 inspection there is no issue whatsoever, but as soon as I enable layer 7 inspection then I have intermittent browsing issues.
The easy solution here is to leave it at layers 3 & 4, which doesn't give you the flixibility to do cool things like blocking websites, IM, regex expression matching etc... but in my opinion I just don't think these routers can handle it.
It appears to be a hit and miss affair, and going on the last post from the above link, you might be better off in having the unit replaced under warranty.
The alternative is wasting a lot of time and effort and impacting your users to get something up and running that in the end is so flaky that you have no confidence in the solution and you are then in a situation where ALL future issues users are facing MIGHT be because of this layer 7 inspection bug/hardware issue etc?
I would recommend you use the router as a frontline firewall with inbound/outbound acl's (no inspection), and then invest a few $ in getting an ASA dedicated firewall (but that's just me )

Cannot delete email from iPad with no content

Have tried all of the suggestions to get email delete without content. have restored iPad and that still does not work, prevents me from deleting other emails also as it hangs and then jumps me out of email. WHen I move an email to trash it keeps putting these emails with content back into Inbox. extremely frustrating!

Reset of settings worked!
+1 for sharing that.
It seems an issue that has krept up in 8.1.x. I was not looking forward to having to wipe the iPad in any way.
Note: off the top of my head, my "accessibility" settings (even though I have no vision issues, just trying to compensate for apple's design direction) were reduce motion, reduce transparency, reduce white point and bold on.
Was able to delete apps after that settings reset, which took the above out, and rebooted the ipad.
Did have to re-enter wifi password, set wallpaper and the above settings. Haven't tried deleting since, but have left bold off, as it requires a restart.

Content iView With out filter not displaying folder content

Hi!
I´m creating a ContentiView with out filter and pointing it to a document Folder, when the user access the iView this message appears:
http://oneworld.neoris.net:50000/irj/servlet/prt/portal/prtroot/pcd!3aportal_content!2fDemaBanorte!2fDemoBanorteRol!2fHome!2fBanortePage!2fContentiViewWOFilter/documents/BanorteDocuments
The folder you are looking for has no displayable content.
You can try one of the following:
Access the folder using the Navigation user interface.
Access the folder as a Web folder. Your operating system and browser dictate whether or not this will work.
And when I click on "Access the folder using the Navigation user interface." then I can see the folder structure and its contents really nice.
is there a way to configure the iView that allways display the content this way with out the user clicking on the "Access the folder using the Navigation user interface." option. ?
Thanx in advanced!
Gerardo J

Hi,
I resolved the problem using a KM Navigation iView, this iView has the functionality I was looking for and this displays the folders and then the content of the folders if we click on the folder. with the edit etc etc functionality.
kind Regards,
Gerardo J

Outlook 2013 - BCC field won't auto populate with frequent email recipient.

Outlook 2013 - BCC field won't auto populate with frequent email recipient. In the TO or CC, if they enter the first initial of a recipient, it auto-suggests recipients. This does not happen in the BCC field. Is there an option to turn that on?

Hi,
Does this issue happen to a certain client or many of them?
There is no separate option to enable/disable auto-complete for Bcc field.
Since auto-complete works in the To and Cc fields, it means the auto-complete is not corrupt. We may try turn off the Auto-Complete and turn on it again to see the result. To do this, go to
File > Options > Mail, scroll down to the
Send messages section, clear the check box before "Use Auto-Complete List to suggest names when typing in the To, Cc, Bcc lines". Click
OK. Check the box again, click OK and see the result.
We may also test it in Outlook safe mode. To do this, press Windows key + R to open the Run command, type
outlook.exe /safe and press Enter.
Please let me know the result.
Regards,
Steve Fan
TechNet Community Support
It's recommended to download and install
Configuration Analyzer Tool (OffCAT), which is developed by Microsoft Support teams. Once the tool is installed, you can run it at any time to scan for hundreds of known issues in Office
programs.

After updating to Maverick some emails arrive with contents that do not belong to Sender and title.

Since updating to Mavericks I'm receiving some e-mails with contents that does not match the Sender and Title. Also receiving blank emails that DO have contents on my iPhone.

HI..
A rebuild can help > Mail (Mavericks): Rebuild mailboxes

I just purchased an iPad 3 and it works great with most of my email accounts, but with an imap account from school it will download the content of the folders in the account, but doesn't download the messages in the inbox.

Hi,
I just purchased an iPad 3 and it works great with most of my email accounts, but with an imap account from school it will download the content of the folders in the account, but doesn't download the messages in the inbox. I have deleted and created the account several times. I have checked the status of the account and it's active and works either from safari or from my Mac or iPhone. I have turned off both my Mac and my iPhone as not to have competing devices, I can even send emails from the account successfully. It simply won't download the content of the inbox. Help!

Hi Csound1, thanks. The email host is 1and1.co.uk, however, i am going to fess up and make myself look like a plonker now -
the email account in question was set up in Outlook as POP - stupid, stupid, stupid me, wasted an afternoon on this! I have now changed the Outlook account to IMAP and Mail.app works perfectly - and looks much nicer than Outlook did. Im in the middle of converting from Windows to a Mac, and still finding my way around the Mac
The lesson learned, never assume - always double check! All my other email addresses with 1and1 are all imap, except this one, and it happened to be the first one I set up in the Mail.app. (bows head in disgrace!)
Thank you anyway for attempting to help me!
Cheers

Send Email using Second Domain with ActiveSync

Hello Apple Support!
Could you please help, we using 2x domains for our mail exchange environment.
1 domain is set as primary SMTP for mailbox, mailbox connected to Iphone with ActiveSync,
We have created possibility to send as using second domain with Distribution list in Microsoft Outlook.
Is it possible to get option on Iphone to Send As from another email address (second domain) with ActiveSync?
Thank you!
Best regards,
Oscar

Hello, Apple Support!
Probably it is not possible, if not, can you please confirm.
Thank you!
Best regards,
Oscar

How do you host a domain and several email addresses from that domain with OS X Server?

Right now I have a domain name through GoDaddy.com and one email address to that domain...we will have about 5-8 in total...How do I setup OS X Server to host our own domain (without using GoDaddy) and setup our own mail server?

There are several steps that you would need to do.
Set up OS X Server with mail services and users. Also, you may have to have your OS X mail server relay messages through your ISP so you can email people at other domains.
Set up firewall/router to forward IMAP/POP and SMTP ports from your external IP address to your server (which is either in the DMZ of the firewall or on LAN).
Set up DNS records so your domain name points to your server (and if you do not have a static IP address, you will need to set up dynamic DNS). At a minimum you will need 2 DNS records: an A (or AAAA for IPv6) record for the server (I think it can be the root of the zone) and a MX (mail exchange) record.
If everything is set up correctly, you should have a mail server hosting on your domain with your server.
Those would be the major steps you would need to complete. Details on the exact procedure for each of these steps can be found reading the OS X Server documentation, documentation for your router/firewall for port forwarding/NAT, and your specific DNS service.

Creating a New Email address policy for users in another Domain with Exchange 2013 powershell?

Hi
Everyone
Is it possible to create a new-emailaddress policy with Exchange
2013 Powershell, for users within OU´s located on another different
domain/forest than where Exchange 2013 is installed?
There
is a Transitive, two way trust between the domain/forest where the users are
located - and the Exchange 2013, multi tenant domain.
Further
more, and if possible, I need to create linked mailboxes to all these users as
well.
Í have been struckling with this issue for weeks, so please anyone -
advice - and comment.
Best
Regards
Peter
A-ONE Solutions

Hi Siddharth
I want to create a new e-mailaaddress policy - and after that create linked mailboxes/users in my account domain with powershell.
Can you help me achieve that ?
I have a powershell CMDlet, but i doesn´t work. (Cannot fint user OU in my account domain)
CMDlet is as follows:
New-EmailAddressPolicy -Name $CustomerName -RecipientContainer "OU=$CustomerName, OU=kunder, DC=Domain, DC=local" -IncludedRecipients 'AllRecipients' -ConditionalCustomAttribute1 $CustomerName -Priority '1' -EnabledEmailAddressTemplates SMTP:%2g%1s@$AcceptedEmailDomain
Where $Customername = test.dk
and Account domain is = OU=kunder, DC=Domain, DC=local
But the command fails with:
New-EmailAddressPolicy : Couldn't find organizational unit "OU=Test.dk, OU=kunder, DC=Domain, DC=local". Make sure you have typed the name correctly.
At line:52 char:1
+ New-EmailAddressPolicy -Name $CustomerName -RecipientContainer "OU=$CustomerNa
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [New-EmailAddressPolicy], ManagementObjectNotFoundException
+ FullyQualifiedErrorId : [Server=HE-MBX03,RequestId=2cbe1b51-4af2-4c04-9f7e-e440000975e6,TimeStamp=24-03-2014 12:58:19] 2D00FD2A,Mi
crosoft.Exchange.Management.SystemConfigurationTasks.NewEmailAddressPolicy
So, I cannot find the OU on the Account forest/Domain, even though the OU do exists in the Account domain.
Verifying with this:
Get-ADOrganizationalUnit -Identity "OU=$CustomerName,OU=kunder,DC=Domain,DC=local" –Server ‘DC01.domain.local’| FL
This works fine, Can you please help/assist?
Peter

HT5312 How can i reset an past Apple ID without email access to combine content with my new apple ID

question: ? - looking to gain access to an past apple id used to log in to itunes with, however i no longer have access to the email adress associated with it. is it possible to merge my old apple ID with my currently used apple ID?

Click here and request assistance.
(75207)

Restricting email recipient domain with content filter

Similar Messages

Maybe you are looking for