Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1284
Views
0
Helpful
1
Replies

ESA | Search rejected connection thru Domain not working

ccg-security
Level 1
Level 1

‎05-21-2018 11:36 PM - edited ‎03-08-2019 07:37 PM

Hello Team,

 

Search rejected connections using Domain is not working, while Sender IP Address is working.

Labels:
Preview file
67 KB
0 Helpful
1 Reply 1

dmccabej
Cisco Employee
Cisco Employee

‎05-22-2018 08:10 AM

Hello,

 

You may be trying to search by mail-from domain instead of the domain of the connecting server. We do not have the mail-from (envelope sender domain) in the logs at the time of rejection, so you would need to search by connecting server domain/fqdn.

 

For example :

Mail-From: user@gmail.com

Rcpt-To: user@example.com

Sender-IP: 1.1.1.1

Server FQDN: smtp1.google.com

 

Domain to search for :

google.com

 

Thanks!

-Dennis M.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents