Scan messages for unsafe URLs for internal policy route is deactivated but the messages are still dropped by Email and Server Security.

Issue:

Scan messages for unsafe URLs for internal policy route is deactivated but the messages are still dropped by Email and Server Security

Resolution:

Make sure the network settings for your F-Secure Email and Server Security are set correct. Settings for Microsoft Exchange The F-Secure Email and Server Security settings related to Microsoft Exchange are located under Microsoft Exchange on the Settings tab in Policy Manager Console.

The mail direction is based on the Internal domains and Internal SMTP senders settings and it is determined as follows:

Email messages are considered internal if they come from internal SMTP sender hosts and mail recipients belong to one of the specified internal domains (internal recipients).
Email messages are considered outgoing if they come from internal SMTP sender hosts and mail recipients do not belong to the specified internal domains (external recipients).
Email messages that come from hosts that are not defined as internal SMTP sender hosts are considered incoming.
Email messages submitted via MAPI or Pickup Folder are treated as if they are sent from the internal SMTP sender host. Note: If email messages come from internal SMTP sender hosts and contain both internal and external recipients, messages are split and processed as internal and outgoing respectively.

Specify internal domains: Messages coming to internal domains are considered to be inbound mail unless they come from internal SMTP sender hosts. Separate each domain name with a space. You can use an asterisk (*) as a wildcard.

For example, *example.com internal.example.net

Here is an incorrect example: "hw.local\ndomain-exchange.com"

Internal domains could/should be separated by SPACE and/or COMMA characters.
"NewLine" character is historically used in Match Lists ( like items to scan/strip *.EXE \n *.DLL )

So, "hw.local\ndomain-exchange.com"" is wrong and it should be "domain-exchange.com" or "hw.local, domain-exchange.com

Internal SMTP senders.

Specify the IP addresses of hosts that belong to your organization. Specify all hosts within the organization that send messages to Exchange Edge or Hub servers via SMTP as Internal SMTP Senders.
Separate each IP address with a space. An IP addressrange can be defined as:

• a network/netmask pair (for example, 10.1.0.0/255.255.0.0),

• a network/nnn CIDR specification (for example, 10.1.0.0/16), or

• IPv6 address (for example, 1::, 2001::765d 2001::0-5, 2001:db8:abcd:0012::0/64, 2001:db8:abcd:abcd::/52, ::1).

You can use an asterisk (*)tomatch any number or dash (-) to define a range of numbers. For example, 172.16.4.4 172.16.*.1 172.16.4.0-16 172.16.250-255.*

Note: If end-users in the organization use other than Microsoft Outlook email client to send and receive email, it is recommended to specify all end-user workstations as Internal SMTP Senders.
Note: If the organization has Exchange Edge and Hub servers,the serverwith theHub role installed should be added to the Internal SMTP Sender on the server where the Edge role is installed.

Important: Do not specify the server where the Edge role is installed as Internal SMTP Sender.

Article no: 000032048