mbkitmgr
asked on
Inconsistent results Exchange 2013 Transport Rule
I have a client who has multiple sites. Their exchange server receives "scan to email" emails from a Canon C2020 Digital Multifunction on a different site. To stop the Exchange 2013 Spam filter blocking the emails, I set up a Transport Rule.
The rule has the following properties
1.If the Sender Address matches canon.device@gmail.com
2.Set the SCL to 3
3.Generate an incident report and email to the system admin, and inlcude the original email
4.Is the 3rd of 3 rules (the prior 2 add Disclaimers to outgoing emails depending on who the sender is)
Simple enough right.
Wrong - some staff scan to email repeatedly and the scan arrives ok in their inbox. Others, it simply will not let the email thru, and instead places the email into the Spam Mailbox. I open the blocked email, click on Send Again and it arrives for the user.
Is the Transport Rule functionality buggy or prone to odd behaviour. I have sat and read through the Rule so many times it is tattooed onto my retina.
The Email addresses for all users are created by an Email address policy so all are a consistent format = Firstname + Surname 1st Initial@contoso .com.
There have been times where I have wondered if the rules are case sensitive when assessing the email addresses.
Any thoughts.
Results fr9om Get-TransportRule
[PS] C:\Windows\system32>Get-Tr ansportRul e "[Cust-sos-IN] Reset SCL on Scanner emails" | Format-List
RunspaceId : 7f9c4f6e-7d35-409e-acf9-cb b272720b8c
Priority : 2
DlpPolicy :
DlpPolicyId : 00000000-0000-0000-0000-00 0000000000
Comments :
ManuallyModified : False
ActivationDate :
ExpiryDate :
Description : If the message:
Is sent to 'Accounts@contoso.com' or
'Administration@contoso.co m' or 'Allan@contoso.com' or
'FredaM@contoso.com' or 'Client.Services.Manager@c ontoso.com ' or
'DonnyY@contoso.com' or 'ElenB@contoso.com'or...
and Includes these patterns in the From address:
'canon.device@gmail.com'
Take the following actions:
Set the spam confidence level (SCL) to '3'
and Send the incident report to SharonK@contoso.com, Include
original mail
RuleVersion : 15.0.2.0
Conditions : {SentTo, FromAddressMatches}
Exceptions :
Actions : {SetSCL, GenerateIncidentReport}
State : Enabled
Mode : Enforce
RuleSubType : None
UseLegacyRegex : False
From :
FromMemberOf :
FromScope :
SentTo : {Accounts@contoso.com, Administration@contoso.com ,
AmandaC@contoso.com, AshleyM@contoso.com,
Client.Services.Manager@co ntoso.com, DonnaY@contoso.com,
EbonieB@contoso.com, FranR@contoso.com, Intake@contoso.com,
JoP@contoso.com, LenoreL@contoso.com, MarinaL@contoso.com,
NatashaS@contoso.com, NiamhS@contoso.com, UnaG@contoso.com,
Helpdesk@Acontoso.com...}
SentToMemberOf :
SentToScope :
BetweenMemberOf1 :
BetweenMemberOf2 :
ManagerAddresses :
ManagerForEvaluatedUser :
SenderManagementRelationsh ip :
ADComparisonAttribute :
ADComparisonOperator :
SenderADAttributeContainsW ords :
SenderADAttributeMatchesPa tterns :
RecipientADAttributeContai nsWords :
RecipientADAttributeMatche sPatterns :
AnyOfToHeader :
AnyOfToHeaderMemberOf :
AnyOfCcHeader :
AnyOfCcHeaderMemberOf :
AnyOfToCcHeader :
AnyOfToCcHeaderMemberOf :
HasClassification :
HasNoClassification : False
SubjectContainsWords :
SubjectOrBodyContainsWords :
HeaderContainsMessageHeade r :
HeaderContainsWords :
FromAddressContainsWords :
SubjectMatchesPatterns :
SubjectOrBodyMatchesPatter ns :
HeaderMatchesMessageHeader :
HeaderMatchesPatterns :
FromAddressMatchesPatterns : {canon.sos@gmail.com}
AttachmentNameMatchesPatte rns :
AttachmentExtensionMatches Words :
HasSenderOverride : False
MessageContainsDataClassif ications :
SenderIpRanges :
SCLOver :
AttachmentSizeOver :
MessageSizeOver :
WithImportance :
MessageTypeMatches :
RecipientAddressContainsWo rds :
RecipientAddressMatchesPat terns :
SenderInRecipientList :
RecipientInSenderList :
AttachmentContainsWords :
AttachmentMatchesPatterns :
AttachmentIsUnsupported : False
AttachmentProcessingLimitE xceeded : False
AttachmentHasExecutableCon tent : False
AnyOfRecipientAddressConta insWords :
AnyOfRecipientAddressMatch esPatterns :
ExceptIfFrom :
ExceptIfFromMemberOf :
ExceptIfFromScope :
ExceptIfSentTo :
ExceptIfSentToMemberOf :
ExceptIfSentToScope :
ExceptIfBetweenMemberOf1 :
ExceptIfBetweenMemberOf2 :
ExceptIfManagerAddresses :
ExceptIfManagerForEvaluate dUser :
ExceptIfSenderManagementRe lationship :
ExceptIfADComparisonAttrib ute :
ExceptIfADComparisonOperat or :
ExceptIfSenderADAttributeC ontainsWor ds :
ExceptIfSenderADAttributeM atchesPatt erns :
ExceptIfRecipientADAttribu teContains Words :
ExceptIfRecipientADAttribu teMatchesP atterns :
ExceptIfAnyOfToHeader :
ExceptIfAnyOfToHeaderMembe rOf :
ExceptIfAnyOfCcHeader :
ExceptIfAnyOfCcHeaderMembe rOf :
ExceptIfAnyOfToCcHeader :
ExceptIfAnyOfToCcHeaderMem berOf :
ExceptIfHasClassification :
ExceptIfHasNoClassificatio n : False
ExceptIfSubjectContainsWor ds :
ExceptIfSubjectOrBodyConta insWords :
ExceptIfHeaderContainsMess ageHeader :
ExceptIfHeaderContainsWord s :
ExceptIfFromAddressContain sWords :
ExceptIfSubjectMatchesPatt erns :
ExceptIfSubjectOrBodyMatch esPatterns :
ExceptIfHeaderMatchesMessa geHeader :
ExceptIfHeaderMatchesPatte rns :
ExceptIfFromAddressMatches Patterns :
ExceptIfAttachmentNameMatc hesPattern s :
ExceptIfAttachmentExtensio nMatchesWo rds :
ExceptIfSCLOver :
ExceptIfAttachmentSizeOver :
ExceptIfMessageSizeOver :
ExceptIfWithImportance :
ExceptIfMessageTypeMatches :
ExceptIfRecipientAddressCo ntainsWord s :
ExceptIfRecipientAddressMa tchesPatte rns :
ExceptIfSenderInRecipientL ist :
ExceptIfRecipientInSenderL ist :
ExceptIfAttachmentContains Words :
ExceptIfAttachmentMatchesP atterns :
ExceptIfAttachmentIsUnsupp orted : False
ExceptIfAttachmentProcessi ngLimitExc eeded : False
ExceptIfAttachmentHasExecu tableConte nt : False
ExceptIfAnyOfRecipientAddr essContain sWords :
ExceptIfAnyOfRecipientAddr essMatches Patterns :
ExceptIfHasSenderOverride : False
ExceptIfMessageContainsDat aClassific ations :
ExceptIfSenderIpRanges :
PrependSubject :
SetAuditSeverity :
ApplyClassification :
ApplyHtmlDisclaimerLocatio n :
ApplyHtmlDisclaimerText :
ApplyHtmlDisclaimerFallbac kAction :
ApplyRightsProtectionTempl ate :
SetSCL : 3
SetHeaderName :
SetHeaderValue :
RemoveHeader :
AddToRecipients :
CopyTo :
BlindCopyTo :
AddManagerAsRecipientType :
ModerateMessageByUser :
ModerateMessageByManager : False
RedirectMessageTo :
RejectMessageEnhancedStatu sCode :
RejectMessageReasonText :
DeleteMessage : False
Disconnect : False
Quarantine : False
SmtpRejectMessageRejectTex t :
SmtpRejectMessageRejectSta tusCode :
LogEventText :
StopRuleProcessing : False
SenderNotificationType :
GenerateIncidentReport : SharonK@contoso.com
IncidentReportOriginalMail : IncludeOriginalMail
RouteMessageOutboundConnec tor :
RouteMessageOutboundRequir eTls : False
Identity : [Cust-sos-IN] Reset SCL on Scanner emails
DistinguishedName : CN=[Cust-sos-IN] Reset SCL on Scanner
emails,CN=TransportVersion ed,CN=Rule s,CN=Trans port
Settings,CN=Contoso,CN=Mic rosoft
Exchange,CN=Services,CN=Co nfiguratio n,DC=CONTO SO,DC=LOCA L
Guid : 5d1dbc9b-3718-4874-9552-29 6e8b98d874
ImmutableId : 5d1dbc9b-3718-4874-9552-29 6e8b98d874
OrganizationId :
Name : [Cust-sos-IN] Reset SCL on Scanner emails
IsValid : True
WhenChanged : 17/03/2015 2:37:06 PM
ExchangeVersion : 0.1 (8.0.535.0)
ObjectState : Unchanged
The rule has the following properties
1.If the Sender Address matches canon.device@gmail.com
2.Set the SCL to 3
3.Generate an incident report and email to the system admin, and inlcude the original email
4.Is the 3rd of 3 rules (the prior 2 add Disclaimers to outgoing emails depending on who the sender is)
Simple enough right.
Wrong - some staff scan to email repeatedly and the scan arrives ok in their inbox. Others, it simply will not let the email thru, and instead places the email into the Spam Mailbox. I open the blocked email, click on Send Again and it arrives for the user.
Is the Transport Rule functionality buggy or prone to odd behaviour. I have sat and read through the Rule so many times it is tattooed onto my retina.
The Email addresses for all users are created by an Email address policy so all are a consistent format = Firstname + Surname 1st Initial@contoso .com.
There have been times where I have wondered if the rules are case sensitive when assessing the email addresses.
Any thoughts.
Results fr9om Get-TransportRule
[PS] C:\Windows\system32>Get-Tr
RunspaceId : 7f9c4f6e-7d35-409e-acf9-cb
Priority : 2
DlpPolicy :
DlpPolicyId : 00000000-0000-0000-0000-00
Comments :
ManuallyModified : False
ActivationDate :
ExpiryDate :
Description : If the message:
Is sent to 'Accounts@contoso.com' or
'Administration@contoso.co
'FredaM@contoso.com' or 'Client.Services.Manager@c
'DonnyY@contoso.com' or 'ElenB@contoso.com'or...
and Includes these patterns in the From address:
'canon.device@gmail.com'
Take the following actions:
Set the spam confidence level (SCL) to '3'
and Send the incident report to SharonK@contoso.com, Include
original mail
RuleVersion : 15.0.2.0
Conditions : {SentTo, FromAddressMatches}
Exceptions :
Actions : {SetSCL, GenerateIncidentReport}
State : Enabled
Mode : Enforce
RuleSubType : None
UseLegacyRegex : False
From :
FromMemberOf :
FromScope :
SentTo : {Accounts@contoso.com, Administration@contoso.com
AmandaC@contoso.com, AshleyM@contoso.com,
Client.Services.Manager@co
EbonieB@contoso.com, FranR@contoso.com, Intake@contoso.com,
JoP@contoso.com, LenoreL@contoso.com, MarinaL@contoso.com,
NatashaS@contoso.com, NiamhS@contoso.com, UnaG@contoso.com,
Helpdesk@Acontoso.com...}
SentToMemberOf :
SentToScope :
BetweenMemberOf1 :
BetweenMemberOf2 :
ManagerAddresses :
ManagerForEvaluatedUser :
SenderManagementRelationsh
ADComparisonAttribute :
ADComparisonOperator :
SenderADAttributeContainsW
SenderADAttributeMatchesPa
RecipientADAttributeContai
RecipientADAttributeMatche
AnyOfToHeader :
AnyOfToHeaderMemberOf :
AnyOfCcHeader :
AnyOfCcHeaderMemberOf :
AnyOfToCcHeader :
AnyOfToCcHeaderMemberOf :
HasClassification :
HasNoClassification : False
SubjectContainsWords :
SubjectOrBodyContainsWords
HeaderContainsMessageHeade
HeaderContainsWords :
FromAddressContainsWords :
SubjectMatchesPatterns :
SubjectOrBodyMatchesPatter
HeaderMatchesMessageHeader
HeaderMatchesPatterns :
FromAddressMatchesPatterns
AttachmentNameMatchesPatte
AttachmentExtensionMatches
HasSenderOverride : False
MessageContainsDataClassif
SenderIpRanges :
SCLOver :
AttachmentSizeOver :
MessageSizeOver :
WithImportance :
MessageTypeMatches :
RecipientAddressContainsWo
RecipientAddressMatchesPat
SenderInRecipientList :
RecipientInSenderList :
AttachmentContainsWords :
AttachmentMatchesPatterns :
AttachmentIsUnsupported : False
AttachmentProcessingLimitE
AttachmentHasExecutableCon
AnyOfRecipientAddressConta
AnyOfRecipientAddressMatch
ExceptIfFrom :
ExceptIfFromMemberOf :
ExceptIfFromScope :
ExceptIfSentTo :
ExceptIfSentToMemberOf :
ExceptIfSentToScope :
ExceptIfBetweenMemberOf1 :
ExceptIfBetweenMemberOf2 :
ExceptIfManagerAddresses :
ExceptIfManagerForEvaluate
ExceptIfSenderManagementRe
ExceptIfADComparisonAttrib
ExceptIfADComparisonOperat
ExceptIfSenderADAttributeC
ExceptIfSenderADAttributeM
ExceptIfRecipientADAttribu
ExceptIfRecipientADAttribu
ExceptIfAnyOfToHeader :
ExceptIfAnyOfToHeaderMembe
ExceptIfAnyOfCcHeader :
ExceptIfAnyOfCcHeaderMembe
ExceptIfAnyOfToCcHeader :
ExceptIfAnyOfToCcHeaderMem
ExceptIfHasClassification :
ExceptIfHasNoClassificatio
ExceptIfSubjectContainsWor
ExceptIfSubjectOrBodyConta
ExceptIfHeaderContainsMess
ExceptIfHeaderContainsWord
ExceptIfFromAddressContain
ExceptIfSubjectMatchesPatt
ExceptIfSubjectOrBodyMatch
ExceptIfHeaderMatchesMessa
ExceptIfHeaderMatchesPatte
ExceptIfFromAddressMatches
ExceptIfAttachmentNameMatc
ExceptIfAttachmentExtensio
ExceptIfSCLOver :
ExceptIfAttachmentSizeOver
ExceptIfMessageSizeOver :
ExceptIfWithImportance :
ExceptIfMessageTypeMatches
ExceptIfRecipientAddressCo
ExceptIfRecipientAddressMa
ExceptIfSenderInRecipientL
ExceptIfRecipientInSenderL
ExceptIfAttachmentContains
ExceptIfAttachmentMatchesP
ExceptIfAttachmentIsUnsupp
ExceptIfAttachmentProcessi
ExceptIfAttachmentHasExecu
ExceptIfAnyOfRecipientAddr
ExceptIfAnyOfRecipientAddr
ExceptIfHasSenderOverride : False
ExceptIfMessageContainsDat
ExceptIfSenderIpRanges :
PrependSubject :
SetAuditSeverity :
ApplyClassification :
ApplyHtmlDisclaimerLocatio
ApplyHtmlDisclaimerText :
ApplyHtmlDisclaimerFallbac
ApplyRightsProtectionTempl
SetSCL : 3
SetHeaderName :
SetHeaderValue :
RemoveHeader :
AddToRecipients :
CopyTo :
BlindCopyTo :
AddManagerAsRecipientType :
ModerateMessageByUser :
ModerateMessageByManager : False
RedirectMessageTo :
RejectMessageEnhancedStatu
RejectMessageReasonText :
DeleteMessage : False
Disconnect : False
Quarantine : False
SmtpRejectMessageRejectTex
SmtpRejectMessageRejectSta
LogEventText :
StopRuleProcessing : False
SenderNotificationType :
GenerateIncidentReport : SharonK@contoso.com
IncidentReportOriginalMail
RouteMessageOutboundConnec
RouteMessageOutboundRequir
Identity : [Cust-sos-IN] Reset SCL on Scanner emails
DistinguishedName : CN=[Cust-sos-IN] Reset SCL on Scanner
emails,CN=TransportVersion
Settings,CN=Contoso,CN=Mic
Exchange,CN=Services,CN=Co
Guid : 5d1dbc9b-3718-4874-9552-29
ImmutableId : 5d1dbc9b-3718-4874-9552-29
OrganizationId :
Name : [Cust-sos-IN] Reset SCL on Scanner emails
IsValid : True
WhenChanged : 17/03/2015 2:37:06 PM
ExchangeVersion : 0.1 (8.0.535.0)
ObjectState : Unchanged
ASKER
Thanks Simon, those that get blocked come thru with an SCL of 7. That certainly explains why they get classified as Spam, but why only some.
Change the rule to set the SCL value as -1.
See whether that improves things.
Simon.
See whether that improves things.
Simon.
ASKER
Hi Simon, I am guessing I am going to have to do this via the shell, as -1 isn't available via EAC (0-9)
hi,
I saw your biggest problem.
You are claiming to send from a gmail address!!! thats a bad idea.
If you own the scanner and MFP, change it to <printer>@contoso.com
by doing so, any email that are sending from internal domain by default are consider "whitelist"
#############33
also, configure your receive connector to be "Exchange servers" and "Externally Secured"
#############
you can also run
Set-ContentFilterConfig -BypassedRecipients <all email address that you want to exclude them from SCL>
############
PIck one of them (all of them meet the requirement but of course certainly some of them have cons/pros between them)
i reckon the set-contentfilterconfig is the easiest if you know what email address it sending from...
I saw your biggest problem.
You are claiming to send from a gmail address!!! thats a bad idea.
If you own the scanner and MFP, change it to <printer>@contoso.com
by doing so, any email that are sending from internal domain by default are consider "whitelist"
#############33
also, configure your receive connector to be "Exchange servers" and "Externally Secured"
#############
you can also run
Set-ContentFilterConfig -BypassedRecipients <all email address that you want to exclude them from SCL>
############
PIck one of them (all of them meet the requirement but of course certainly some of them have cons/pros between them)
i reckon the set-contentfilterconfig is the easiest if you know what email address it sending from...
ASKER
Thanks Limjianan.
Canon themselves set the address when they established the machine, and the device is on a different site to the Exchange server. The device sends the 'scan' email via the internet, no VPN.
I do agree about gmail - Canon have twice chosen to use a fictitious email address which in itself created issues.
It still doesn't clarify why say UnaG@contoso.com receives them unrestricted, yet NiamhS@contoso.com gets blocked by the same Transport filter, from the same device.
Canon themselves set the address when they established the machine, and the device is on a different site to the Exchange server. The device sends the 'scan' email via the internet, no VPN.
I do agree about gmail - Canon have twice chosen to use a fictitious email address which in itself created issues.
It still doesn't clarify why say UnaG@contoso.com receives them unrestricted, yet NiamhS@contoso.com gets blocked by the same Transport filter, from the same device.
well, if you check your message header on both, do you see them flowing through the same servers?
GUESSING game start.
what would be your Exchange design? multiple HUB or single hub?
could it because on of your mailbox servers do not have transport rules turn on?
how long ago you last change? within 4 hours ?(by default, all modify take 4 hours to update unless you stop start the transport services to make it effective)
is the message being protected? (rules can't process protected message)
the list goes on and on.
GUESSING game start.
what would be your Exchange design? multiple HUB or single hub?
could it because on of your mailbox servers do not have transport rules turn on?
how long ago you last change? within 4 hours ?(by default, all modify take 4 hours to update unless you stop start the transport services to make it effective)
is the message being protected? (rules can't process protected message)
the list goes on and on.
ASKER
Hi Limjianan,
Excellent questions
Excellent questions
1 Exchange 2013 Server only
I reset the Transport service when I update the rules, other times changes are made at night, and I wait and see the result the next morning
I've turned on logging but nothing is being logged
can you attached the message header, success and failed one ?
ASKER
Successful
Message Id: <20150319100119.0001.Canon TxNo.1311@ Canon4C9CD 4.home>
Sender: canon.device@gmail.com
Subject: Your Scanned File
To: Admin, administration@contoso.com
Severity: Low
Override: No
False Positive: No
Rule Hit: [Cust-contoso-IN] Reset SCL on Scanner emails, Action: SetHeader, GenerateIncidentReport
Failed:
Diagnostic information for administrators:
Generating server: Server1.Contoso.LOCAL
administration@contoso.com
#550 5.2.1 Content Filter agent quarantined this message ##
Original message headers:
Received: from mail-pd0-f194.google.com (209.85.192.194) by
mail.askitee.com.au (192.168.0.5) with Microsoft SMTP Server (TLS) id
15.0.516.32; Mon, 16 Mar 2015 10:10:46 +1100
Received: by pdjy10 with SMTP id y10so30564766pdj.1 for
<administration@contoso.co m>; Sun, 15 Mar 2015 16:10:44 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20120113;
h=from:to:subject:date:mes sage-id:mi me-version :content-t ype;
bh=FL9LwcqhlnrphLhWaVjFKu2 BCVn+77DqO GVMzAK0+kE =;
b=dONr1k+Q9L5bPiKej5Zxxrgf vJNk8B1KDl BOeoHO5LV0 Pvk1zVXuuP vkqD9Qr1bY gG
yY3EqaXqoaommTo0s+yUbPh1yR U3NvRcUlXA +Sg95Xv4Tg i5/9lMVGBl sIKxSq3rEJ rM
0wsLFjlr+Vjot3vjNWmiv1GVAT FjQsqoMCoW P5BFL2i9tx IvNTz/4+Qu 64t9Hk7k6c Lw
YItgvtqycXhnedGKttGwR82kAt cPTgHQB09Y doPwjqoN0I O7E4cLdcAR 4MDWvVaBJh nj
LI6UDX4DXbzXkvb9Y9lKI5KzIq Hz08xnJZSR 6+itJ8ENr3 kIIDJYnBi2 jn4QmDlkFl P7
6ggw==
X-Received: by 10.70.34.198 with SMTP id b6mr68708438pdj.28.1426461 044160;
Sun, 15 Mar 2015 16:10:44 -0700 (PDT)
Return-Path: <canon.device@gmail.com>
Received: from Canon4C9CD4.home (mur1247300.lnk.telstra.ne t.
[120.150.189.147]) by mx.google.com with ESMTPSA id
oq7sm13974300pac.32.2015.0 3.15.16.10 .37 for
<administration@contoso.co m> (version=SSLv3 cipher=RC4-SHA
bits=128/128); Sun, 15 Mar 2015 16:10:42 -0700 (PDT)
X-Priority: 3 (Normal)
From: <canon.device@gmail.com>
To: Admin <administration@contoso.co m>
Subject: Your Scanned File
Date: Mon, 16 Mar 2015 10:15:28 +1100
Message-ID: <20150316101528.0001.Canon TxNo.1281@ Canon4C9CD 4.home>
MIME-Version: 1.0
X-Mailer: Canon MFP
Content-Type: multipart/mixed; boundary="BAADNPAHDCDIDADF DADBBMAPAK AA"
Received-SPF: Pass (SERVER1.CONTOSO.LOCAL: domain of canon.device@gmail.com
designates 209.85.192.194 as permitted sender)
receiver=SERVER11.CONTOSO. LOCAL; client-ip=209.85.192.194;
helo=mail-pd0-f194.google. com;
Message Id: <20150319100119.0001.Canon
Sender: canon.device@gmail.com
Subject: Your Scanned File
To: Admin, administration@contoso.com
Severity: Low
Override: No
False Positive: No
Rule Hit: [Cust-contoso-IN] Reset SCL on Scanner emails, Action: SetHeader, GenerateIncidentReport
Failed:
Diagnostic information for administrators:
Generating server: Server1.Contoso.LOCAL
administration@contoso.com
#550 5.2.1 Content Filter agent quarantined this message ##
Original message headers:
Received: from mail-pd0-f194.google.com (209.85.192.194) by
mail.askitee.com.au (192.168.0.5) with Microsoft SMTP Server (TLS) id
15.0.516.32; Mon, 16 Mar 2015 10:10:46 +1100
Received: by pdjy10 with SMTP id y10so30564766pdj.1 for
<administration@contoso.co
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20120113;
h=from:to:subject:date:mes
bh=FL9LwcqhlnrphLhWaVjFKu2
b=dONr1k+Q9L5bPiKej5Zxxrgf
yY3EqaXqoaommTo0s+yUbPh1yR
0wsLFjlr+Vjot3vjNWmiv1GVAT
YItgvtqycXhnedGKttGwR82kAt
LI6UDX4DXbzXkvb9Y9lKI5KzIq
6ggw==
X-Received: by 10.70.34.198 with SMTP id b6mr68708438pdj.28.1426461
Sun, 15 Mar 2015 16:10:44 -0700 (PDT)
Return-Path: <canon.device@gmail.com>
Received: from Canon4C9CD4.home (mur1247300.lnk.telstra.ne
[120.150.189.147]) by mx.google.com with ESMTPSA id
oq7sm13974300pac.32.2015.0
<administration@contoso.co
bits=128/128); Sun, 15 Mar 2015 16:10:42 -0700 (PDT)
X-Priority: 3 (Normal)
From: <canon.device@gmail.com>
To: Admin <administration@contoso.co
Subject: Your Scanned File
Date: Mon, 16 Mar 2015 10:15:28 +1100
Message-ID: <20150316101528.0001.Canon
MIME-Version: 1.0
X-Mailer: Canon MFP
Content-Type: multipart/mixed; boundary="BAADNPAHDCDIDADF
Received-SPF: Pass (SERVER1.CONTOSO.LOCAL: domain of canon.device@gmail.com
designates 209.85.192.194 as permitted sender)
receiver=SERVER11.CONTOSO.
helo=mail-pd0-f194.google.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
That will tell you if the rule is firing correctly.
Simon.