Forum Discussion
Why connection filter is not rejecting an email even when the IP is in the IP block-list?
Hi All,
I added a blacklisted IP in the IP block list of the connection filter a few months ago.
But the spammer can still send Malware from that IP.
The IP is a Connecting IP Address according to Message Header Analyzer.
While the anti-Malware policy quarantines the email, I am unable to understand why the IP block list in the connection filter is not applied and the mail was not rejected primarily.
Microsoft has https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/secure-by-default?view=o365-worldwide that tenant overrides (IP Allow list in connection filter) are not applied for Malware.
Does it also mean IP Block list is also not applied?
1 Reply
- I think I am getting to understand why something like this is happening:This is my hypothesis:The rules/policies and settings created using old Microsoft admin portal were not properly migrated by Microsoft when new security and protection portals were created.What I mean is the older values in the IP Block-list for some reason are not read by the new connection-filter engine.---I also encountered another issue with editing the ASF settings of an anti-spam policy created few years ago.For one of the old anti-spam policies and the default policy, I was unable to edit the Bulk email threshold (BCL) value . A slider to increase and decrease the BCL score was not present for these policies.I created a new policy to test if I could see the BCL slider, unsurprisingly I could see the slider.This means Microsoft had probably made some mistakes when migrating the policy settings/values from the old admin portal to the new ones.Only Microsoft Security team can confirm this.
