Technical Queries

Sorry for the inconvenience caused. Let's get your email cleared as fast as possible.

In most cases, there is an element or two in the message (visible or invisible to you) that our international vendors have found in a recent spam or Phishing campaign.

To solve this issue quickly and stop it from recurring, we require a copy of the message sent. As soon as we get your message, we will clear the mail with our vendors and let you know it's clear to send again.

Please follow the instructions or watch the video below that best matches your mail client.

In order for SMX to investigate an email problem, the service desk requires a copy of the misclassified email (.eml format).

These are the steps to follow when sending the misclassified email to the SMX service desk with the most common mail clients and webmail clients:

1. Launch your email client
2. Create a new message and address it to emailsupport@smxemail.com
3. Drag and drop the misclassified email into the newly created message, it will now appear as an attachment

N.B. Please do not include other recipients in your submission whether in the To, CC or BCC fields.
In Mac OS X Mail and Outlook clients, use the "Forward as Attachment" option in the Message menu or via right-click.

Below are instructions for different email clients on how to submit your misclassified email to SMX.

Outlook Mail Client

• Submit false positive (a legitimate email that should not have been blocked)

Thunderbird Mail Client

• Submit false positive (a legitimate email that should not have been blocked)

Gmail Mail Client

• Submit a false positive.

Please follow these steps below to blacklist an email:

1. Log into the SMX Email Admin Portal - with your username (email address) and password.

2. Find the email in the mail search by searching for the message under "Inbound Scrubbing" or "Outbound Scrubbing". - It maybe helpful to use various criteria to search for the message in the logs such as the sender, subject and recipient.

3. Double click on the message to open the Message Details window to find out the envelope (actual) sender.

4. Copy the “From:” address and follow the instructions below to add this to the blacklist.

- Select Inbound Scrubbing or Outbound Scrubbing.
- Select Policies
- Select "Default Policy Set All Domains" (if this does not exist then please look for the set for spam by checking the configuration tab, see the image below)
- Select Blacklist
- Chose "Blacklist From User". Paste the copied email address in the field provided and click save.
- Please ensure the email address is entered in lowercase.

If your SMX Email Admin Portal login has technical access then please follow these steps below to add a new domain for filtering:

Login to the SMX Email Admin Portal and then click on Inbound Scrubbing and Scrubbing Domains.

Click on “New Scrubbing Domain” and enter the Domain Name and the Mail Relay Host and click on Save and the domain will go into a pending state and the SMX Service Desk will be notified that a domain has been added and will perform the checks outlined in the next question.

Once you have added a domain the SMX Service Desk will be sent a notification that you have added a domain. The SMX Service Desk will then check the domain relates to the company you have added it under by performing a ‘whois’ check. The SMX Service Desk will then make sure we can deliver through to the mail relay host that you have added in the portal from the SMX servers. If these things check out to be fine then the domain will be approved by the SMX Service Desk team.

To change the mail relay host for a domain once you are logged into the SMX Email Admin Portal click on inbound scrubbing and then scrubbing domains. Double click on the domain you wish to change the mail relay host for. Enter the new mail relay host in “Mail Relay Host:” and then click on save.

For New Zealand customers the MX records should be set to

10 mx1.nz.smxemail.com
20 mx2.nz.smxemail.com

For Australian customers the MX records should be set to

10 mx1.au.smxemail.com
20 mx2.au.smxemail.com

With SmartRules DLP you can create rules in the SMX email admin portal based on custom conditions and then take an action based on that condition.

Some conditions you may wish to check are:

• Sender
• Recipient
• Message size
• Content
• Attachments

Some actions that you may wish choose for a message is as follows:

• Quarantine the email
• Drop the email
• Redirect the email
• Add text to the top or bottom of the email

Yes if you install the "SMX Advanced Security Plugin" then your users will be able to submit spam to SMX to be reclassified via Outlook 2016 and above or Office 365.

Please see our easy to follow guide below for information on how to install the plugin and also our end user guide for your users to submit missclassified emails to SMX.

SMX Advanced Security Plugins - Admin Guide

SMX Advanced Security Plugins - User Guide

Emails that have triggered the Whaling Protection and URL Analysis which must be submitted manually via email to be re-classified as spam.

A whaling attack, also known as whaling phishing or a whaling phishing attack, is a specific type of phishing attack that targets high-profile employees, such as the CEO or CFO, in order to steal sensitive information from a company, as those that hold higher positions within the company typically have complete access to sensitive data. In many whaling phishing attacks, the attacker's goal is to manipulate the victim into authorizing high-value wire transfers to the attacker. Here is some helpful information from CERT NZ on protectiing yourself from a whaling attack.

To create a rule in SmartRules, click on the SmartRules DLP icon in the SMX Email Admin portal.

Then click on Inbound Rules or Outbound Rules depending on your requirements.

Click on “Default Inbound” / “Default Outbound” unless you want to make a new rule set.

Click on “New SmartRule” and the box below will appear:

Then give the rule a name and description (which is optional)

Conditions

Drag the conditions down in the top half of the box

Actions

Next drag the actions down in the bottom half of the box

Some possible actions are CC, BCC, Redirect, Whitelist, replace sender, send notification, add preamble, add footer, strip attachments, refuse message, drop message.

Change enabled to “Yes” if you want to turn the rule on straight away otherwise it is disabled by default. Click on Save.

The SMX Service Desk Team can email you a full SmartRules engine user guide on request, please contact us if you wish to have one emailed to you.

Login to the SMX Email Admin portal with your username and password and then locate the customer you need to perform the mail search under by either searching for the customer or expanding the tree on in the left hand side menu.

Once you have located the customer you can then search via Inbound Scrubbing or Outbound Scrubbing by clicking on mail search. You can click on the search icon and it will bring back the results without any filters.

If you want to limit the search results you choose one or more of the options on the left hand side:

You can enter the sender and or recipients email address, subject and also choose the mail type or the delivery status:

Mail type options:

• Clean
• Spam
• SPF
• Threat
• All Policy
• Whitelist
• Blacklist

Delivery Status:

• Received
• Rejected
• Queued
• Expired from Queue
• Rejected by Recipient
• Discarded 
• Delivered 
• Quarantined

You can also enter the message ID and limit the size of emails to be greater or equal to a certain size.

You can also change “Page Size” from 10 to 1000.

Why you want a DMARC capable secure email gateway:

DMARC is an email validation technology designed to protect your company’s email domains from being used for email spoofing, phishing scams and other cybercrimes. DMARC makes it easier for email senders and receivers to confirm if a message is from a legitimate sender. Identifying real senders from fake senders continues to get more difficult because the email technology ecosystem is complex and senders of fake email continue to adapt their delivery tactics.

DMARC puts one more hurdle in the way of cyber criminals. When combined with SPF (Sender Policy Framework) and DKIM (Domain Keys Identified Mail) you’re putting in place comprehensive email security defenses that will substantially increase your protection against high risk email.

DMARC checking is now performed on all inbound messages being filtered by SMX.

You can use DMARC with SMX products in the following ways:

Whitelisting:

• Its now possible to enable whitelisting of DMARC using the existing 'Policy Management' area in the SMX Email Admin Portal.
• Whitelisting can be configured per group of domains.
• A choice for users; enable whitelisting of Spam, Gray Mail, SPF, or DMARC.
• Conditional logic can be applied where some whitelisting options are not available because other options have been chosen or type of policy set may be in conflict.

DMARC Report / Statistics:

• Messages which fail due to DMARC can be individually reported as DMARC failures and are included in our Spam count reporting.
• The SMX Email Admin Portal Mail Event Report can be used to gain visibility of rejected email messages due to DMARC Spam. Note: this is not “DMARC Feedback” to sending domain owners, it is reporting available to SMX users regarding messages defined as DMARC Spam.

Existing whitelists:

• There is the option to enable DMARC whitelisting for existing SPF whitelist policy sets.

Hear From an Expert Panel 

Below you can watch our expert panel answer a few topical questions relating to the deployment of DMARC. On the panel we have (from the left) Colin Taylor – our SMX CTO, Tony Krzyzewski – DMARC Expert and Ambassador for Global Cyber Alliance and Darren Beattie – Manager, Network and Access for Tower Insurance representing the customer view.

DMARC Panel Discussion

DMARC - Is Google checking DMARC?

Can DMARC help sending email & does Microsoft add DMARC?

How to get buy in from executives?

Whats next after DMARC?

Please install the "SMX Advanced Security Plugin"  which will enable you to submit emails via your email client or alternatively please follow these instructions below.

Below are video clip instructions showing the process on common email clients to submit your email to the SMX Service Desk for reclassification :

Outlook Mail Client

• Submit false negative (a spam email that should have been blocked)

Thunderbird Mail Client

• Submit false negative (a spam email that should have been blocked)

Gmail Mail Client

• Submit a false negative.

While attaching a misclassified email please make sure it is in .eml format. Therefore, please follow the above 2 questions so we receive the email in the correct format. Any other method will not create an RFC822 MIME attachment, which will not provide the message in its original form.

Please follow the steps below to save and submit the email to the SMX service desk team. IT assistance might be needed, however if you are comfortable following these instructions below please carry on.

a. Save the whole email, including any attachments, to a folder on your computer (the desktop is suggested so you can locate it easily).

b. Next, please use one of the below mentioned archiving software to compress the files (WinRAR or 7-Zip):

WinRAR

Please follow the instructions below for using WinRAR to submit an email rejected as a virus to the SMX service desk for review, once you have saved the whole email, including attachments, to a folder on your computer.

To use WinRAR to submit an email rejected as a virus to the SMX support desk, go to the RARLAB WinRAR downloader page to download the software.

If you're unsure about the PC version (32 or 64-bit), choose the 32-bit version. Once you have the correct version for yourself, just follow these instructions:

1 of 4

1. Install WinRAR and with the 'file/files/folder' highlighted, right-click the file/folder you want to compress.

7-Zip

Please follow the instructions below for using 7-Zip to submit an email rejected as a virus to the SMX service desk for review, once you have saved the whole email, including attachments, to a folder on your computer.

To use 7-Zip, go to the 7-Zip website to download the software.

If you're unsure about the PC version (32 or 64-bit), choose the 32-bit version. Once you have the correct version for yourself, just follow these instructions:

1 of 4

1. Install 7-Zip​ and with the 'file/files/folder' highlighted, right-click on one item and from the sub menu select: '7-Zip Add to archive'. Important: If you are sending the file to another person, who may not have 7-Zip installed, change the 'Archive format' option from the default '7z' to 'Zip'.

c. Zip the email and password protect the zip file.

d. Compose a new message to emailsupport@smxemail.com and attach the password protected zip file.

Note: Please include the password in the body of the email so we are able to open it.

If your email has rejected due to an RBL (Real-time Blackhole List) and you have received this bounceback message:

"We apologise but this message from xxx.xxx.xx.xxx has been rejected due to 554-5.7.1 a RBL listing. If this is an error, please follow the procedures at 554 5.7.1 https://smxemail.com/rbl"

Please follow the steps below so you can send the email:

1. The IP address will be in the error.
2. Once you have found the IP address, scan any machines/devices related to that IP address and remove any malware/spyware/viruses.
3. Go to https://lookup.abusix.com/ to see which RBLs the IP address is on and request de-listing from the appropriate section.
4. After de-listing the IP address, you will be able to send the email again.

Other rejections due to RBL may occur with other providers for emails being sent in and out of SMX but Abusix is the only provider that SMX uses. If your email has been rejected by another provider then please follow their instructions.

To be notified of any incidents or planned maintenance, please visit Service Status page and subscribe to updates by email and/or text message.

The SMX Archive functionality automatically archives all external inbound and outbound emails that traverse the SMX cloud mail platform. However, in order to capture the internal emails sent and received between users (which normally would not pass through SMX), Journaling is required.

Journaling ensures a complete archive of the organisation’s emails are stored in a single, searchable, secure, off-site environment.

The journal address to use will be supplied on request. Please refer to your email provider for specific configuration requirements.

1. Quarantine

A new Quarantine module is available for licensed quarantine customers. The module provides a centralised area for previewing, downloading or releasing quarantined messages.

Key Features:

• Preview, Download or Release quarantined messages
• Messages are stored in a customers Quarantine for 14 days after which they are removed
• Create additional policies to Quarantine Gray-mail. Gray mail is created when our two mail filters have a missed match verdict on whether the mail is clean or suspected spam.
• Compatible with existing SmartRules quarantine policies

Email may be one of the following four types;

Email Types - Click to Enlarge

Quarantine Results - Click to Enlarge

Note: Customers can continue to use the existing Quarantine preview and release functionally within Mail Search, however, we encourage customers to use the new module as we intend to remove legacy functionally in a future release.

2. UI/UX Improvements

We have had a general clean-up and modernisation of the UI during this release, which include:

• Flattened UI
• General UI/UX Improvements
• Customer Dashboard layout improvements
• Updated charting engine

3. Archiving Improvements

Clicking on a message in the search results will take you through to the message details/preview view.

When you add a blacklist entry then any emails that match that policy entry the sender will receive a message letting them know their email has been rejected due to policy and the email will be dropped.

These are predefined reports which are already configured in the SMX Email Admin Portal:

The reports will vary depending if you are on your reseller account or customer account.You can run the report by clicking on “Run Report” or “Subscribe” to the report if you wish to have it emailed to you. Below are the subscription options:

The formats you can choose are:

• PDF
• HTML
• CSV

You can have the report delivered to you:

• Daily
• Weekly
• Monthly

You can report on data in the following periods:

• Last 24 Hours
• Last 2 Days
• Last 3 Days
• Last Week
• Last Month

Custom Subscribed Reports

These can be subscribed to under “Mail Search” under Inbound Scrubbing or Outbound Scrubbing by clicking on the Subscribe button.

Below are the options you can choose:

In the Options section you can choose the criteria on which you wish to match the emails on.

Whitelisting is only designed to be a temporary measure to allow the email through for further analysis and reclassification. Whitelists come with potential security risks so it is recommended to use them sparingly or until a fix is made. Adding whitelists should also comply with individual company’s security policy.

Please follow these steps below to whitelist the email for spam:

1. Log into the SMX Email Admin Portal - with your username (email address) and password.

2. Find the email in the mail search by searching for the message under "Inbound Scrubbing" or "Outbound Scrubbing".

3. Once you hit ‘Search’ button you will see email logs on right hand pane. Double click on the message to open the Message Details window to find out more details about the message.

4. Copy the “From:” address and add this as a whitelist under the default set. You can check this applies to spam under the configuration tab.

Please note the policy sets run in order from top down and when a policy is hit it will not traverse down the policy sets further. You can move a policy set up and down by clicking on the arrows on the right hand side of the policy set.

When you add a whitelist into the SMX Email Admin Portal this will override the verdict of the email and let the email through to the recipient. This is based on the policy set in the portal. The policy set can be set to override spam, SPF or DMARC checking.

In the mail search you will notice different colours for emails which are as follows:

Once you have found a message in the SMX Email Admin Portal under Inbound Scrubbing or Outbound Scrubbing you can double click on the message which will give you further details on why it was rejected under the delivery status and mail type.

Important Information

Updating your mail configuration:

It is important that when you make a change to your email configuration – eg change your mail server or add a new IP address the correct records that you would like to be archived are selected under the configuration tab. If you are using Office 365 with SMX please ensure you use Archive All in the configuration.

Have further questions about archiving?

For more information on SMX Archiving please read the latest blog from SMX email evangelist Thom Hooker here or contact us

If an email has been rejected due to SPF (sender policy framework) this is because the sender is sending from a location that is not in the SPF record of the sending domain. An SPF record outlines the host names and IP addresses that the sender can send from. Eg:

smxemail.com txt
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14458
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;smxemail.com. IN TXT

;; ANSWER SECTION:
smxemail.com. 7200 IN TXT "v=spf1 include:spf.nz.smxemail.com -all"

If the SPF record is set to hard fail (-all at the end of the record) and the email is coming from a location which is not in the SPF record then the SMX platform will reject the message with a bounce-back to senders mail server.

You can see the IP address that sender is sending from in the SMX Email Admin Portal by double clicking on the message in the search results and looking at the “From Host:”

Kitterman is a good website where you can check the current SPF record for a domain and also check a proposed SPF record you plan to add or update for a domain.

If an email is rejected due to SPF it is best for the senders IT support update the SPF record or send from a location already in the SPF record rather than adding a whitelist in the SMX email admin portal. Whitelisting can cause security risks and is only designed to be a temporary solution.

Once you have located the email under Inbound Scrubbing or Outbound Scrubbing souble click on the message in the search results which will give you more details. If there is a generic queuing message then there may be an issue with your firewall or mail server which you may wish to investigate or in the case of an outbound message there maybe an issue with the recipients server. 

You can contact the SMX Service Desk to see if we can reach your mail relay host from our servers.

Once you investigate and resolve the issue the emails should start flowing again. We try every 15 minutes to send the emails through.If you see a message like “Insufficient system resources” then the recipients server hard drive maybe full or the server maybe out of memory.

Once you investigate and resolve the memory or hard drive issue the emails should start flowing again. We try every 15 minutes to send emails through.

Click on the Quarantine product icon in the SMX Email Admin Portal and locate the message under the search results and double click on the message and then click on “Release”.

For a more detailed guide please contact the SMX Service Desk

Click on the Archive product icon in the SMX Email Admin Portal and locate the message under the search results and select the message in the left hand column and then click on “Download selected”. For a more detailed guide please contact the SMX Service Desk