Email Security acts like the 'man-in-the-middle' filter that scans the emails sent to your organization before reaching your mailboxes. Most of the issues that were reported on Email Security refer to misconfiguration or misunderstanding of the functionalities embedded in the product.
1. The Quarantine Report does not include all of the emails that were placed in quarantine
2. Allowlisting issues
3. Incorrect configuration of the Inbound Flow (MX Records, SPF Records)
The Quarantine Report does not include all of the emails that were placed in quarantine
BEHAVIOR: the Quarantine Report does not include all of the emails that were placed in quarantine
SOLUTION: this issue happens because of incorrect Spam Limits configured in the Quarantine Report settings. To solve it, you need to go to the HEIMDAL Dashboard -> Network Settings -> Email Security -> Quarantine Settings and edit the Spam Limits (View & Edit Quarantine Report). The settings below will include only the emails that receive a score within the selected values (e.g. if an email is marked as Possible Spam, it needs to have a score between 4 and 100 to be included in the Quarantine Report. If it receives a score that is lower than 4, it will not be included in the Quarantine Report).
You also need to make sure that the categories below are marked to be included in the Quarantine Report:
Allowlisting issues
BEHAVIOR: I am trying to allowlist an email address/domain/IP Address and emails coming from the sender are still blocked.
SOLUTION: an email can be quarantined due to a number of reasons and this is why it is important to make sure that you allowlist the sender's email address/domain/IP Address for that specific reason. To solve this situation, you need to go to the HEIMDAL Dashboard -> Network Settings -> Email Security -> Blocklist, Allowlist & Greylist and edit the scan settings for the specific entry (email address/domain/IP Address). In case an email is being quarantined because of an SPF/DMARC failure, you need to disable the SPF/DMARC scanning for the allowlisted email address. In the case below, the test@test.com email address is being allowlisted for Spam scanning, Attachment detection, ATP, and Non-TLS block. The SPF/DMARC and the Virus scanning checks are still being performed.
Incorrect configuration of the Inbound Flow (MX Records, SPF Records)
BEHAVIOR: not all the emails that are sent to my organization are being filtered by Email Security trying or I am not receiving any email since I enabled Email Security.
SOLUTION: this scenario can is determined by incorrect DNS settings on your domain or by firewall restrictions.
In order to have Email Security filter all your emails, you have to make sure that eu-esec-01.heimdalsecurity.com and eu-esec-02.heimdalsecurity.com have the highest priority/cost (e.g. GoDaddy considers Priority 0 as the highest or a cost of 10).
Check your Firewall to see if there are any limitations for the Email Security IP Addresses and make sure they are whitelisted: 20.50.183.144, 20.50.183.145, 20.50.183.146, 20.50.183.147, 20.50.183.148, 20.50.183.149, 20.50.183.150, 20.50.183.151, 20.88.177.208, 20.88.177.209.
If none of the above help please reach out to the HEIMDAL Security Support Team.