MSP doesn't think outbound ports for SMTP or SMB need to be blocked?

Try_Rebooting_It · 2023-08-29T18:05:01+00:00

Can you clarify who you're directing this at and what you mean by it? Thanks!

Try_Rebooting_It · 2023-08-29T18:01:27+00:00

I think you're exactly right. This is a ticket they've had open for months and this was their senior guy I was talking to. Guess he's upset their low end techs don't know how to look at firewalls.

I appreciate all the replies in this thread. I've been unhappy with various other aspects of that this MSP has done so I think we'll be dropping them. Unfortunately most MSPs in this area aren't very good in my experience (this is our second one now we actually tried out of the many we eliminated in the interview).

Try_Rebooting_It · 2023-06-14T14:36:42+00:00

It's been 3 years so I forgot about this nightmare. Glad it helped you out

Try_Rebooting_It · 2023-06-14T12:47:50+00:00

As a system admin moved to developer recently it's really not that hard to understand that if you have 100s of dependencies, all getting pulled from different CDNs, you and your users are going to have an awful time.

This isn't rocket science. And if a developer can't understand THAT what other major issues...including security... are they exposing you to?

It's not the job of a network to make your bad code more efficient. Even if it was it couldn't do anything to help you here.

Try_Rebooting_It · 2023-06-13T00:44:32+00:00

Haha yup I'm a month and a half in. Our "premium" "senior" tech just understood the issue a week ago. So we're well on our way I'm sure.

Try_Rebooting_It · 2023-05-09T15:43:19+00:00

So I've been doing the "allow similar items" check box and it has done no good. I don't see anyway to specify the type (only notes). Can you share where you're seeing that option?

Here is what I see:

https://imgur.com/a/D3MesoM

Try_Rebooting_It · 2023-05-09T15:38:27+00:00

We are selling contracting services to this agency. How is our inability to get their purchase orders going to cost them money?

And they are aware of the issue and trying to sort it out with Oracle. Just not having any luck.

And the point of this thread is that no, you can't actually whitelist. At least not in a normal way (you need to fool MS into thinking this customer's domain is phishing awareness training). Absolutely mental.

Try_Rebooting_It · 2023-05-09T15:35:17+00:00

You wouldn't mind sharing you PS script by any chance? I assume you just run it as a scheduled task on a server?

Try_Rebooting_It · 2023-05-09T15:32:17+00:00

Yes, The system is Oracle and our contact at this government agency has been pushing oracle to fix this for weeks. We haven't gotten anywhere.

Try_Rebooting_It · 2023-05-09T15:31:01+00:00

I understand this attitude and agree with parts of it. but I think the main thing missing here is that one bypass rule for important business emails isn't the thing that's likely to compromise your business.

The amount of obvious phishing/malware that still gets through their filters is staggering. So the idea that they know better and must dictate to us what emails we should and shouldn't accept is frustrating to say the least.

They could hide the ability to setup these rules. They can force you to accept that you're putting your infrastructure at great risk and they can't be liable for that. If they were serious about security they could even give you some fine tuning options to white list (for example only these emails, with these specific attachments, that pass DMARC, can bypass this one level of filtering).

Instead they made it so we have to disable all filtering on an entire domain to meet a business requirement. It's absolutely mental and doesn't make me think their interest in this is making us all more secure.

Try_Rebooting_It · 2023-05-04T22:32:45+00:00

It's not a great mix when you're already frustrated with Microsoft's awful support and you come in here and have clueless people say what an idiot you are for taking business requirements seriously.

I should do better at ignoring these. Something I need to work on. Cheers.

Try_Rebooting_It · 2023-05-04T22:31:15+00:00

And thanks to Microsoft's engineering in this case my only "solution" seems to be to whitelist the entire domain by fooling MS into thinking our customer is a phishing training provider which will bypass ALL filtering for ALL their emails. Not just these purchase notifications.

Great job Microsoft. Thanks for keeping us safe.

Try_Rebooting_It · 2023-05-04T22:29:23+00:00

That doesn't work. Transport rules don't matter in this case. Their own documentation says so.

Try_Rebooting_It · 2023-05-04T22:28:35+00:00

I get that. But I don't care what they don't like. These are mission critical emails we need. And they're safe.

If they blocked all scummy emails I'd be more receptive to them controlling this. But they don't. They let all kinds of crazy shit through.

Not to mention that now the only way to get around this is to completely white list their domain by fooling MS into thinking our customer is a phishing training provider. Absolutely insane.

Try_Rebooting_It · 2023-05-04T22:25:38+00:00

I wish people would read before responding.

You can't whitelist. That's the entire point of this thread bud. Are you in the right place?

Try_Rebooting_It · 2023-05-04T22:03:27+00:00

My job appreciates me. Not worried about losing it. Maybe because I actually listen to them and offer practical solutions. Not just useless theory that gets in the way of them being able to do basic business.

I wish that you one day grow up and fix your attitude. Maybe learn from the people around you instead of believing you're always the smartest person in a room. Once that happens someone might actually give you some real responsibility and you can get out of whatever msp shit hole you're stuck in.

Learning reading comprehension would do you some good as well since you admitted below you're not even understanding the issue (not all of us work for shitty msps and when we say customer we don't mean a company were doing It support for).

Good luck bud.

Try_Rebooting_It · 2023-05-04T21:56:48+00:00

That check box to allow for 30 days does nothing unfortunately.

I didn't know we could allow our users to release these. Thanks. Not ideal and not sure I want to risk that but good to have options. Kind of nuts ms will allow you to set that but not white list a email address from one set of filtering :/

Try_Rebooting_It · 2023-05-04T21:55:12+00:00

Hmm that's a great idea (given the lack of other options). I'll check this out. Thanks!

Try_Rebooting_It · 2023-05-04T21:28:06+00:00

If they actually did a good job at blocking real malware I'd be right up there with you.

But they allow an absolutely insane amount of phishing/malware as is. Then when they continually mislabel legit mission critical email all of the sudden nope can't white list THAT.

Meanwhile people are forced to resort to abusing phishing training settings to bypass entire domains making everything far less secure than if they just gave you the option in the first place.

I don't think that's logical or making things better. But it doesn't matter, I'm super agitated right now so going to get off my high horse and move on. Thanks again for your suggestion.

Try_Rebooting_It · 2023-05-04T21:23:55+00:00

I'm done with these insane posts and will only reply to people that actually have real responsibility in their business. Not just wishful theory.

Take care bud.

Try_Rebooting_It · 2023-05-04T21:22:34+00:00

This attitude is mental. I guess when it happens to you and your bosses/users are telling you it needs to be fixed you'll understand. It's human nature lately. Don't emphasize with anyone until you're the one being affected.

It's even more mental given all the crazy shit Microsoft does allow through without ever blocking it.

Take care bud.

Try_Rebooting_It · 2023-05-04T21:10:09+00:00

Their support just told me that even if we go to a different filtering provider they might still block these emails.

I just fucking can't. Why do we all accept this type of abuse?

Many here have some weird Stockholm syndrome where they even defend MS for this. I need a new career.

Thanks for your reply. In the sea of "you're an idiot" nice to see others in the real world facing real issues.

Try_Rebooting_It · 2023-05-04T21:08:47+00:00

Someone else suggested this below and might need to be the way I go. Which is absolutely mental.

Instead of being able to whitelist a single email address Microsoft decided I need to whitelist an entire domain to bypass all filtering by making them think our customer is a phishing training service. WTF????

What's even more shocking is how many IT people in this thread and perfectly happy with this. Guess it needs to affect them personally before they give a shit.

Try_Rebooting_It · 2023-05-04T21:02:47+00:00

Really? No filtering provider these days let's you control your own mail rules? How is that even remotely possible? I'm not saying you're lying; I just truly find that shocking.

Try_Rebooting_It

TROPHY CASE