02-25-2005 10:25 PM
This section is to share real-world stories about how folks have configured their IronPorts. What really works (or doesn't) out there in the IronPort Nation?
04-05-2005 05:59 PM
To block some virus generated mails we reject mail from the Internet side which claims to be from an internal mail address. We use a message filter for this e.g.
if ((mail-from == "@my-domain\\.com$") AND (recv-int != "IntraNet")) AND (sendergroup != "TRUSTEDSOURCE") { drop(); }
internal Interface is called "IntraNet". We've set up a new HAT sender group "TrustedSource" which is a list of IP's that ARE allowed to submit mail that claims to be from our systems (e.g. partner companies sending mail on our behalf). This group is linked to a mail flow policy that lets them use us as a relay. OK - relaying is not ideal and anything they send us (regardless of from address) is treated in reports as "Outgoing" mail.
This seems to be blocking ~1% of incoming mail.
04-07-2005 12:50 AM
We tried this but we found there are enough very simple distribution lists (eg a unix /etc/aliases list) which meant that we had to accept our own email domains from the internet.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide