1. Do I apply these policies on the incoming mail policies or outgoing? Taking into consideration I have a 2-data port topology where data-1 is configured to face the internet (public) and data-2 is facing the LAN (private)
the decision if a connection is inbound or outbound is made based on the type of listener or mail flow policy. Basically, if a message comes trough a private listener, or a sendergroup with a RELAY mail flow policy, that connection is considered outbound, in all other cases it will be inbound.
About your policies, not sure if they will work as I am unsure how you configured:
“deny from firstname.lastname@example.org to email@example.com ”, could you be more specific on that? Also, why not set those rules up directly on the mail servers instead on the email security appliance? Would make configuration less complex.
Because I want to block firstname.lastname@example.org to send email to email@example.com only, I will have to define specific policies that drops firstname.lastname@example.org to email@example.com, then allow firstname.lastname@example.org to every other email. Something like firewall rules performing specific deny and allow any any at the last line.
I performed some internal testings and I realize that in order to specifically block from email@example.com to firstname.lastname@example.org, I have to define sender = email@example.com in the outgoing mail policy and firstname.lastname@example.org in the outgoing mail filter under filter = envelope recipient; action = drop (or vice versa). Otherwise, if I place sender = email@example.com and recipient = firstname.lastname@example.org in the mail policy, any email from email@example.com OR to firstname.lastname@example.org will hit the policy.
I feel that this is kind of brainless to do such thing and will add operational complexity. Unfortunately, my customer has a very strict security environment. I did say the same thing to him. "Why don't control on the server end?". He replied "what if my servers get compromised?"
Learn about the rapidly evolving cyberthreat landscape and how both organizations and users can protect themselves as we transition to a forever hybrid world through a conversation with Cisco Talos Security Research Leader for Europe, Middle East, Africa,...
When we said the word “hybrid” in the past, it usually recalled the image of a new variety of plant or maybe an electric car. These days, it applies to the workplace too.
The future of work isn’t “changing” to a h...
Thanks for attending our Ask the Experts (ATXs) session! Here’s the post-session resources for easy reference.
New to ATXs? An ATXs session, offered at no cost, is an hour of real-time learning led by Cisco experts, who will answer your technology q...
Cisco Secure Endpoint
New packages fit for every organization
Every Cisco Secure Endpoint (formerly AMP for Endpoints) package comes with Cisco SecureX built-in. It’s our cloud-native platform that integrates all your security solutions into one view wit...