To prevent email spoofing, I would recommend you to use below message filter on your ESA appliance:
Here is the sample filter you can use: ============== Anti_Spoofing: if (sendergroup != "RELAYLIST") AND (Sendergroup != "ALLOWED_SPOOF") { if ((header("From")== "(?i)@domain\\.com") OR (mail-from=="(?i)@domain\\.com$")) { quarantine("Policy"); } } . ==============
Please note that this is a sample message filter. Please change it as per your requirements.
Where domain.com is your internal domain and ALLOWED_SPOOF is a sendergroup you need to create for exceptions and add IP addresses you want to allow for spoofing (if any).
Steps to create a sendergroup. 1. Go to Mail Policies>> HAT Overview. 2. Click on Add Sendergroup. 3. Enter name ALLOWED_SPOOF 4. Select the order such that it is placed just above WHITELIST. 5. Select the newly created policy. 6. Click on Submit and Add Senders. 7. Add the IP addresses or hostnames of external servers from where you want to allow spoofed emails. 8. Submit and Commit changes.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: