Solved: ESA AsyncOS 7.6.2-014 | Filter non valid domain and address

Alcides Miguel · ‎08-04-2015

Hello,

Please need your help.

I'm having trouble with my email filter appliance that is receiving email from non valid domain, and because of my lake of knowledge about the product it self, I need advice how do I can stop this problem.

the test that I'm doing is:

############################################################

telnet mx1.mymailserver.com

220*****************************

HELO malange.com <non valid domain>

MAIL FROM: paca@kalandula.com <non valid address>

250 sender <paca@kalandula.coom> ok

RCPT TO: alcides@mymailserver.com

250 recipient <alcides@mymailserver.com> ok

DATA

353 go ahead

aaassddfdsnfdnf

.

250 ok: Message 4206071 accepted

QUIT

221

##########################################################

I want to stop this type of message to reach mailbox in our organization. need advice.

Best regards,

Alcides Miguel

Mathew Huynh · ‎08-04-2015

Hello Alcides,

With invalid domains sending emails through, there is a feature called "Envelope Sender DNS verification" where it will do a DNS lookup on the domain portion of the mail-from and if there is no valid DNS records found, it will reject the mail-from attempt. If this feature matches your requirement you can enable this in your GUI > Mail Policies > HAT overview > Click on the mail flow policy (ACCEPTED etc.) that you would like to enable this for. Scroll down to the bottom and you will see Envelope Sender DNS verification and enable this.

output would look like:

EHLO test
220 ironport.lab.com ESMTP
250-ironport.lab.com
250-8BITMIME
250 SIZE 20971520
mail from:<matt@test.cooom>
553 #5.1.8 Domain of sender address <matt@test.cooom> does not exist
^]

Else if you want to drop emails from a specific domain you can run content filters to drop by the envelope sender if you do not wish to accept emails from it.

Regards,

Matthew

View solution in original post

Mathew Huynh · ‎08-04-2015

Hello Alcides,

With invalid domains sending emails through, there is a feature called "Envelope Sender DNS verification" where it will do a DNS lookup on the domain portion of the mail-from and if there is no valid DNS records found, it will reject the mail-from attempt. If this feature matches your requirement you can enable this in your GUI > Mail Policies > HAT overview > Click on the mail flow policy (ACCEPTED etc.) that you would like to enable this for. Scroll down to the bottom and you will see Envelope Sender DNS verification and enable this.

output would look like:

EHLO test
220 ironport.lab.com ESMTP
250-ironport.lab.com
250-8BITMIME
250 SIZE 20971520
mail from:<matt@test.cooom>
553 #5.1.8 Domain of sender address <matt@test.cooom> does not exist
^]

Else if you want to drop emails from a specific domain you can run content filters to drop by the envelope sender if you do not wish to accept emails from it.

Regards,

Matthew

Alcides Miguel · ‎08-05-2015

Hi Matthew,

Thanks for your response I've this option enabled but is not working as expected.

Regards,

Alcides

Mathew Huynh · ‎08-05-2015

Hello Alcides,

Please know that this feature will check the envelope sender domain for DNS records, if they have valid DNS records (but you feel they're not a legitimate domain) then the feature will not block the email.

To stop from specific domains you do not wish to receive from/to you will need to incorporate local filters to do this.

GUI > Mail Policies > Incoming Content Filters > Add a new filter

or

CLI > filters > new

Filtername:

if (mail-from =="(?i)(@domain1.com|@domain2.com)")

{

drop();

}

.

Regards,

Matthew

Alcides Miguel · ‎08-11-2015

Hello Mathew,

Thanks for your attention. the solution worked as expected.

regards,

Alcides

Mathew Huynh · ‎08-11-2015

Hello Alcides,

Fantastic :)

Regards,

Matthew