Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
736
Views
0
Helpful
2
Replies

Filter my domain as external sender

michelegarribba
Level 1
Level 1

‎03-16-2015 09:58 AM

Hi all,

 

i have an ironport environment, working well. One data intereface and one listener for incoming and outgoing emails traffic.

my customer asked me to be sure that his domain for emails, example mydomain.com always be blocked in incoming as a sender from internet.

how can i be sure to achieve that without blocking legitimate fraffic? is it ok putting it in blacklist for HAT? 

thanks a lot

smaikol

Labels:
0 Helpful
2 Replies 2

Robert Sherwin
Cisco Employee
Cisco Employee

‎03-16-2015 11:37 AM

If you do not wish to create a separate mail flow policy, and include that policy in order to drop, then setting @ the HAT is acceptable.  Try on of these TechNotes to best assist:

How do I blacklist or drop a sending domain using Incoming Mail Policy and Content Filter?

http://www.cisco.com/c/en/us/support/docs/security/email-security-appliance/118551-qa-esa-00.html

How do I blacklist a malicious or problem sender?

http://www.cisco.com/c/en/us/support/docs/security/email-security-appliance/118219-configure-esa-00.html

-Robert

Cheers,
Robert Sherwin
0 Helpful

Doug Maxfield
Level 1
Level 1

‎03-18-2015 08:01 AM

We used the "filters" command from the CLI.

spoofing: if (recv-listener == "IncomingMail")  {
                                              if mail-from == "@your_domain.com" {
                             drop();
                         }
                     }
            
This way it is done at the connection level and dropped immediately.

 

 

 

0 Helpful
Customers Also Viewed These Support Documents