Filtering outgoing sender based on email address

REJR77 · ‎04-07-2022

Hi,

Our customer has a large number of servers allowed in the HAT in the RELAY LIST group. So basically every server is able to send email out!! We know it is bad

We would like to filter outgoing email, based on the sender email address. Restricting with based on IP source is not possible at the moment since the customer has not an overal view of the servers

The idea is: "Only valid email sender can send email"

Is it possible to do so? Maybe with an LDAP group? Because I don't think we have the equivalent of the LDAP "Accept Query" to allow sender.

What would be the impact in term of performance?

By definition we don't know what are the outgoing email addresses, maybe the idea is to block all email addresses that are not in the LDAP server.

Or any other idea...

Thanks for th help or idea

Ken Stieers · ‎04-08-2022

Yes, lots of ways to do this, here's what I'd do to start to get a handle on the problem:

1. Create a policy quarantine called "Outgoing Junk", with maybe a 5 day retention, and then delete.
2. Create an Outgoing Content filter with 1 action, put all mail in the Outgoing Junk policy quarantine.
3. Create a new Outgoing Mail policy, with the "Following senders are NOT" and point it at the Ldap group Domain Users, or similar.
Any mail that isn't one of your LDAP users will get put in the quarantine so you can figure out where its actually coming from, and release stuff that needs to go.

Then, once I know what "senders" are sending mail, I'd flip it so it applied to those users, as opposed to the "NOT Domain Users" test...