09-06-2022 03:19 AM - edited 09-06-2022 03:22 AM
Hello,
In order to increase security for a specific domain, we need to restrict email sending from sender@example.com to only be able to send us emails from IP xyz. Is this possible using Ironport/ESA?
We usually rely on DMARC with DKIM and SPF alignment, but in this case we cannot.
Solved! Go to Solution.
09-06-2022 06:38 AM - edited 09-06-2022 06:40 AM
You can configure a message filter to drop the messages when the remote IP address of sender@example.com is not the one you are expecting from.
MF_Example:
if (mail-from == "sender@example.com") AND ((not(remote-ip == "192.168.10.10")) { drop(); }
MF_Example:
if (mail-from == "sender@example.com") AND (remote-ip != "192.168.10.10")) { drop(); }
if there's more than one IP address, then you can have multiple ways to do it, I like the approach of creating a Sender Group and adding the IP addresses and later using the "sendergroup" rule to drop the message if the sender IP address is not matching the SG you created for that sender.
MF_Example:
if (mail-from == "sender@example.com") AND ((not(sendergroup == "3RDPARTY")) { drop(); }
As Ken mentioned in his reply, once the message is dropped by the ESA the sender side, cannot retry so the best option is to agree with them on sending the messages from some specific IP addresses, and at the same time deploy filters or other mechanisms on your side to make sure messages from that sender are coming from the agreed IP addresses.
09-06-2022 04:31 AM
09-06-2022 06:38 AM - edited 09-06-2022 06:40 AM
You can configure a message filter to drop the messages when the remote IP address of sender@example.com is not the one you are expecting from.
MF_Example:
if (mail-from == "sender@example.com") AND ((not(remote-ip == "192.168.10.10")) { drop(); }
MF_Example:
if (mail-from == "sender@example.com") AND (remote-ip != "192.168.10.10")) { drop(); }
if there's more than one IP address, then you can have multiple ways to do it, I like the approach of creating a Sender Group and adding the IP addresses and later using the "sendergroup" rule to drop the message if the sender IP address is not matching the SG you created for that sender.
MF_Example:
if (mail-from == "sender@example.com") AND ((not(sendergroup == "3RDPARTY")) { drop(); }
As Ken mentioned in his reply, once the message is dropped by the ESA the sender side, cannot retry so the best option is to agree with them on sending the messages from some specific IP addresses, and at the same time deploy filters or other mechanisms on your side to make sure messages from that sender are coming from the agreed IP addresses.
09-07-2022 01:15 AM
Thanks for an excellent answer. I will try this solution, seems like it will work.
The specific SMTP servers are of course agreed upon already.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide