I have a virtual ESA with a geolocation inbound content filter as the 3rd filter from the top of the list. It doesn't work and only sporadically when it does. Since we are a community-based firm, we would like to quarantine all email that isn't coming from the USA.
The filter itself is relatively simple. The rule includes all countries except USA and then adds a few exceptions for specific domains we don't want quarantined. The action is: Add a log entry, quarantine to the geolocation bucket, and skip the remaining filters. The apply rule is set to "Only if all conditions match".
I have an open case and support says they were able to replicate the behavior and would escalate. Wondering if any of you use the Geolocation block content filter and if it works properly for you? We are on the latest Asynch OS version: 14.2.2-004. Thanks in advance for any feedback.
We don't use the geolocation content filter. We have it set up on the Host Access Table (HAT) on the Public Listener. We've added particular geolocations to the Blocklist. Using the content filters was using up too much CPU for emails we didn't want anyway. Cheers,
Another and better way to accomplish the same goal - thanks. If I may ask, how do you handle exceptions? I'm U.S. based and we have a couple of vendors in the UK and CA so I can't geoblock the country entirely. Add their domain to Allowed in HAT?