How can i block an IP or sever from sending to my domain

Scott Paananen · ‎09-20-2021

Good Morning everyone,

I have noticed a sever/IP has ben sending spam to our filters. They use different domain names in the address, I am wondering how i can block the IP address they are coming come outright. I know i can add senders address's to the Blacklist, but not sure how i can block IP's. Is this possible with the C100V? If someone can point me in the right direction, it would be great.

Thank you

Ken Stieers · ‎09-20-2021

Blocking by IP can be done in the Host Access Table (aka HAT), under Mail Policies/HAT Overview, and selecting the inbound listener.

In the Blacklist/Blocklist, you can enter the IPs, or domains of senders that you want blocked.

Keep in mind that this is THE SENDING SYSTEM, not the email address and this happens during set up of the TCP conversation.

If someone has an email address of badguy@junk.com, but is using GMail or Office365, you won’t want to put the IPs you’re seeing his mail from into this, as it will also block legit email.

For mail where you need to block by email address, or email domain, you’ll want to create a mail policy, and put it at the top of you policy list under Mail Policies/Mail Incoming Mail policies. Turn off all of the various security features for this policy (because why waste the cycles if you’re just throwing it away). Create a content filter called “drop everything” with no conditions, and just a Drop action. Add this content filter and no others to this new mail policy.

Also under Mail Policies/Mail Policy Settings you’ll want to set the priority of the match so Header From and Envelope Sender are P1… (mine is set so that all 4 are P1).

Then, going forward as you come across email addresses you need to block you can add them to this policy.

Hope that helps!