Hi Daniel,
In order to achieve this, you have three options:
1. Using a new Incoming Mail Policy
- Create a new Incoming Mail Policy and define that domain as sender in policy members.
- Then create an Incoming Content Filter with a condition to match specific file info (for example: filetype, name, size, mime type, etc.)
- Define an action (quarantine, bounce, drop, etc.)
- Enable this filter in newly created Incoming Mail Policy
2. Using existing Incoming Mail policies
- Create a new Incoming Content Filter with condition to match sender address containing that domain.
- Add another condition to match specific file info (for example: filetype, name, size, mime type, etc.)
- Use "Apply Rule" as "Only if all conditions match"
- Define an action (quarantine, bounce, drop, etc.)
- Enable this Content Filter in all Incoming Mail Policies.
3. Using Message Filters
- From CLI -> filters add a new message filter like below:
block_attchment_example_com:
if (mail-from == "(?i)example.com$")
{
if (attachment-filetype == "exe")
{
drop();
}
}
.
- Please replace the mail-from domain with the actual domain.
If you wish to block all attachments, you can chose attachment size rule in all of above three options with a really smaller attachment size, this will result in matching messages that has an attachment.
Hope this will help.
Rehan