Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1565
Views
0
Helpful
1
Replies

How to block email attachments only from a specific domain?

Daniel_J_Brown1
Level 1
Level 1

‎02-21-2015 11:13 AM

Using C370 CISCO IronPort How do I block email attachments only from a specific domain?

Labels:
0 Helpful
1 Reply 1

Rehan Latif
Cisco Employee
Cisco Employee

‎02-21-2015 06:08 PM

Hi Daniel,

 

In order to achieve this, you have three options:

1. Using a new Incoming Mail Policy

- Create a new Incoming Mail Policy and define that domain as sender in policy members.

- Then create an Incoming Content Filter with a condition to match specific file info (for example: filetype, name, size, mime type, etc.)

- Define an action (quarantine, bounce, drop, etc.)

- Enable this filter in newly created Incoming Mail Policy

 

2. Using existing Incoming Mail policies

- Create a new Incoming Content Filter with condition to match sender address containing that domain.

- Add another condition to match specific file info (for example: filetype, name, size, mime type, etc.)

- Use "Apply Rule" as "Only if all conditions match"

- Define an action (quarantine, bounce, drop, etc.)

- Enable this Content Filter in all Incoming Mail Policies.

 

3. Using Message Filters

- From CLI -> filters add a new message filter like below:

block_attchment_example_com:
if (mail-from == "(?i)example.com$")
{
    if (attachment-filetype == "exe")
    {
        drop();
    }
}
.

- Please replace the mail-from domain with the actual domain.

 

If you wish to block all attachments, you can chose attachment size rule in all of above three options with a really smaller attachment size, this will result in matching messages that has an attachment.

 

Hope this will help.

Rehan

 

0 Helpful
Customers Also Viewed These Support Documents