Hi Daniel,

In order to achieve this, you have three options:

1. Using a new Incoming Mail Policy

- Create a new Incoming Mail Policy and define that domain as sender in policy members.

- Then create an Incoming Content Filter with a condition to match specific file info (for example: filetype, name, size, mime type, etc.)

- Define an action (quarantine, bounce, drop, etc.)

- Enable this filter in newly created Incoming Mail Policy

2. Using existing Incoming Mail policies

- Create a new Incoming Content Filter with condition to match sender address containing that domain.

- Add another condition to match specific file info (for example: filetype, name, size, mime type, etc.)

- Use "Apply Rule" as "Only if all conditions match"

- Define an action (quarantine, bounce, drop, etc.)

- Enable this Content Filter in all Incoming Mail Policies.

3. Using Message Filters

- From CLI -> filters add a new message filter like below:

block_attchment_example_com:
if (mail-from == "(?i)example.com$")
{
    if (attachment-filetype == "exe")
    {
        drop();
    }
}
.

- Please replace the mail-from domain with the actual domain.

If you wish to block all attachments, you can chose attachment size rule in all of above three options with a really smaller attachment size, this will result in matching messages that has an attachment.

Hope this will help.

Rehan