Thanks Matthew, This is - Page 2

Mukesh Tiwari · ‎02-16-2015

Hi,

Need your help for below query:

If sender IP does not belong to sender domain or you can say MX record is invalid for sender domain mails should be quarantined or rejected.

Sender Verification already enabled in my mail flow policy but default action is accept so here i want to achieve my requirement with incoming content filter.

Thanks in advance for your help.

Mukesh Tiwari · ‎02-16-2015

Thanks Matthew,

This is really very helpful.

Mathew Huynh · ‎02-16-2015

This may be a generalization.

But I imagine if a mail server enters into the ESA device, the ESA will do a Forward and Reverse DNS lookup to verify the mail server.

While it may not match your complete requirement of abc@test.com having mail.test.com, many verified servers would have their mail servers matching the domain (unless they're a hosted service) so you can use sendergroup matching to filter unverified senders (hosts which connect with no valid PTR/A record attached) to be throttled or dropped at the source if it fits your criteria -- i personally wouldn't drop such connections but would only throttle .

However with content filters, you will not be able to make the system check MX records against the sender domain;

SPF like Jernej suggested will allow some tests, but like you've noticed as well -- there are many servers which do not have SPF TXT records properly published -- but generally should have verified DNS settings.

How to create content filter for messages coming from invalid MX record but domain exist?