02-16-2015 07:55 AM
Hi,
Need your help for below query:
If sender IP does not belong to sender domain or you can say MX record is invalid for sender domain mails should be quarantined or rejected.
Sender Verification already enabled in my mail flow policy but default action is accept so here i want to achieve my requirement with incoming content filter.
Thanks in advance for your help.
02-16-2015 11:08 PM
02-16-2015 04:53 PM
This may be a generalization.
But I imagine if a mail server enters into the ESA device, the ESA will do a Forward and Reverse DNS lookup to verify the mail server.
While it may not match your complete requirement of abc@test.com having mail.test.com, many verified servers would have their mail servers matching the domain (unless they're a hosted service) so you can use sendergroup matching to filter unverified senders (hosts which connect with no valid PTR/A record attached) to be throttled or dropped at the source if it fits your criteria -- i personally wouldn't drop such connections but would only throttle .
However with content filters, you will not be able to make the system check MX records against the sender domain;
SPF like Jernej suggested will allow some tests, but like you've noticed as well -- there are many servers which do not have SPF TXT records properly published -- but generally should have verified DNS settings.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide