How to implement a unknown domain catchall or rewrite

dappleby300 · ‎04-13-2021

Hi All,

I am trying to setup an interface on a Cisco ESA which is for unauthenticated internal mail (SMTP) but has restrictions. I am trying to setup one of the two options;

Option 1 - Do not accept email when the sender domain is not from an approved list

Option 2 - If a email is submitted with a domain not in an approved list the sender is rewritten invalid-sender@example.org (MUST be DMARC compliant so that means MAIL FROM and body FROM)

I am struggling to find a way of implementing either options on the ESA. The Sender Verification Exception Table doesn't have a catch all reject function so that's not usable. Message filter I can't find a way of rewriting the body from and return path. Masquerading doesn't have a catch all.

Exchange had this functionality built in via ms-Exch-SMTP-Accept-Authoritative-Domain-Sender (https://docs.microsoft.com/en-us/exchange/receive-connector-permissions-exchange-2013-help). I'm after the same functionality.

Regards,

Daniel

marc.luescherFRE · ‎04-20-2021

For Option A i would create a dictionary called "Authorized_Domains"

add all domains in the dictionary including the @sign, one per line max 1500

then I would create an incoming content sender looking if sender contains list in dictionary then quarantine to a maybe "Unauthorized Domains" for checking.

For Option B you would also create a content filter checking for DMARC verdict in the SMTP header and then edit the header and replace it with whatever you want to have on field Sender: