|Email Plug-in (Reporting):||18.104.22.168|
|Email Plug-in (Encryption):||22.214.171.124|
I am facing an issue with ironport configuration. At the moment we are running a IT awareness program. When a user does not manage to finish this training program we are then blocking any external email comunication to such users.
For this i am using a content filters where as condition i use: rcpt-to-dictionary-match("IncompleteTraining_block", 1) a dictionary which is populated with all the emails of users in the company that has not completed the training. Then the action is notification of such action and the e-mail gets quarantined. This all work fine.
The issue comes into when there is a group email with many recipients (to: or cc:). In between them there could be one or more that are still in the dictionary but all even the ones that are not there (thus completed - should not be blocked) gets their email blocked. This creates lots of issues.
My question is, that would it be possible to have blocked emails solely to the recipients that are actually blocked in the dictionary or that would only be possible to be done in the exchange? I could not find this, in any help docs and tried different combination of filters but there arent such options. So i am not completely sure if it would be possible.
Any help would be appreciated!
Solved! Go to Solution.
Thanks for reply,
To make it completely clear, so what i should do is:
I have this scenarion. Joe@domain.com is blocked and is included in dictionary under the content filter for blocking incomplete training users he should also receive notification and email should be quarantined. And then we have also Alice@domain.com she is not in the dictionary list (has completed training).
So i will create a new policy, here i will create sender: any; recipient: Joe@domain.com (basically should match those in the dictionary) because i want this policy to get triggered only to him.
So next time when an email arrives for to: Alice@domain.com cc: Joe@domain.com. Email will arrive only to alice and joe will receive and email with notification and his email will be placed into quarantine?
Would this be the right approach?
Yes, that's the right approach.
Under Mail Policies/Incoming Mail Policies, create a new one. Set the recipients to the list of users that are in your dictionary... though you may want to use an AD or LDAP group.
For this policy, you'll want the content filter to have NO lookup against the dictionary, that already happened when the mail hit this policy, no need to do the extra work of a dictionary match... and you don't want to have to manage this list of users in more than one place either.