Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
1975
Views
10
Helpful
5
Replies

IronPort - allow a partial email address through

jman2
Level 1
Level 1

‎09-30-2021 08:59 AM

We get a lot of marketing email from cmail20.com domain and it's been included in Incoming Content Filter to capture and quarantine, then alert recipient.

It transpires now that the World Health Organization appears to be using that domain in some mailings that people want.

While I can create an Incoming Mail Policy to try and exempt particular email addresses from said Incoming Content Filter, the problem is that the Incoming Mail Policy doesn't really allow me to input partial addresses.
For example i'd like to input envelop sender contains  "WorldHealthOrganization*@cmail20.com"
But that doesn't seem to work as a wildcard.


Looking at the email addresses we are receiving, they are sending using different email addresses:

WorldHealthOrganization-ayknul1thlljujkty1d@cmail20.com
WorldHealthOrganization-ayknul1thllykhdkh1d@cmail20.com
WorldHealthOrganization-ayknul1thllwljhj1d@cmail20.com
WorldHealthOrganization-ayknul1thllsildl1d@cmail20.com

 

How should i allow these?

 

Labels:
5 Replies 5

Ken Stieers
VIP
VIP

‎10-01-2021 08:13 AM

You could create a policy for @cmail20.com, and then on the content filter that quarantines/alerts on these mails, set the condition to be
mail-from != "^WorldHealthOrganization"

0 Helpful

jman2
Level 1
Level 1
In response to Ken Stieers

‎10-22-2021 07:32 AM

Sorry Ken that's not going to do what i want.

I want to quarantine all the spam we get from cmail20.com and only allow mails that match partial sender addresses.


However  Incoming Mail Policy options don't provide much nuance.

I'll tried WHOLessAlcoholUnit*@cmail20.com but this doesn't  work.

I'll  try WHOLessAlcoholUnit@  next but i have a feeling it will also not work.

The Incoming Mail Policy doesn't accept text like  mail-from != "^WorldHealthOrganization"

 

 

0 Helpful

Ken Stieers
VIP
VIP
In response to jman2

‎10-22-2021 09:12 AM

You're right, you can't make the decision at the policy level.  I’m saying let all the mail from @cmail20.com to come through its own policy, and then make the split decision in content filters.  

 

policy.PNG

 

policyblock.PNG

 

Then the content filter for Permit_WHOLess would look like this:

contentfilter.PNG

jman2
Level 1
Level 1
In response to Ken Stieers

‎11-11-2021 02:41 AM

Thanks but that doesn't accomplish what i seek.

 

 

In my case, we get maybe 50+ emails from "WHOLessAlcoholUnit", but only around 10 or so recipients actually want them.

So i'm happy to have emails from "WHOLessAlcoholUnit" get Quarantined, but would like to allow them through only for the people that express they want them.

That's the nuance i'm looking for.

 

Currently we have a Content Filter where everything from cmail20.com goes to Quarantine and the recipient is alerted.

 

0 Helpful

Ken Stieers
VIP
VIP
In response to jman2

‎11-11-2021 06:21 AM

Create a policy with the sender as @cmmail20 as sender, and an AD group, or just the recipients list with your 10 people in it as recipients, then a content filter for that filter that drops everything except senders that contain "WHOLessAlcoholUnit."

 

policyconfig.PNG

 

Then another policy with just sender as @cmmail20 as sender, and a content filter that drops everything.

0 Helpful
Top