Solved: Only a range of network IPs can only send emails to specific domani

EUR · ‎12-06-2024

How can I indicate to Cisco ESA that a certain range of network IPs can only send emails to a certain domain? ES 172.19.0.0/16 only to @example.com

TNKS

Ken Stieers · ‎12-07-2024

In Outgoing Mail Policies, you add a new policy with recipients=example.com

That will splinter mail sent to multiple recipients where some are example.com. Splintering makes a copy for each policy that applies, so each policy gets the mail that and processes differently.

Ex. You have a mail sent to someone at cisco.com and example.com. A copy of the mail with just the example.com recipients gets processed via the policy for them and the rest falls to the default.

Mail splinering is covered here:
https://www.cisco.com/c/en/us/td/docs/security/esa/esa16-0/user_guide/b_ESA_Admin_Guide_16-0/b_ESA_Admin_Guide_12_1_chapter_01001.html#con_1121454

View solution in original post

Ken Stieers · ‎12-06-2024

So, this feels like an outbound rule, yes?

Add the IP range to the RELAYLIST SenderGroup so that they can relay through the ESA.

Under Mail Polices/Outbound Content Filters, add a new outbound filter
Set the Conditions to
Remote IP/Hostname is 172.19.0.0/16
Envelope recipient does not end with example.com
Make sure to pick "Only if all conditions matchs"
Set the action to Drop

In the Mail Policies/Outgoing Mail Polices, select the "Content filters" section and enable this new filter.

EUR · ‎12-06-2024

Hello Ken,

thanks for the reply, I have already done this operation, individually it works but the problem is that the content filter does not work if I send an email and in the recipients in cc I put different recipients and if it happens that the last one is the domain example.com the rule don't work.

I also tried to do it via message filter but it has the same problem.

I activated antispam and antivirus to try to split the control individually on each recipient in cc.

It seems as if the ESA with more than one recipient in CC takes a unique string instead of handling them as individual recipient emails. Do you have any ideas about it?

Ken Stieers · ‎12-06-2024

Ok. You need splintering

Create a content filter.

Name: Dropiffrom172.19
Condition remote ip =172.19.0.0/24
Action drop

Add that to your default policy.

Create a policy above your default policy, set the recipient address to @example.com, and don't add the drop content filter to it.

EUR · ‎12-07-2024

hi, thanks for the advice but I don't understand should I only do these two actions or also insert the filter you recommended above somewhere? divide the recipients in this way? I'll try and let you know

Ken Stieers · ‎12-07-2024

In Outgoing Mail Policies, you add a new policy with recipients=example.com

That will splinter mail sent to multiple recipients where some are example.com. Splintering makes a copy for each policy that applies, so each policy gets the mail that and processes differently.

Ex. You have a mail sent to someone at cisco.com and example.com. A copy of the mail with just the example.com recipients gets processed via the policy for them and the rest falls to the default.

Mail splinering is covered here:
https://www.cisco.com/c/en/us/td/docs/security/esa/esa16-0/user_guide/b_ESA_Admin_Guide_16-0/b_ESA_Admin_Guide_12_1_chapter_01001.html#con_1121454

EUR · ‎12-10-2024

tnx! it's works!