cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Cisco Secure Email Support Community

Product Support Talos Support Cisco Support Reference + Current Release
Gateway Reputation Lookup Open a support case Secure Email Guided Setup
Gateway: 14.0.0-698
Cloud Gateway Email Status Portal Support & Downloads docs.ces.cisco.com
Email and Web Manager: 14.0.0-404
Email and Web Manager Web & Email Reputation Worldwide Contacts Product Naming Quick Reference
Reporting Plug-in: 1.1.0.136
Encryption Bug Search
Encryption Plug-in: 1.2.1.167
Cloud Mailbox Notification Service
Outlook Add-in(s): More info

1842
Views
0
Helpful
8
Replies
Gregoire LECOMTE
Beginner

Sender authorized Mail FROM

Hello,

We would like to allow only incoming mails from know sender Mail From address for our internal smtp. (not internet).

Does someone already implement this? what component do you use (dictionnary, content filter, Exception table, ...)?

Thx

8 REPLIES 8
kluu_ironport
Explorer

Do you have two listeners? One for inbound traffic (e.g. originating from the Internet) and one four outbound traffic (e.g. originating from internal mailservers).

If you do, this would make it much easier to do. Internet traffic is generally considered Inbound Mail (e.g. Incoming listener) and internal traffic is considered Outbound Mail (e.g. Outgoing listener).

If you have this, then click on "Mail Policies > Outgoing Mail Policies". Have two policies.

1. Allowed Sender From Domains
2. Default Policy

On #1, add all the Sender From (mail from:) that you want to allow to relay and deliver.

For #2, set that to drop.

Let me know if you have any questions.

Jason Meyer
Beginner

This is something that I have been thinking about lately also... I work with roughly 16,000 mailboxes so I could easily add the domains to an outgoing policy to test for valid domains... but I think glecomte is asking how he can verify that actual FROM address is valid...

In my environment I have lots of web developers and application developers that like to setup scripts to send e-mails from non-existant domains, for the most part these e-mails go through, but if they send the e-mail TO a bad address it bounces back and sits on IronPort...

Any opinions on best ways to stop this? If I setup a filter to test for valid domain I will break the working e-mails... Currently I am monitoring the e-mail that gets stuck on my IronPort boxes and if I see a abnormaly high number I contact the originator of the e-mail and try to explain why sending e-mail FROM a valid address is important...

any thoughts/comments??

Under the "RELAYED" policy, you can use the "Use Sender Verification Exception Table" to allow some bad "mail from" to get through...


This is something that I have been thinking about lately also...  I work with roughly 16,000 mailboxes so I could easily add the domains to an outgoing policy to test for valid domains...  but I think glecomte is asking how he can verify that actual FROM address is valid...

In my environment I have lots of web developers and application developers that like to setup scripts to send e-mails from non-existant domains, for the most part these e-mails go through, but if they send the e-mail TO a bad address it bounces back and sits on IronPort...

Any opinions on best ways to stop this? If I setup a filter to test for valid domain I will break the working e-mails... Currently I am monitoring the e-mail that gets stuck on my IronPort boxes and if I see a abnormaly high number I contact the originator of the e-mail and try to explain why sending e-mail FROM a valid address is important...

any thoughts/comments??

kyerramr
Beginner

If incoming connections from these app servers are made to match to an accept policy, perform a recipient validation (LDAP). This way message would be rejected at the conversation rather than bouncing after a delivery failure.

kyerramr
Beginner

Glecomte,

If you want to validate if mail from address belongs to a valid domain, user Sender Address verification.

Please elaborate if this isn't your requirement.

There are practically 4 "meaning" of "valid mail from".

1. RFC822 (or 2822 whatever) compliant ( "My Name@mydomain.com is NOT)

2. a DNS query valid domain (me@nonexist-hotmail.com is NOT, but hotmail.com is valid)

3. a valid internal domain (me@hotmail.com is NOT valid, nonexist@mydomain.com is _still_ valid)

4. a valid LDAP internal user (myemailexist@mydomain.com is valid)

If you look for authorization. You need simply SMTP auth. (that's for Glecomte).

You can also use a group query for this, create a mail policy where the sender address must exist in a group and drop() all messages from the default outgoing mail policy.

Content for Community-Ad