I need some help setting up a message filter.
I work for a Global Company, but manage the IronPort Appliances for the UK which processes all the emails for our UK based companies.
Emails coming to the staff within our company however are routed through a number of appliances in our head office. Our head office process mails for our company all over the world, and hence due to the various different laws regarding stopping and deleting of e-mails the configuration of those IronPort’s are fairly open.
I can't get visibility of the Exact configuration of their IronPort’s but I know that the HAT Limit for discarding connections based on the SBRS is set to at least <-4, the CASE Engine is on, but only scanning for Positive Spam and not Suspect Spam.
Therefore as you can imagine we have a issue with Spam messages getting into our Mailboxes.
Therefore I want to setup a Message filter something along the following lines:
Head Office Spam
If recv-listener == "IncomingMail" AND (Mail-from == "*out\\.company\\.internal") (Where out.company.internal is the partial hostname of the head office MTA's)
Quarantine("HUB Tagged Spam")
Message Filters are not my strong point, therefore can someone please take a look and tell me if I am on the right track, or am going to cause major problems.
Thanks in advance.