Help with message filters

Unanswered Question

Hi all,

I have a message filter that prevents members in a AD group to send messages to external recipients. The filter just check if the mail is sent from a member of the AD group and then drops the mail. Now I want to change the filter so that members of the group just can send messages to some external recipients.

Today's message filter..

if (recv-listener == "OutboundMail") AND (mail-from-group == "cn=AD group....") {
notify ("[email protected]");
drop();
}

And what i want to accomplish..

if (recv-listener == "OutboundMail") AND (mail-from-group == "cn=AD group....") {
"only allow to:" [email protected];
"only allow to:" [email protected];
} else {
"drop anything else, both cc and bcc recipients that are not specified as allowed adresses i the filter"
};

I hope anyone can help me or give me a hint how I should handle this.

Thanks,

Joel

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
kluu_ironport Thu, 01/15/2009 - 04:25

I think you can achieve what you're aiming for with nested IF statements in your message filters, but I wanted to offer a suggestion.

You can try using a combination of outgoing mail policies and outgoing content filters.

Here is how I would approach it using this method.

1. Since it's an Outbound Listener, the "Mail Policies > Outgoing Mail Policies" probably applies since it's from Internal out to the Internet.

2. Create a new outgoing mail policy called "Restricted-Outbound". In this outgoing mail policy, have it match against certain AD groups that the internal sender belongs to. You can see this option on the lower left hand corner when you first create the outgoing mail policy.

3. After this new policy is created, you have the option of enabling/disabling antispam/antivirus.

4. In the outgoing content filters, create a content filter that looks for either specific recipient email addresses or recipient domains. Only traffic where the internal recipient is a member of a particular group will match this new outgoing mail policy, you can create specific outgoing content filters that apply to members of this group.

5. Once you have matches, you can apply whatever action you want.(e.g. notify, quarantine, etc).


Let me know what you think about this. Does it provide everything you need?

Hi,


Tanks for your reply. I tried your suggestion with mail prolicies and content filters and it almost worked. The content filter drops the message if the recipient match the content filter (Envelope Recipient Equals ==). If a message has multiple recipients and one of the recipients match the content filter the mail will be delivered to all recipients and that is what I want to prevent.

Is it possible to only allow one specific recipient even if the user sends a message with multiple recipients?

Thanks,

Joel

kluu_ironport Thu, 01/15/2009 - 16:58

I believe for both message filters and content filters that you can't splinter by recipients. For example, if there are 10 recipients, half are gmail and half are yahoo, and you wanted to not deliver for just the gmail users, you wouldn't be able to separate that out with either of the filters. It would affect the entire message.

However, you can splinter the senders/recipients in both the incoming/outgoing mail policies though. [e.g. Mail Policies -> Outgoing Mail Policy]

Actions

This Discussion