cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
944
Views
0
Helpful
3
Replies

Help with message filters

joel.nyholm
Level 1
Level 1

Hi all,

I have a message filter that prevents members in a AD group to send messages to external recipients. The filter just check if the mail is sent from a member of the AD group and then drops the mail. Now I want to change the filter so that members of the group just can send messages to some external recipients.

Today's message filter..

if (recv-listener == "OutboundMail") AND (mail-from-group == "cn=AD group....") {
notify ("user@example.net");
drop();
}

And what i want to accomplish..

if (recv-listener == "OutboundMail") AND (mail-from-group == "cn=AD group....") {
"only allow to:" user1@externaldomain.com;
"only allow to:" user2@externaldomain.com;
} else {
"drop anything else, both cc and bcc recipients that are not specified as allowed adresses i the filter"
};

I hope anyone can help me or give me a hint how I should handle this.

Thanks,

Joel

3 Replies 3

kluu_ironport
Level 2
Level 2

I think you can achieve what you're aiming for with nested IF statements in your message filters, but I wanted to offer a suggestion.

You can try using a combination of outgoing mail policies and outgoing content filters.

Here is how I would approach it using this method.

1. Since it's an Outbound Listener, the "Mail Policies > Outgoing Mail Policies" probably applies since it's from Internal out to the Internet.

2. Create a new outgoing mail policy called "Restricted-Outbound". In this outgoing mail policy, have it match against certain AD groups that the internal sender belongs to. You can see this option on the lower left hand corner when you first create the outgoing mail policy.

3. After this new policy is created, you have the option of enabling/disabling antispam/antivirus.

4. In the outgoing content filters, create a content filter that looks for either specific recipient email addresses or recipient domains. Only traffic where the internal recipient is a member of a particular group will match this new outgoing mail policy, you can create specific outgoing content filters that apply to members of this group.

5. Once you have matches, you can apply whatever action you want.(e.g. notify, quarantine, etc).


Let me know what you think about this. Does it provide everything you need?

joel.nyholm
Level 1
Level 1

Hi,


Tanks for your reply. I tried your suggestion with mail prolicies and content filters and it almost worked. The content filter drops the message if the recipient match the content filter (Envelope Recipient Equals ==). If a message has multiple recipients and one of the recipients match the content filter the mail will be delivered to all recipients and that is what I want to prevent.

Is it possible to only allow one specific recipient even if the user sends a message with multiple recipients?

Thanks,

Joel

kluu_ironport
Level 2
Level 2

I believe for both message filters and content filters that you can't splinter by recipients. For example, if there are 10 recipients, half are gmail and half are yahoo, and you wanted to not deliver for just the gmail users, you wouldn't be able to separate that out with either of the filters. It would affect the entire message.

However, you can splinter the senders/recipients in both the incoming/outgoing mail policies though. [e.g. Mail Policies -> Outgoing Mail Policy]

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: