Sender authorized Mail FROM

Unanswered Question
Apr 27th, 2009

Hello,

We would like to allow only incoming mails from know sender Mail From address for our internal smtp. (not internet).

Does someone already implement this? what component do you use (dictionnary, content filter, Exception table, ...)?

Thx

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
kluu_ironport Mon, 04/27/2009 - 17:41

Do you have two listeners? One for inbound traffic (e.g. originating from the Internet) and one four outbound traffic (e.g. originating from internal mailservers).

If you do, this would make it much easier to do. Internet traffic is generally considered Inbound Mail (e.g. Incoming listener) and internal traffic is considered Outbound Mail (e.g. Outgoing listener).

If you have this, then click on "Mail Policies > Outgoing Mail Policies". Have two policies.

1. Allowed Sender From Domains
2. Default Policy

On #1, add all the Sender From (mail from:) that you want to allow to relay and deliver.

For #2, set that to drop.

Let me know if you have any questions.

Jason Meyer Tue, 05/05/2009 - 15:24

This is something that I have been thinking about lately also... I work with roughly 16,000 mailboxes so I could easily add the domains to an outgoing policy to test for valid domains... but I think glecomte is asking how he can verify that actual FROM address is valid...

In my environment I have lots of web developers and application developers that like to setup scripts to send e-mails from non-existant domains, for the most part these e-mails go through, but if they send the e-mail TO a bad address it bounces back and sits on IronPort...

Any opinions on best ways to stop this? If I setup a filter to test for valid domain I will break the working e-mails... Currently I am monitoring the e-mail that gets stuck on my IronPort boxes and if I see a abnormaly high number I contact the originator of the e-mail and try to explain why sending e-mail FROM a valid address is important...

any thoughts/comments??

mychrislo_ironport Wed, 05/06/2009 - 06:23

Under the "RELAYED" policy, you can use the "Use Sender Verification Exception Table" to allow some bad "mail from" to get through...


This is something that I have been thinking about lately also...  I work with roughly 16,000 mailboxes so I could easily add the domains to an outgoing policy to test for valid domains...  but I think glecomte is asking how he can verify that actual FROM address is valid...

In my environment I have lots of web developers and application developers that like to setup scripts to send e-mails from non-existant domains, for the most part these e-mails go through, but if they send the e-mail TO a bad address it bounces back and sits on IronPort...

Any opinions on best ways to stop this? If I setup a filter to test for valid domain I will break the working e-mails... Currently I am monitoring the e-mail that gets stuck on my IronPort boxes and if I see a abnormaly high number I contact the originator of the e-mail and try to explain why sending e-mail FROM a valid address is important...

any thoughts/comments??
kyerramr Wed, 05/06/2009 - 06:32

If incoming connections from these app servers are made to match to an accept policy, perform a recipient validation (LDAP). This way message would be rejected at the conversation rather than bouncing after a delivery failure.

kyerramr Wed, 05/06/2009 - 06:36

Glecomte,

If you want to validate if mail from address belongs to a valid domain, user Sender Address verification.

Please elaborate if this isn't your requirement.

mychrislo_ironport Wed, 05/06/2009 - 07:30

There are practically 4 "meaning" of "valid mail from".

1. RFC822 (or 2822 whatever) compliant ( "My [email protected] is NOT)

2. a DNS query valid domain ([email protected] is NOT, but hotmail.com is valid)

3. a valid internal domain ([email protected] is NOT valid, [email protected] is _still_ valid)

4. a valid LDAP internal user ([email protected] is valid)

rvdwesten_ironport Wed, 05/06/2009 - 10:09

You can also use a group query for this, create a mail policy where the sender address must exist in a group and drop() all messages from the default outgoing mail policy.

Actions

This Discussion