cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1912
Views
0
Helpful
4
Replies

Drop emails from outside with my own domain

andre.ortega
Spotlight
Spotlight

Hello there,

I´d like to avoid that users from my company receive emails from outside with my own domain.

For example, my domain is acme.com, so if a email like john@acme.com arrive from outside the ESA must drop/discart/quarentena it.

How could I do that?

Regards.

2 Accepted Solutions

Accepted Solutions

Valter Da Costa
Cisco Employee
Cisco Employee

Hello Andre,

Please refer to the following KB article:

How do I stop people from spoofing mail from my domain?

Knowledge Base Answer ID: 115

http://tools.cisco.com/squish/D5D5E

You could change the action

  • insert-header("Subject", "$Subject {Possibly Forged}");

to

  • quarantine("Policy");

for instance, if you want to send the spoofed message to the Policy Quarantine.

Or you could simply add the quarantine action. This would send the message with the tag "{Possibly Forged}" at the end of the original Subject of the message.

I hope this helps. If so, please make sure you mark this question as answered.

Regards,

-Valter

View solution in original post

You are welcome, Andre.

The article is pretty much describing a message filter, which you can only configure via CLI. Please refer to this other article on how to configure a new message filter.

How do I add a new message filter to my Cisco IronPort Appliance?

Knowledge Base Answer ID: 275

http://tools.cisco.com/squish/f65CA

You could also configure this as content filter tough.

This last article will provide further information about the differences between message and content filters.

What is the difference between message filters and content filters?

Knowledge Base Answer ID: 24

http://tools.cisco.com/squish/1B961

I hope this helps.

-Valter

View solution in original post

4 Replies 4

Valter Da Costa
Cisco Employee
Cisco Employee

Hello Andre,

Please refer to the following KB article:

How do I stop people from spoofing mail from my domain?

Knowledge Base Answer ID: 115

http://tools.cisco.com/squish/D5D5E

You could change the action

  • insert-header("Subject", "$Subject {Possibly Forged}");

to

  • quarantine("Policy");

for instance, if you want to send the spoofed message to the Policy Quarantine.

Or you could simply add the quarantine action. This would send the message with the tag "{Possibly Forged}" at the end of the original Subject of the message.

I hope this helps. If so, please make sure you mark this question as answered.

Regards,

-Valter

Thanks Valter,

but for my understanding, should I create it as a content filter? or should I apply this script? Where?

You are welcome, Andre.

The article is pretty much describing a message filter, which you can only configure via CLI. Please refer to this other article on how to configure a new message filter.

How do I add a new message filter to my Cisco IronPort Appliance?

Knowledge Base Answer ID: 275

http://tools.cisco.com/squish/f65CA

You could also configure this as content filter tough.

This last article will provide further information about the differences between message and content filters.

What is the difference between message filters and content filters?

Knowledge Base Answer ID: 24

http://tools.cisco.com/squish/1B961

I hope this helps.

-Valter

Ok,

thanks one more time.

I´ll try to do this config.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: