Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 

Drop emails from outside with my own domain

Hello there,

I´d like to avoid that users from my company receive emails from outside with my own domain.

For example, my domain is acme.com, so if a email like john@acme.com arrive from outside the ESA must drop/discart/quarentena it.

How could I do that?

Regards.

Everyone's tags (4)
2 ACCEPTED SOLUTIONS

Accepted Solutions

Drop emails from outside with my own domain

Hello Andre,

Please refer to the following KB article:

How do I stop people from spoofing mail from my domain?

Knowledge Base Answer ID: 115

http://tools.cisco.com/squish/D5D5E

You could change the action

  • insert-header("Subject", "$Subject {Possibly Forged}");

to

  • quarantine("Policy");

for instance, if you want to send the spoofed message to the Policy Quarantine.

Or you could simply add the quarantine action. This would send the message with the tag "{Possibly Forged}" at the end of the original Subject of the message.

I hope this helps. If so, please make sure you mark this question as answered.

Regards,

-Valter

Drop emails from outside with my own domain

You are welcome, Andre.

The article is pretty much describing a message filter, which you can only configure via CLI. Please refer to this other article on how to configure a new message filter.

How do I add a new message filter to my Cisco IronPort Appliance?

Knowledge Base Answer ID: 275

http://tools.cisco.com/squish/f65CA

You could also configure this as content filter tough.

This last article will provide further information about the differences between message and content filters.

What is the difference between message filters and content filters?

Knowledge Base Answer ID: 24

http://tools.cisco.com/squish/1B961

I hope this helps.

-Valter

4 REPLIES

Drop emails from outside with my own domain

Hello Andre,

Please refer to the following KB article:

How do I stop people from spoofing mail from my domain?

Knowledge Base Answer ID: 115

http://tools.cisco.com/squish/D5D5E

You could change the action

  • insert-header("Subject", "$Subject {Possibly Forged}");

to

  • quarantine("Policy");

for instance, if you want to send the spoofed message to the Policy Quarantine.

Or you could simply add the quarantine action. This would send the message with the tag "{Possibly Forged}" at the end of the original Subject of the message.

I hope this helps. If so, please make sure you mark this question as answered.

Regards,

-Valter

Drop emails from outside with my own domain

Thanks Valter,

but for my understanding, should I create it as a content filter? or should I apply this script? Where?

Drop emails from outside with my own domain

You are welcome, Andre.

The article is pretty much describing a message filter, which you can only configure via CLI. Please refer to this other article on how to configure a new message filter.

How do I add a new message filter to my Cisco IronPort Appliance?

Knowledge Base Answer ID: 275

http://tools.cisco.com/squish/f65CA

You could also configure this as content filter tough.

This last article will provide further information about the differences between message and content filters.

What is the difference between message filters and content filters?

Knowledge Base Answer ID: 24

http://tools.cisco.com/squish/1B961

I hope this helps.

-Valter

Drop emails from outside with my own domain

Ok,

thanks one more time.

I´ll try to do this config.

883
Views
0
Helpful
4
Replies
CreatePlease login to create content