I understand that you want mail to be rejected for all but 2 Recipient users/domains. You also want to declare the users/domains via a Filter instead of in the RAT. This is not recommended, here is why:
- If you set the RAT to 'All Other Recipients' to 'Accept', other hosts may believe the ESA is an 'Open Relay' and may refuse mail from its IP.
- Bouncing mail after acceptance can cause 'backscatter' emails. This is where a mail server redistributes spam via bounces and it will cause some hosts to reject your mail.
- If done incorrectly, can cause valid mail to bounce.
- If done incorrectly, can make your ESA an Open Relay that can be abused by others.
--- If you still wish to proceed knowing that the above risks, here are the high-level steps:
1) Set 'All Other Recipients' to 'Accept' in RAT
2) Create a new Incoming Mail Policy - Add the valid users and/or domains to this new Policy
4) Disable all scanning on Default Incoming Mail Policy
5) Apply the new Filter to the Default Incoming Mail Policy
6) Verify that the new Incoming Mail Policy has appropriate scanning enabled ---
This method works by accepting all mail sent to the ESA, even if it is for a domain you do not control or for an invalid recipient for a domain you do control. When the messages reach the Incoming Mail Policies, valid recipients will match on the new Policy while every other address matches the Default Incoming Mail Policy. Using the Policies in this way is required so that the message is 'splintered' before processing through most scanning features. Now only users/domain that do not match your new Policy will be Bounced by the Content Filter.
Again, I wish to stress that I do _not_ recommend this approach: it is far safer to simply list the valid users or domains directly in the RAT.
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin...
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...