How to Block Top Level Domain with Sonicwall

What Network Objects and/or Firewall Rules could I use (or would I have to create) to block an entire top level domain with my Sonicwall?  We have no need to communicate with anyone not on a .com, .net, or .org domain and the spammers have been finding ingenious ways to bug the hell out of me from their .us, .in, .info, .biz, etc. domains.  I'd like to block all of these newer top level domains in a relatively easy fashion.  It's extreme yes, but I'm up against the clock.  Thanks in advance!
Mister Porsche GT3Asked:
Who is Participating?
 
Aaron TomoskySD-WAN SimplifiedCommented:
Hence the existence of services you can pass your mail through. It's a never ending battle, but if you can knock out the majority of things, end users will have less to deal with.
0
 
John-Charles-HerzbergCommented:
This is how it did it on our Sonicwall NSA E5500

The top level domains can be blocked by adding them to the keywords blocking section. Browse to Security Services>Content Filter and then click configure. Then click on the custom list tab. Under the Keyword Blocking add the top level domain which would be blocked. Examples are .com, .net, .biz, .info, etc. Be sure to include the dot/period
0
 
John-Charles-HerzbergCommented:
Attached is a image of the screen I used.
Screen.jpg
0
KuppingerCole Reviews AlgoSec in Executive Report

Leading analyst firm, KuppingerCole reviews AlgoSec's Security Policy Management Solution, and the security challenges faced by companies today in their Executive View report.

 
Mister Porsche GT3Author Commented:
Thanks John, but I neglected to mention that this is incoming traffic.  If I'm not mistaken, CFS is only to limit my employees from going to these sites correct?  I'm basically looking for a solution to block ALL emails coming from any domain EXCEPT .com, .net, and .org.
0
 
bbaoIT ConsultantCommented:
@Mister Porsche GT3

you are right, CFS applies to web access only which means you can't use this way to filter general IP traffic this way, including email traffic.

unfortunately, the objects in SonicWALL must be IP addresses in numbers, hence domain based filter won't be applicable to SonicWALL objects. therefore your requirement CANNOT be fulfilled by your SonicWALL whatever it is running Standard or Enhanced version.

what you expect can be done by setting up your own DNS server which will be handling all your outgoing DNS requests against all domains. you may simply configure this DNS server to resolve ALL unwanted top domains (actually ANY unwanted domain) itself instead of forwarding the requests to up-level DNS server on the Internet (this is for allowed domains).

simply resolve these unwanted domain to 0.0.0.0 or an unused INTERNAL address, then all traffic to these domains will become nothing, never be accessible. sounds like what you need?

this method applies to all outgoing traffic, including ANY email traffic, so the spam links to the unwanted domains will be NEVER valid again.

does it make sense?
0
 
Aaron TomoskySD-WAN SimplifiedCommented:
inckming traffic to the sonicwall is only an ip. DNS is for outgoing only. You can make address objects and they work for both in and out, but their star only goes one level deep. So *.biz won't block a.bad.biz

Any chance you are concerned about email, not web access? What are these "spammers" actually hitting on your network to bother you?
0
 
Mister Porsche GT3Author Commented:
Aaron,

Yes, the concern is strictly regarding email traffic.  My employees don't actively seek them out.  Unfortunately, I am a member of a few organizations that blast out your email address "as a favor" to everyone else on their lists once you join their organization.  Once that happens, you get passed around quickly and some of those folks might even have viruses that bombard you.  To make a long story short...we're getting 2000+ emails a day that are complete garbage and seem to have found their way around Sonicwall's paid SPAM washing service.  Most of the emails are from junk domains like .biz, .us, .info, .adv, etc.
0
 
Mister Porsche GT3Author Commented:
bbao,

I'm not worried about my employees following the phishing links to the incoming SPAM.  I just don't want to receive the SPAM at all.  So I'd like to block ALL incoming email except from the three top level domains.  Drastic I know, but I have interest talking to anyone but a few folks who don't have a URL in the top three.  For those few I can add them to a white list.
0
 
Aaron TomoskySD-WAN SimplifiedCommented:
Alright now we are getting somewhere. What's your email server?
0
 
Mister Porsche GT3Author Commented:
Exchange 2013 with DAG
0
 
Aaron TomoskySD-WAN SimplifiedCommented:
yeah, that's super easy to block right in exchange
https://technet.microsoft.com/en-us/library/bb124354%28v=exchg.150%29.aspx
0
 
Mister Porsche GT3Author Commented:
Aaron,

We tried this, but the MAIL FROM header is too easily spoofed.  I tried blocking *.info for example in Exchange and kept getting emails from 5686873493@gmail.com (which is nearly impossible to block of course because they just increment the number and keep sending).  I'd like to figure out a way to block *.info while still performing something similar to a reverse DNS lookup.  I know you can use SPF records, but not everyone uses them and it's an "all or nothing" rule for blocking so even that is not a viable solution.
0
 
Mister Porsche GT3Author Commented:
Aaron,

I'll go ahead and give you the credit even though I'm still looking for an answer.  We have the Sonicwall SPAM washing subscription and it is useless.  I won't be renewing it.  Is Barracuda any better?
0
 
Aaron TomoskySD-WAN SimplifiedCommented:
Never used barracuda, I think they are all beefy appliances, good reputation though. I've worked with a few larger orgs that use them and they seem powerful.

Do you really want to host your own? Have you looked at comodo or one of the other cloud services?
0
 
Mister Porsche GT3Author Commented:
Unfortunately, a full cloud service is not an option.  Let's just say my customer is rather private...  ;-)
0
 
Aaron TomoskySD-WAN SimplifiedCommented:
Best reason there is to run your own mail server.

As I don't have experience with any of them I won't mention any by name. Search for self hosted exchange spam filter and you will find lots of options
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.