Solved

How to Block Top Level Domain with Sonicwall

Posted on 2015-02-03
17
839 Views
Last Modified: 2015-03-22
What Network Objects and/or Firewall Rules could I use (or would I have to create) to block an entire top level domain with my Sonicwall?  We have no need to communicate with anyone not on a .com, .net, or .org domain and the spammers have been finding ingenious ways to bug the hell out of me from their .us, .in, .info, .biz, etc. domains.  I'd like to block all of these newer top level domains in a relatively easy fashion.  It's extreme yes, but I'm up against the clock.  Thanks in advance!
0
Comment
Question by:Mister Porsche GT3
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 6
  • 2
  • +1
17 Comments
 
LVL 14

Expert Comment

by:John-Charles-Herzberg
ID: 40587200
This is how it did it on our Sonicwall NSA E5500

The top level domains can be blocked by adding them to the keywords blocking section. Browse to Security Services>Content Filter and then click configure. Then click on the custom list tab. Under the Keyword Blocking add the top level domain which would be blocked. Examples are .com, .net, .biz, .info, etc. Be sure to include the dot/period
0
 
LVL 14

Expert Comment

by:John-Charles-Herzberg
ID: 40587204
Attached is a image of the screen I used.
Screen.jpg
0
 

Author Comment

by:Mister Porsche GT3
ID: 40587212
Thanks John, but I neglected to mention that this is incoming traffic.  If I'm not mistaken, CFS is only to limit my employees from going to these sites correct?  I'm basically looking for a solution to block ALL emails coming from any domain EXCEPT .com, .net, and .org.
0
Will You Be GDPR Compliant by 5/28/2018?

GDPR? That's a regulation for the European Union. But, if you collect data from customers or employees within the EU, then you need to know about GDPR and make sure your organization is compliant by May 2018. Check out our preparation checklist to make sure you're on track today!

 
LVL 37

Expert Comment

by:bbao
ID: 40622466
@Mister Porsche GT3

you are right, CFS applies to web access only which means you can't use this way to filter general IP traffic this way, including email traffic.

unfortunately, the objects in SonicWALL must be IP addresses in numbers, hence domain based filter won't be applicable to SonicWALL objects. therefore your requirement CANNOT be fulfilled by your SonicWALL whatever it is running Standard or Enhanced version.

what you expect can be done by setting up your own DNS server which will be handling all your outgoing DNS requests against all domains. you may simply configure this DNS server to resolve ALL unwanted top domains (actually ANY unwanted domain) itself instead of forwarding the requests to up-level DNS server on the Internet (this is for allowed domains).

simply resolve these unwanted domain to 0.0.0.0 or an unused INTERNAL address, then all traffic to these domains will become nothing, never be accessible. sounds like what you need?

this method applies to all outgoing traffic, including ANY email traffic, so the spam links to the unwanted domains will be NEVER valid again.

does it make sense?
0
 
LVL 39

Expert Comment

by:Aaron Tomosky
ID: 40622532
inckming traffic to the sonicwall is only an ip. DNS is for outgoing only. You can make address objects and they work for both in and out, but their star only goes one level deep. So *.biz won't block a.bad.biz

Any chance you are concerned about email, not web access? What are these "spammers" actually hitting on your network to bother you?
0
 

Author Comment

by:Mister Porsche GT3
ID: 40633172
Aaron,

Yes, the concern is strictly regarding email traffic.  My employees don't actively seek them out.  Unfortunately, I am a member of a few organizations that blast out your email address "as a favor" to everyone else on their lists once you join their organization.  Once that happens, you get passed around quickly and some of those folks might even have viruses that bombard you.  To make a long story short...we're getting 2000+ emails a day that are complete garbage and seem to have found their way around Sonicwall's paid SPAM washing service.  Most of the emails are from junk domains like .biz, .us, .info, .adv, etc.
0
 

Author Comment

by:Mister Porsche GT3
ID: 40633187
bbao,

I'm not worried about my employees following the phishing links to the incoming SPAM.  I just don't want to receive the SPAM at all.  So I'd like to block ALL incoming email except from the three top level domains.  Drastic I know, but I have interest talking to anyone but a few folks who don't have a URL in the top three.  For those few I can add them to a white list.
0
 
LVL 39

Expert Comment

by:Aaron Tomosky
ID: 40633426
Alright now we are getting somewhere. What's your email server?
0
 

Author Comment

by:Mister Porsche GT3
ID: 40633464
Exchange 2013 with DAG
0
 
LVL 39

Expert Comment

by:Aaron Tomosky
ID: 40668441
yeah, that's super easy to block right in exchange
https://technet.microsoft.com/en-us/library/bb124354%28v=exchg.150%29.aspx
0
 

Author Comment

by:Mister Porsche GT3
ID: 40668471
Aaron,

We tried this, but the MAIL FROM header is too easily spoofed.  I tried blocking *.info for example in Exchange and kept getting emails from 5686873493@gmail.com (which is nearly impossible to block of course because they just increment the number and keep sending).  I'd like to figure out a way to block *.info while still performing something similar to a reverse DNS lookup.  I know you can use SPF records, but not everyone uses them and it's an "all or nothing" rule for blocking so even that is not a viable solution.
0
 
LVL 39

Accepted Solution

by:
Aaron Tomosky earned 500 total points
ID: 40668509
Hence the existence of services you can pass your mail through. It's a never ending battle, but if you can knock out the majority of things, end users will have less to deal with.
0
 

Author Comment

by:Mister Porsche GT3
ID: 40681222
Aaron,

I'll go ahead and give you the credit even though I'm still looking for an answer.  We have the Sonicwall SPAM washing subscription and it is useless.  I won't be renewing it.  Is Barracuda any better?
0
 
LVL 39

Expert Comment

by:Aaron Tomosky
ID: 40681232
Never used barracuda, I think they are all beefy appliances, good reputation though. I've worked with a few larger orgs that use them and they seem powerful.

Do you really want to host your own? Have you looked at comodo or one of the other cloud services?
0
 

Author Comment

by:Mister Porsche GT3
ID: 40681249
Unfortunately, a full cloud service is not an option.  Let's just say my customer is rather private...  ;-)
0
 
LVL 39

Expert Comment

by:Aaron Tomosky
ID: 40681315
Best reason there is to run your own mail server.

As I don't have experience with any of them I won't mention any by name. Search for self hosted exchange spam filter and you will find lots of options
0

Featured Post

Will You Be GDPR Compliant by 5/28/2018?

GDPR? That's a regulation for the European Union. But, if you collect data from customers or employees within the EU, then you need to know about GDPR and make sure your organization is compliant by May 2018. Check out our preparation checklist to make sure you're on track today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Direct Access 2012R2 Two Network Card Configuration Behind TMG 2010 3 109
Cisco ASA 5516-X Configuration 4 179
Palo Alto site-to-site vpn monitoring 5 64
NAT on Fortigate 2 39
Network traffic routing plays key role in your network, if you have single site with heavy browsing or multiple sites, replicating important application data from your Primary Default Gateway ,you have to route your other network traffic from your p…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
In an interesting question (https://www.experts-exchange.com/questions/29008360/) here at Experts Exchange, a member asked how to split a single image into multiple images. The primary usage for this is to place many photographs on a flatbed scanner…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question