asked on
Block invalid recipent on Exchange 2010
Is it possible to block email with invalid sender (with same email domain managed by our Exchange server) to come through the server on Exchange 2010 ? We don't have edge server setup in our Exchange organization ?
Thx
Thx
Exchange
Last Comment
AXISHK
ASKER
Incoming email first go to IMSVA (Trend Micro) and then to internal Exchange server.
We receive mails from invalid sender (from our domain) to our internal users. Check with Trend Micro and it seems that there is no way to check valid users within our mail domain. Hence, I start to think whether Exchange can handle it or not.
Thx
We receive mails from invalid sender (from our domain) to our internal users. Check with Trend Micro and it seems that there is no way to check valid users within our mail domain. Hence, I start to think whether Exchange can handle it or not.
Thx
I had one solution - GFI MailEssential - and this software had feature to check from: field in header of message and if it is our domain than it started ldap query for this e-mail address. If not found it bounce the message.
another idea is: if you will deliver messages from Exchange server to the Internet directly and not by IMSVA
you can block on IMSVA for inbound whole your domain.
another idea is: if you will deliver messages from Exchange server to the Internet directly and not by IMSVA
you can block on IMSVA for inbound whole your domain.
Recipient Filtering can be done by Exchange, you have to install the antispam agents.
However if email is delivered to Trend first, then doing recipient filtering at Exchange is too late. You need to do it at Trend. Look in the Trend product for recipient filtering - it might involve an LDAP connection instead. Recipient filtering should be done at the point of entry and no later.
However if email is delivered to Trend first, then doing recipient filtering at Exchange is too late. You need to do it at Trend. Look in the Trend product for recipient filtering - it might involve an LDAP connection instead. Recipient filtering should be done at the point of entry and no later.
ASKER
Thx, Check with Trend and they told me that we can't do this.
How to install antispam agent ? Is it free with Exchange 2010 ? Thx
How to install antispam agent ? Is it free with Exchange 2010 ? Thx
You cannot block *@your.domain on Trend ? If you can than send messages from Exchange directly to
the Internet and it will works. Or in Trend you can block send by *@your.domain and add to the whitelist
your Exchange server - important is order of antispam rules, the whitelisting must be first and sender black list
after. Then you do not need to change message flow on Exchange.
the Internet and it will works. Or in Trend you can block send by *@your.domain and add to the whitelist
your Exchange server - important is order of antispam rules, the whitelisting must be first and sender black list
after. Then you do not need to change message flow on Exchange.
ASKER
Sorry, I can't get your message how to configure it...
Sender with my home address from internet to Exchange should be blocked.
Internal users from Exchange to Internet should be allowed... Do you use IMSVA, any example for reference ?
Thx
Sender with my home address from internet to Exchange should be blocked.
Internal users from Exchange to Internet should be allowed... Do you use IMSVA, any example for reference ?
Thx
SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
here is IMSVA admin guide
http://docs.trendmicro.com/all/ent/imsva/v9.0/en-us/imsva_9.0_ag.pdf
page 11-7 - relay control - Reject unknown recipients - based on LDAP query
page 9-7 - Valid recipients/sender - here you can add Block sender list specified by domain
http://docs.trendmicro.com/all/ent/imsva/v9.0/en-us/imsva_9.0_ag.pdf
page 11-7 - relay control - Reject unknown recipients - based on LDAP query
page 9-7 - Valid recipients/sender - here you can add Block sender list specified by domain
ASKER
Actually, I need to block sender from internet to the gateway with my home domain but not a valid users. Any other domains can pass through providing that they pass the scan successfully.
Hence, the sender from internet can pass through IMSVA if
1. any domain (not my home domain) AND
2. my home domain + valid users in LDAP.
Still can't identify how to match these 2 criteria in the IMSVA.
Thx
Hence, the sender from internet can pass through IMSVA if
1. any domain (not my home domain) AND
2. my home domain + valid users in LDAP.
Still can't identify how to match these 2 criteria in the IMSVA.
Thx
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
For Cloud Pre-Filter policy, do I need to change anything on my MX record. ie point it to Cloud rather than my IMSVA in office ?
Thx
Thx
I don't know your real configuration of IMSVA. You MX record is now directed to your IMSVA ?
ASKER
Thx
and how are the bad messages delivered to your Exchange server if you do not have edge server ?
You can create SMTP virtual server responsible only for accepting messages from Internet
and here configure Sender filtering based on wildcard *@your.domain.