cancel
Showing results for 
Search instead for 
Did you mean: 

How can I delete all incoming email where the receipient does not have a mailbox?

I am running Exchange 2003 on a Windows 2003 server. I have just upgraded to from GroupShield 6 to 7. I want to be able to trap and delete all incoming messages that are not legitimately addressed to a user who has a mailbox in exchange.

In GS 6 I did find a way of doing this (I seem to recall it was quite tricky to set up) but, as yet, have been unable to achive this in GS7.

Would be grateful for any pointers.

5 Replies
McAfee Employee tlange
McAfee Employee
Report Inappropriate Content
Message 2 of 6

Re: How can I delete all incoming email where the receipient does not have a mailbox?

open the ges gui and click policy manager on the left hand side

click shared resources and select the filter rules tab

click new category and give it a name

click create new and give that a name and a description (optional)

check the Add this rule....

under the word or phrase tab type in the smtp address that you want to block.  example: user@domain.com

select ignore case and starts a longer phrase.....

click save

under the filter rules select that new rule and click edit and then edit again.

select file format tab and uncheck "everything"

select e-mail messages and on the right side select recipients

click save and apply

then select On-access \ master policy \ content scanning

click add rule and add the rule you just created and chose to delete the message

save and apply

this will then look at all the emails coming in and when it finds an email with the recipient in the to field that matches it will delete the email.

if you find that some emails get through then change the rule to use wild cards and change the email address to look like this

*user@domain.com

Re: How can I delete all incoming email where the receipient does not have a mailbox?

Thanks for this - after many attempts I have finally got this working such that emails to a particular named receipient address are being deleted.

However, my ultimate goal is that every incoming email for which there is no equivalent mailbox (or maybe that there is no User of that name in AD) gets deleted.

I am sure I got this set up under GSE6 - but that was some years ago now.

Highlighted
McAfee Employee tlange
McAfee Employee
Report Inappropriate Content
Message 4 of 6

Re: How can I delete all incoming email where the receipient does not have a mailbox?

if the users are no longer part of any ad group you could change up the rule to check for that instead of looking at the smtp address.  it would be the recipient is not part of any ad group rule.  the rules that are in gse 7 are the same ones that were in 6.0x.  this would have been the only way to do it in the previous version.

dsachs
Level 7
Report Inappropriate Content
Message 5 of 6

Re: How can I delete all incoming email where the receipient does not have a mailbox?

Hi,

I've been tasked/asked to find a way to stop NDR from being sent out in response to spearfishing attempts.  It seems that you need to know who the sender is (unless I misinterpreted the directions)

under the word or phrase tab type in the smtp address that you want to block.  example: user@domain.com

Do you have any suggestions?

Reliable Contributor Aidan
Reliable Contributor
Report Inappropriate Content
Message 6 of 6

Re: How can I delete all incoming email where the receipient does not have a mailbox?

Well as TLange mentioned above you are using a recipient address as the content trigger.

If you are using the AntiSpam component - Ensure the High  Spam Score configuration is set to "delete".

   

Then you could use the "Blaclist to" and/or "Blacklist from"  lists these will add score 5000 to mails so they would get treated as "High" setting therefore, as above, they would get deleted.  Wouldn't use reject.

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community