Skip navigation
McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
2772 Views 5 Replies Latest reply: Mar 14, 2013 3:58 AM by Aidan RSS
Cheshire_Dan Newcomer 8 posts since
Apr 16, 2010
Currently Being Moderated

Apr 16, 2010 3:37 AM

How can I delete all incoming email where the receipient does not have a mailbox?

I am running Exchange 2003 on a Windows 2003 server. I have just upgraded to from GroupShield 6 to 7. I want to be able to trap and delete all incoming messages that are not legitimately addressed to a user who has a mailbox in exchange.

 

In GS 6 I did find a way of doing this (I seem to recall it was quite tricky to set up) but, as yet, have been unable to achive this in GS7.

 

Would be grateful for any pointers.

  • tlange McAfee SME 344 posts since
    Nov 4, 2009

    open the ges gui and click policy manager on the left hand side

     

    click shared resources and select the filter rules tab

     

    click new category and give it a name

     

    click create new and give that a name and a description (optional)

     

    check the Add this rule....

     

    under the word or phrase tab type in the smtp address that you want to block.  example: user@domain.com

     

    select ignore case and starts a longer phrase.....

     

    click save

     

    under the filter rules select that new rule and click edit and then edit again.

     

    select file format tab and uncheck "everything"

     

    select e-mail messages and on the right side select recipients

     

    click save and apply

     

    then select On-access \ master policy \ content scanning

     

    click add rule and add the rule you just created and chose to delete the message

     

    save and apply

     

    this will then look at all the emails coming in and when it finds an email with the recipient in the to field that matches it will delete the email.

     

    if you find that some emails get through then change the rule to use wild cards and change the email address to look like this

     

    *user@domain.com

  • tlange McAfee SME 344 posts since
    Nov 4, 2009

    if the users are no longer part of any ad group you could change up the rule to check for that instead of looking at the smtp address.  it would be the recipient is not part of any ad group rule.  the rules that are in gse 7 are the same ones that were in 6.0x.  this would have been the only way to do it in the previous version.

  • dsachs Newcomer 1 posts since
    Jan 5, 2010

    Hi,

     

    I've been tasked/asked to find a way to stop NDR from being sent out in response to spearfishing attempts.  It seems that you need to know who the sender is (unless I misinterpreted the directions)

     

    under the word or phrase tab type in the smtp address that you want to block.  example: user@domain.com

     

    Do you have any suggestions?

  • Aidan McAfee SME 463 posts since
    Nov 4, 2009

    Well as TLange mentioned above you are using a recipient address as the content trigger.

     

    If you are using the AntiSpam component - Ensure the High  Spam Score configuration is set to "delete".

       

    Then you could use the "Blaclist to" and/or "Blacklist from"  lists these will add score 5000 to mails so they would get treated as "High" setting therefore, as above, they would get deleted.  Wouldn't use reject.

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • Correct Answers - 5 points
  • Helpful Answers - 3 points