5 Replies Latest reply: Mar 14, 2013 3:58 AM by Aidan RSS

    How can I delete all incoming email where the receipient does not have a mailbox?

    Cheshire_Dan

      I am running Exchange 2003 on a Windows 2003 server. I have just upgraded to from GroupShield 6 to 7. I want to be able to trap and delete all incoming messages that are not legitimately addressed to a user who has a mailbox in exchange.

       

      In GS 6 I did find a way of doing this (I seem to recall it was quite tricky to set up) but, as yet, have been unable to achive this in GS7.

       

      Would be grateful for any pointers.

        • 1. Re: How can I delete all incoming email where the receipient does not have a mailbox?
          tlange

          open the ges gui and click policy manager on the left hand side

           

          click shared resources and select the filter rules tab

           

          click new category and give it a name

           

          click create new and give that a name and a description (optional)

           

          check the Add this rule....

           

          under the word or phrase tab type in the smtp address that you want to block.  example: user@domain.com

           

          select ignore case and starts a longer phrase.....

           

          click save

           

          under the filter rules select that new rule and click edit and then edit again.

           

          select file format tab and uncheck "everything"

           

          select e-mail messages and on the right side select recipients

           

          click save and apply

           

          then select On-access \ master policy \ content scanning

           

          click add rule and add the rule you just created and chose to delete the message

           

          save and apply

           

          this will then look at all the emails coming in and when it finds an email with the recipient in the to field that matches it will delete the email.

           

          if you find that some emails get through then change the rule to use wild cards and change the email address to look like this

           

          *user@domain.com

          • 2. Re: How can I delete all incoming email where the receipient does not have a mailbox?
            Cheshire_Dan

            Thanks for this - after many attempts I have finally got this working such that emails to a particular named receipient address are being deleted.

             

            However, my ultimate goal is that every incoming email for which there is no equivalent mailbox (or maybe that there is no User of that name in AD) gets deleted.

             

            I am sure I got this set up under GSE6 - but that was some years ago now.

            • 3. Re: How can I delete all incoming email where the receipient does not have a mailbox?
              tlange

              if the users are no longer part of any ad group you could change up the rule to check for that instead of looking at the smtp address.  it would be the recipient is not part of any ad group rule.  the rules that are in gse 7 are the same ones that were in 6.0x.  this would have been the only way to do it in the previous version.

              • 4. Re: How can I delete all incoming email where the receipient does not have a mailbox?
                dsachs

                Hi,

                 

                I've been tasked/asked to find a way to stop NDR from being sent out in response to spearfishing attempts.  It seems that you need to know who the sender is (unless I misinterpreted the directions)

                 

                under the word or phrase tab type in the smtp address that you want to block.  example: user@domain.com

                 

                Do you have any suggestions?

                • 5. Re: How can I delete all incoming email where the receipient does not have a mailbox?
                  Aidan

                  Well as TLange mentioned above you are using a recipient address as the content trigger.

                   

                  If you are using the AntiSpam component - Ensure the High  Spam Score configuration is set to "delete".

                     

                  Then you could use the "Blaclist to" and/or "Blacklist from"  lists these will add score 5000 to mails so they would get treated as "High" setting therefore, as above, they would get deleted.  Wouldn't use reject.