Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 3 replies
  • Answers 1 answer
  • Subscribers 3 subscribers
  • Views 7193 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Is it possible to redirect an incoming email back to the sender?

CraigLloyd

I have a requirement to block email coming from a specific sender domain e.g. @domain.com and send it back to the senders address.

Is this possible in the Sophos SEA?

I've looked at the Allow/Block lists but there is only the option to Discard or Quarantine the incoming mail by Sender Domain.

I have also briefly explored the Additional Policy section but I'm unsure of how to achieve this.

Any help appreciated.

Thanks,

Craig



This thread was automatically locked due to age.
Parents
  • 0

    Hello Craig,

    I'm not a SEA expert, but wouldn't this facilitate backscatter attacks on @domain.com?

    Christian

  • 0 in reply to QC

    Hi Christian,

    Ah yes I hadn't thought of it from this perspective.

    Maybe then reject the email instead, at least they would know it hasn't been delivered.

    Currently only Discard and Quarantine are options for blocking at a Sender Domain level.

    Thanks for your input!

    Craig

  • 0 in reply to CraigLloyd

    not recommended..

     

    but

     

    additional policy, Hostname/IP address list

    click advanced and next and next

    under message attributes pick ip address is.

    main action quarantine

    under additional actions

    notify sender , add appropriate information.  

    name it save it etc.

     

    under additional actions you can also use the "reject" function (ie reject the message if it hits PHI)  this would bound the message to the sender without re-trying it.

     

    or if its a domain.. under "include recipients" 

    custom group. 

    name@mydomain.com

    or

    **@mydomain.com

     

    this will quarantine the original message and send a notification back to the sender.  Otherwise your best option is to drop the connection and not respond.

Reply
  • 0 in reply to CraigLloyd

    not recommended..

     

    but

     

    additional policy, Hostname/IP address list

    click advanced and next and next

    under message attributes pick ip address is.

    main action quarantine

    under additional actions

    notify sender , add appropriate information.  

    name it save it etc.

     

    under additional actions you can also use the "reject" function (ie reject the message if it hits PHI)  this would bound the message to the sender without re-trying it.

     

    or if its a domain.. under "include recipients" 

    custom group. 

    name@mydomain.com

    or

    **@mydomain.com

     

    this will quarantine the original message and send a notification back to the sender.  Otherwise your best option is to drop the connection and not respond.

Children
No Data
Unfiltered HTML