This customer, does have Sophos XG (105), but preferred the SEA for email filtering etc. Have experimented with using both the XG and SEA for email, but different problems ensue trying to get both to work together.
keep in mind these work, but they are NOT supported. It is also recommended you do NOT set them to discard.. deleted mail is not recoverable.
You will need 2 rules, the first checks the DATA sender, the second checks the envelope sender. they are relentless and highly effective, be VERY careful when creating them
the following example will delete ALL mail from any .tv or .info domain as well as any mail that spoofs either of those domains. you can add as many as you like..
#1 : DATA rule checker
under configuration / policy / data control / inbound add rule type : messages matching specific words or phrases enable advanced policy next rule config next message attributes add select Header from the drop down name From (the capital F is important) matches regular expression value : .*@.*\.domain$ ie : .*@.*\.tv$ or .*@.*\.info$ apply next select users next main action: quarantine / reason keyword (or delete) next next until rule description... give it a name and activate the rule
once you get dropped back to the rules listing make sure this rule is #1 in the list, click save order
#2 Envelope rule
under configuration / policy / data control / inbound add rule type : messages matching specific words or phrases enable advanced policy next rule config click on the regular expressions tab .* add next message attributes next select users{} click on include sender custom group add **@**.tv ie: **@**.info (enter each entry on its own line) click add main action: quarantine for keyword (or delete) next to the end give it a name, activate the rule once its saved move this rule directly under the previous rule and click save order.
