Is it possible and if so how, does one block email from specific countries?
This thread was automatically locked due to age.
Is it possible and if so how, does one block email from specific countries?
The short answer is, no the appliance uses rbl, dns and other email specific methods to establish reputation.
A firewall product such as a UTM supports geoip lookups.
however creative rules could block mail by top level domain ie: drop everything from .ru or .info
Thanks
This customer, does have Sophos XG (105), but preferred the SEA for email filtering etc. Have experimented with using both the XG and SEA for email, but different problems ensue trying to get both to work together.
What creative rules?
Something like this would work on the SEA.
keep in mind these work, but they are NOT supported. It is also recommended you do NOT set them to discard.. deleted mail is not recoverable.
You will need 2 rules, the first checks the DATA sender, the second checks the envelope sender. they are relentless and highly effective, be VERY careful when creating them
the following example will delete ALL mail from any .tv or .info domain as well as any mail that spoofs either of those domains. you can add as many as you like..
#1 : DATA rule checker
under configuration / policy / data control / inbound
add
rule type : messages matching specific words or phrases
enable advanced policy
next
rule config
next
message attributes
add
select Header from the drop down
name From (the capital F is important)
matches regular expression
value : .*@.*\.domain$
ie : .*@.*\.tv$ or .*@.*\.info$
apply
next
select users
next
main action:
quarantine / reason keyword (or delete)
next
next until rule description... give it a name and activate the rule
once you get dropped back to the rules listing make sure this rule is #1 in the list, click save order
#2 Envelope rule
under configuration / policy / data control / inbound
add
rule type : messages matching specific words or phrases
enable advanced policy
next
rule config
click on the regular expressions tab
.*
add
next
message attributes
next
select users{}
click on include sender
custom group add
**@**.tv
ie: **@**.info (enter each entry on its own line)
click add
main action:
quarantine for keyword (or delete)
next to the end
give it a name, activate the rule
once its saved move this rule directly under the previous rule and click save order.
have fun..