Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 2 replies
  • Subscribers 1 subscriber
  • Views 12829 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

External Messages from Internal Domain

astevens

What's the easiest way to block messages that appear to be sent from our domain but originate outside of our network? Can I just add our domain to the Block List? 

:57310


This thread was automatically locked due to age.
  • 0

    I opened a ticket on this very thing today.  I got this as the response:

    What To Do

    The Sophos Email Appliance will scan these e-mails for spam, according to your policy.  No special actions are necessary.  However, some administrators may wish to block these 'spoofed' e-mails by default.  Follow the instructions below:

    Remove from Allow List

    Make sure your own domain has not been incorrectly whitelisted as a sender address.  If necessary remove the domain from: Configuration | Policy | Allow/Block Lists | Allowed Hosts/Senders

    Add to Block List

    These steps will block the E-Mail when your domain name has been used in either:

    • The MAIL FROM sender in the SMTP conversation
    • The 'From' header in the email message

    Add the domain to:  Configuration | Policy | Allow/Block Lists | Block Lists | Blocked Hosts/Senders | Senders
    For example, add: @mydomain.tld

    Note, that global block lists only apply to mail from external hosts.  Outgoing mail will not be affected.

    Other considerations

    Before using this configuration in production, consider whether any legitimate senders need to spoof your domain name.  For example, an external web hosting solution may send you e-mails from postmaster@mydomain.tld.  These hosts must be exempt from the Anti-Spoofing rules using the Allowed Hosts option (Allowed Hosts/Senders take precedence over Blocked Hosts/Senders).

    You should also ensure your list of internal hosts is correctly configured, so outbound ail is not affected.  Enter the IP of any devices that are allowed to send outgoing e-mail in: Configuration | Routing | Internal Hosts

    I've now added the blacklist for senders and we'll see how it goes.

    :57317
  • 0

    Thanks. I did that and it seems to be working. We use Constant Contact for marketing so may run into an issue with those messages. I whitelisted constant contact's IPs but I'm unclear on whether the allow list or block list takes precedence.

    I had to laugh at their "No special actions are necessary." comment. We have everything setup according to Sophos recomendations and had a spoofed message with a link to a virus come through on day 1 after cutting over. 

    :57377
Unfiltered HTML