This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

External Messages from Internal Domain

What's the easiest way to block messages that appear to be sent from our domain but originate outside of our network? Can I just add our domain to the Block List? 

:57310


This thread was automatically locked due to age.
Parents
  • I opened a ticket on this very thing today.  I got this as the response:

    What To Do

    The Sophos Email Appliance will scan these e-mails for spam, according to your policy.  No special actions are necessary.  However, some administrators may wish to block these 'spoofed' e-mails by default.  Follow the instructions below:

    Remove from Allow List

    Make sure your own domain has not been incorrectly whitelisted as a sender address.  If necessary remove the domain from: Configuration | Policy | Allow/Block Lists | Allowed Hosts/Senders

    Add to Block List

    These steps will block the E-Mail when your domain name has been used in either:

    • The MAIL FROM sender in the SMTP conversation
    • The 'From' header in the email message

    Add the domain to:  Configuration | Policy | Allow/Block Lists | Block Lists | Blocked Hosts/Senders | Senders
    For example, add: @mydomain.tld

    Note, that global block lists only apply to mail from external hosts.  Outgoing mail will not be affected.

    Other considerations

    Before using this configuration in production, consider whether any legitimate senders need to spoof your domain name.  For example, an external web hosting solution may send you e-mails from postmaster@mydomain.tld.  These hosts must be exempt from the Anti-Spoofing rules using the Allowed Hosts option (Allowed Hosts/Senders take precedence over Blocked Hosts/Senders).

    You should also ensure your list of internal hosts is correctly configured, so outbound ail is not affected.  Enter the IP of any devices that are allowed to send outgoing e-mail in: Configuration | Routing | Internal Hosts

    I've now added the blacklist for senders and we'll see how it goes.

    :57317
Reply
  • I opened a ticket on this very thing today.  I got this as the response:

    What To Do

    The Sophos Email Appliance will scan these e-mails for spam, according to your policy.  No special actions are necessary.  However, some administrators may wish to block these 'spoofed' e-mails by default.  Follow the instructions below:

    Remove from Allow List

    Make sure your own domain has not been incorrectly whitelisted as a sender address.  If necessary remove the domain from: Configuration | Policy | Allow/Block Lists | Allowed Hosts/Senders

    Add to Block List

    These steps will block the E-Mail when your domain name has been used in either:

    • The MAIL FROM sender in the SMTP conversation
    • The 'From' header in the email message

    Add the domain to:  Configuration | Policy | Allow/Block Lists | Block Lists | Blocked Hosts/Senders | Senders
    For example, add: @mydomain.tld

    Note, that global block lists only apply to mail from external hosts.  Outgoing mail will not be affected.

    Other considerations

    Before using this configuration in production, consider whether any legitimate senders need to spoof your domain name.  For example, an external web hosting solution may send you e-mails from postmaster@mydomain.tld.  These hosts must be exempt from the Anti-Spoofing rules using the Allowed Hosts option (Allowed Hosts/Senders take precedence over Blocked Hosts/Senders).

    You should also ensure your list of internal hosts is correctly configured, so outbound ail is not affected.  Enter the IP of any devices that are allowed to send outgoing e-mail in: Configuration | Routing | Internal Hosts

    I've now added the blacklist for senders and we'll see how it goes.

    :57317
Children
No Data