This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Country Specific blocking

Is it possible and if so how, does one block email from specific countries?



This thread was automatically locked due to age.
Parents
  • The short answer is, no the appliance uses rbl, dns and other email specific methods to establish reputation.   

    A firewall product such as a UTM supports geoip lookups.

     

    however creative rules could block mail by top level domain ie: drop everything from .ru or .info

  • Thanks

    This customer, does have Sophos XG (105), but preferred the SEA for email filtering etc. Have experimented with using both the XG and SEA for email, but different problems ensue trying to get both to work together.



    What creative rules?

  • Something like this would work on the SEA.

    keep in mind these work, but they are NOT supported.   It is also recommended you do NOT set them to discard.. deleted mail is not recoverable. 

     

    You will need 2 rules, the first checks the DATA sender, the second checks the envelope sender.   they are relentless and highly effective, be VERY careful when creating them 

     

    the following example will delete ALL mail from any .tv or .info domain as well as any mail that spoofs either of those domains.   you can add as many as you like..

     

    #1 : DATA rule checker

    under configuration / policy / data control / inbound
    add
    rule type : messages matching specific words or phrases
    enable advanced policy
    next
    rule config
    next
    message attributes
    add
    select Header from the drop down
    name From (the capital F is important)
    matches regular expression
    value : .*@.*\.domain$
    ie : .*@.*\.tv$ or .*@.*\.info$
    apply
    next
    select users
    next
    main action:
    quarantine / reason keyword (or delete)
    next
    next until rule description... give it a name and activate the rule

    once you get dropped back to the rules listing make sure this rule is #1 in the list, click save order

    #2 Envelope rule

    under configuration / policy / data control / inbound
    add
    rule type : messages matching specific words or phrases
    enable advanced policy
    next
    rule config
    click on the regular expressions tab
    .*
    add
    next
    message attributes
    next
    select users{}
    click on include sender
    custom group add
    **@**.tv 
    ie: **@**.info  (enter each entry on its own line)
    click add
    main action:
    quarantine for keyword (or delete)
    next to the end
    give it a name, activate the rule
    once its saved move this rule directly under the previous rule and click save order.

     

    have fun..

Reply
  • Something like this would work on the SEA.

    keep in mind these work, but they are NOT supported.   It is also recommended you do NOT set them to discard.. deleted mail is not recoverable. 

     

    You will need 2 rules, the first checks the DATA sender, the second checks the envelope sender.   they are relentless and highly effective, be VERY careful when creating them 

     

    the following example will delete ALL mail from any .tv or .info domain as well as any mail that spoofs either of those domains.   you can add as many as you like..

     

    #1 : DATA rule checker

    under configuration / policy / data control / inbound
    add
    rule type : messages matching specific words or phrases
    enable advanced policy
    next
    rule config
    next
    message attributes
    add
    select Header from the drop down
    name From (the capital F is important)
    matches regular expression
    value : .*@.*\.domain$
    ie : .*@.*\.tv$ or .*@.*\.info$
    apply
    next
    select users
    next
    main action:
    quarantine / reason keyword (or delete)
    next
    next until rule description... give it a name and activate the rule

    once you get dropped back to the rules listing make sure this rule is #1 in the list, click save order

    #2 Envelope rule

    under configuration / policy / data control / inbound
    add
    rule type : messages matching specific words or phrases
    enable advanced policy
    next
    rule config
    click on the regular expressions tab
    .*
    add
    next
    message attributes
    next
    select users{}
    click on include sender
    custom group add
    **@**.tv 
    ie: **@**.info  (enter each entry on its own line)
    click add
    main action:
    quarantine for keyword (or delete)
    next to the end
    give it a name, activate the rule
    once its saved move this rule directly under the previous rule and click save order.

     

    have fun..

Children
No Data