Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 13 replies
  • Subscribers 1 subscriber
  • Views 12164 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Completely Block Mail from Internal Domain

despich
For our Company Domain (petroleumtraders.com) all our users send emails from Inside the firewall. So we know any email that comes from outside the firewall with that as a sending address is fake. So we have a *@petroleumtraders.com Address pattern added to the Sender BlackList section of the AntiSpam tab on our email protection. 

But today one of our Vice Presidents got a fake email that appeared to be from the owners address complete with a @petroleumtraders.com address. Luckily it looked a little suspicious because it was a wire transfer request.

After inspecting the email I found in the header that the X-Sender was a external address and the From header was a @petroleumtraders.com and the Reply-To, Return-Path were also a external address. 

So I guess the Sender blacklist does not block the "envelope-from" address?

How can I block these so internal users can't be tricked?

Dan


This thread was automatically locked due to age.
Parents
  • 0
    Would a users Whitelist override the Blacklisted address patterns we have setup on the Antispam setup?

    I believe the personal lists trump the general lists, Dan, as well as most if not all of the other anti-spam tools, but I don't recall seeing that written explicitly.  I'll be interested to know the result of your investigation.

    Cheers - Bob
    PS If you would like for me to look at your DKIM setup in public DNS, send an email to my member name here @ the domain in my signature.
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0
    Would a users Whitelist override the Blacklisted address patterns we have setup on the Antispam setup?

    I believe the personal lists trump the general lists, Dan, as well as most if not all of the other anti-spam tools, but I don't recall seeing that written explicitly.  I'll be interested to know the result of your investigation.

    Cheers - Bob
    PS If you would like for me to look at your DKIM setup in public DNS, send an email to my member name here @ the domain in my signature.
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data
Unfiltered HTML