This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

don't allow email from your own domain

I'm getting email coming in from my domain to my domain from the "untrusted" side and I'm not quite sure how to block it with the SMTP settings.  I've searched and I'm not seeing a real sure fire way to do this.  With other firewalls I've seen this blocked by default.  Still fairly new to UTM.  Any help is greatly appreciated.

 

Justin Beeler



This thread was automatically locked due to age.
  • I think what you're looking for is setting up an SPF-record in DNS. This is a special TXT record which looks like:

     

    v=spf1 a mx ip4:a.b.c.d -all

    This example configures that only any a-records, mx-records or the IP address a.b.c.d may send mail coming from your dns-domain name. All others will be hard failed (-all).

    You can add more IP-addresses or remove anything from it to further customize it. Benefit is that some external sources that also do an SPF-check will also hardfail mail coming from your domain if it's not coming from any of the preconfigured sources.


    Managing several Sophos firewalls both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

  • Hi Justin,

    as  stated, SPF is one possibility. Consider that you need to add all ip addresses of systems, that are sending mails with your domain name.

     

    But a simple solution for you could be to add your email domain like "*@yourdomain.com" to the blacklist pattern in UTM Antispam section. I have also done this for our domain, exactly for these type of mails originating from external. But you need to think about this, if there are any side effects. So you need to consider, if you have any valid mails with your domain coming from external. For example sometimes newsletters come with your own domain or different servers. I think the problem is, that you cannot create a blacklist exception in utm.

     

    Regards,

    Sebastian

  • The problem with both of these options is that they look at the internal envelope-from name, not the "from" information seen by tbe user.  I don't think there is any way to filter the latter "from" information.