Cisco Cisco Email Security Appliance X1070 Information Guide
How do I blacklist or drop a sending domain using
Incoming Mail Policy and Content Filter?
Incoming Mail Policy and Content Filter?
Document ID: 118551
Contributed by Cisco TAC Engineers.
Oct 10, 2014
Contents
Introduction
How do I blacklist or drop a sending domain using Incoming Mail Policy and Content Filter?
How do I blacklist or drop a sending domain using Incoming Mail Policy and Content Filter?
Introduction
This document describes how to blacklist or drop a sending domain using Incoming Mail Policy and Content
Filter.
Filter.
How do I blacklist or drop a sending domain using
Incoming Mail Policy and Content Filter?
Incoming Mail Policy and Content Filter?
You cannot match a sender's email domain via the Blacklist Sender Group since it refers to the hostname or IP
address of the connecting server, not necessarily the sender's domain.
address of the connecting server, not necessarily the sender's domain.
To blacklist or drop the mail when you see a certain sender's email address or domain, you need to use a
combination of a new Incoming Mail Policy and Incoming Content Filter.
combination of a new Incoming Mail Policy and Incoming Content Filter.
From the Web GUI, choose Mail Policies > Incoming Mail Policy. Create a new Incoming Mail
Policy. You can label the policy, "Block−Sender−Domains." Select the "Sender" option and put in
the sender's email address or domain that you want to block. (e.g. user@example.com, user@,
@example.com, @.example.com)
Policy. You can label the policy, "Block−Sender−Domains." Select the "Sender" option and put in
the sender's email address or domain that you want to block. (e.g. user@example.com, user@,
@example.com, @.example.com)
1.
Submit and Commit Changes.
2.
Go back to Mail Policies > Incoming Mail Policy. You should now see an additional incoming mail
policy called "Block−Sender−Domain" that is above the Default Policy. All mail coming from this
sender's domain will be matching only this incoming mail policy.
policy called "Block−Sender−Domain" that is above the Default Policy. All mail coming from this
sender's domain will be matching only this incoming mail policy.
3.
Now create an incoming content filter that will drop the message. Choose Mail Policies > Incoming
Content Filter. Create a new filter called "Always_drop."
Content Filter. Create a new filter called "Always_drop."
4.
For the condition, leave this empty.
5.
For the action, set it to drop the message.
6.
Click Submit.
7.
After creating the incoming content filter, enable it on the correct incoming mail policy. Also, when
you were modifying the "Block−Sender−Domains" mail policy, you should disable the anti−spam,
anti−virus, and virus outbreak filters to not waste resources. So, for the "Block−Sender−Domains"
mail policy click on the anti−spam link and select Disable and Submit. Repeat for the anti−virus
scanning and outbreak filter. For the content filters, set it to Yes and enable the content filter that was
created in Step 4, "Always_drop."
you were modifying the "Block−Sender−Domains" mail policy, you should disable the anti−spam,
anti−virus, and virus outbreak filters to not waste resources. So, for the "Block−Sender−Domains"
mail policy click on the anti−spam link and select Disable and Submit. Repeat for the anti−virus
scanning and outbreak filter. For the content filters, set it to Yes and enable the content filter that was
created in Step 4, "Always_drop."
8.
Submit and Commit the changes.
9.