Cisco Ironport ESA配置拒收黑名单
安利一波,Ironport ESA确实是一款非常牛叉的邮件网关,功能详尽到令人发指。
比如我这个需求,要拒绝一个来源于后缀sina.com的邮件发件人往我们公司用户发送大量广告邮件,可以在上图Inbound处理流中好几个环节配置规则都可以达到效果。
但是官方论坛的大神们是建议用Content control,原帖链接如下:
https://community.cisco.com/t5/email-security/best-practice-to-blacklist-a-sender/td-p/3343921
Blocking an email at the connection level is certainly better, since it saves resources.
However, sender verification is DNS based and HAT Blacklist only accepts sending IP/hostname as entries. These do not provide you options to block a domain or email address specifically.Sender verification exception table is used to set exceptions for domains who you do not wish to run sender verification on, so that isn't used for blocking.To block a specific email address/domain you would always need message/content filters.
好吧,简单记录一下配置:
1、Mail Policies - Incoming Content Filters,新建一条Filter
再次吹一下,这里定义Condition和Action的界面,功能真的很强大。
条件规则支持通配符,比如我要禁用sender1@sina.com、sender2@sina.com、sender3@sina.com。。。
我可以合并在Envolope sender - Contains写上 sender*@sina.com
Action里,除了最终的Drop,我还添加了log,方便自己查阅拒收日志。
2、将filter应用到Incoming Mail Policies
Mail Policies - Incoming Policies,Default Policy那一行,Content Filter那一列的位置,点击进入配置。
在新增的Filter后面勾选上Enable即可。
当然,也可以不修改default policy,自行添加一条规则,只启用这条自定义的filter,放在Default Policy前面即可。
配置完,一定要记得右上角点击Commit Changes按钮使配置生效。
3、验证一下:
进入Monitor - Message Tracking,使用发件人地址过滤查阅邮件处理记录,显示已经因为这条filter而Drop.