I use MIMEsweeper for SMTP from Clearswift and I can create policies to quarantine when mail comes from *...@mydomain - - -> *...@mydomain. I then go a step further as there are cases where some of our services at a colo send in a spoofed fashion that it triggers an allow action based on content. I can also block altogether through settings on what's called the receiver service when it finds spoofed emails. With that being said any chance there are options like that in your Symantec appliance?
Sean Donnelly IT Operations Manager tel. (781) 935-6020 x395 fax (781) 998-2682 Service Point USA Document, Print, and Information Management www.servicepointusa.com <http://www.servicepointusa.com/> From: Joe Heaton [mailto:jhea...@etp.ca.gov] Sent: Tuesday, February 17, 2009 1:30 PM To: MS-Exchange Admin Issues Subject: Incoming spoofed e-mail issue I'm getting users who are getting lots of mail in their inbox every morning that looks like it is coming from themselves. Looking at the headers, I see various actual senders, many coming from domains ending in .ru, or .pl, etc. Is there a way of blocking e-mails from these foreign domains? None of my users have legitimate business with anyone in Russia, or Poland, or any other foreign country. I tried setting this up under Sender Filtering, by putting the following in, for example: *...@*.pl Is there a different way of putting this in? I notice that the instructions for Sender Filtering says to block messages "claiming" to be from the following:, but these messages are actually "claiming" to be from the user, not what is actually in the header. Is there a different way of filtering these messages? There's nothing in the subject line that is keying the IMF, or my Symantec Mail Security for Microsoft Exchange. Joe Heaton AISA Employment Training Panel 1100 J Street, 4th Floor Sacramento, CA 95814 (916) 327-5276 jhea...@etp.ca.gov ********************************************************************************* This communication is confidential and may contain privileged information intended solely for the named addressee. It may not be used or disclosed except for the purpose for which it has been sent. If you are not the intended recipient, you may not copy or distribute this communication. Unless expressly stated, opinions in this message are those of the individual sender and not of Service Point USA. If you have received this communication in error, please notify Service Point USA by emailing postmas...@servicepointusa.com quoting the sender and delete the message and any attached documents. This footnote confirms that this email message has been swept by MIMEsweeper for Content Security threats, including computer viruses. Service Point USA 150 Presidential Way Ste 210 Woburn, MA 01801 www.servicepointusa.com ********************************************************************************* ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja ~