spacer
Support - Platinum Support
tab end BCS Web Site divider MySupport divider Log Out navbar end
navbar end home symantec alerting service security center knowledge base navbar end
spacer
BCS Knowledge Base

spacer
spacer

Rate This Document
1x3 spacer
1x1 spacer

print this documentDocument ID:2007305143892898
Last Modified:04/29/2010

Walkthrough: Blocking email by domain name in Symantec Mail Security for Microsoft Exchange

Situation:This page is a walkthrough of how to block email by domain name in Symantec Mail Security for Microsoft Exchange on a perimeter Exchange server receiving inbound email through SMTP.

Solution:
    You can use this document for two different purposes:
    § To actually make changes on your network
    § The writing in black gives the steps needed to configure your network; just insert the settings and preferences for your network.
    § To do a walkthrough (a self-paced tutorial)
    § The specific examples you need to enter are in red. Follow the instructions in black, and the instructions in the green For this Walkthrough sections.


    To create a Match List:
    1. On the Windows taskbar, click Start > Programs > Symantec Mail Security for Microsoft Exchange > Server Management Console
    2. In the left pane, click Policies.
    3. Click Match Lists.
    4. In the left pane, under Tasks, click Add new matchlist.
    5. Under Add Match List, in the Match list name box, type a name.
      For this Walkthrough type: Blocked Spam Domains List
      Do not use punctuation at the end of a name. If you do use punctuation, you will see a message when you click Save. It says "The field Match list name contains invalid characters (&%?\:/*?.|>%$'#@+=")"
    6. In Match list description, describe the function of the match list, if you want.
      This description does not affect the function of any rule, or the match list itself.
    7. Under the ?Type? drop down list, the default is Literal string.
      For this Walkthrough: click Wild Cards.
    8. In the "Filter (one per line)" box, type the regular expressions strings corresponding to the domain to block. Each domain name string occupies a single line.
      Example: *@domain.com

    To create a filtering rule:
    1. In the single-server user interface, in the left pane, click Policies > Content Filtering Rules.
    2. In the left pane, under Tasks, click Add new rule.
    3. Under Add Filtering Rule, type a name in the Filtering rule name box.
      For this Walkthrough: Type: Blocked Spam Domains
      Do not use punctuation at the end of a name. If you do use punctuation, you will see a message when you click Save. It says "The field Match list name contains invalid characters (&%?\:/*?.|>%$'#@+=")"
    4. Under ?Apply rule to:?, click the option for where the rule should scan.

      For this Walkthrough Click "Inbound Messages"
      For additional information on these options, press F1 to bring up the Dynamic Help menu.

      To configure the rule:
      1. In the “Message Part to Scan” list, select what part of the email will be scanned by the rule.
        For this Walkthrough select Sender
      2. In the “Match Type” section, there are three options for this Walkthrough select Wild Cards
      3. In the “Content” section, there are two options.
        The default is Contains.
        For this Walkthrough: Make sure that "Contains" is selected.
      4. To the right of “Content” section, click the option, Add match list.
      5. Select Blocked Spam Domains and click Select.

      To specify action to take when a content violation occurs:
      In this section you select the action to take when an email violates the triggering condition.
      For this Walkthrough: Make sure that the selection is set to: "Quarantine attachment/message body, replace with text description."

      To specify replacement text when a content violation occurs:
      The "Replacement text" box contains sample text with variables. The variables are information pulled from email fields. This text replaces the message body of the email. The replacement occurs for a violation and the selection of quarantine or delete is the action to take.

      To specify the users the rule applies to:
      Click the “Users” tab at the top, and select the users the rule will apply to
      For this Walkthrough: Change the dropdown menu to ?Apply if the sender of the message is NOT in the list?.

      To configure Email Notifications:
      In the Notifications tab, make sure that Enable is checked for "To administrators.”
      For this Walkthrough: Leave the defaults checked.

      To test the new rule:
      1. Create a message with a subject line containing one of the match list strings.
      2. Send this message through the test network, and monitor the results.
      3. If the message triggers a violation, the rule is working.
      4. Continue testing until satisfied that the rule is working as expected.
      5. Add the rule and match list to your production environment. Monitor the results.

      Symantec recommends testing every new or modified rule to make sure that it works as expected. Use a test network. This allows more control over the process, and it is generally quicker when sending mail through the system.

    print this documentDocument ID:2007305143892898
    Last Modified:04/29/2010

    rate this document
    Does this document answer your question?
    Yes
    No
    Maybe, need to test
    None of the above
    Is this document well written and easy to use?
    Submit specific suggestions to improve the quality of this document.


    Product(s): Symantec Mail Security 5.x for Microsoft Exchange, Symantec Mail Security 6.0 for Microsoft Exchange, Symantec Mail Security 6.5 for Microsoft Exchange
    Operating Systems(s):
    Date Created: 05/30/2007

      © 1995-2014 Symantec Corporation. All rights reserved. feedback | legal notices | privacy policy