topic External Email Server Filtering in General Topics

External Email Server Filtering

CastawayKid — Fri, 18 Jan 2019 19:07:05 GMT

We have a ListServ server which needs to accept email from a user hosted in Office 365. I would like to limit the security rule allowing the inbound traffic to only accept SMTP connections from the O365 mail servers. I know the list of those servers can be dynamic, so I was wondering if this is even possible, or if there is a more effective method for filtering this traffic on the network perimeter?

Re: External Email Server Filtering

BPry — Fri, 18 Jan 2019 21:42:18 GMT

@CastawayKid,

If you're up to utilizing MineMeld, they actually have Office 365 prototypes built out already to accomplish this so you don't have to duplicate the work.

Re: External Email Server Filtering

CastawayKid — Thu, 24 Jan 2019 20:42:40 GMT

It looks like the MineMeld product is a bit overkill for what I'm needing. I was just hoping to point to an EDL and be done with it. I don't have VMWare or an Azure cloud account. My virtualization environment is a Microsoft Hyper-V cluster.

Re: External Email Server Filtering

OtakarKlier — Thu, 24 Jan 2019 20:46:05 GMT

Hello,

Unfortunatly there is no easy answer on this. They did provide some assitance. Check out this link.

https://docs.microsoft.com/en-us/office365/enterprise/office-365-ip-web-service

Regards,

Re: External Email Server Filtering

BPry — Thu, 24 Jan 2019 21:07:58 GMT

@CastawayKid,

I don't know of any publically available EDLs to accomplish this.

Also just as a note, MineMeld takes maybe an hour tops to configure it to the point where you can get what you are looking for, as it's a built in prototype. You can run MineMeld on a minimal Ubuntu Server install easily on your Hyper-V cluster; VMWare or Azure is completely not a requirement.

Re: External Email Server Filtering

CastawayKid — Thu, 24 Jan 2019 21:16:06 GMT

Ok, when I have time I can try looking into how to get that setup. I'll readily admit almost all my Linux experience has been limited to working on specific vendor products using specific builds for their products.

Until then, I've attempted to modify my inbound security rule using URL Categories. I then made a custom URL list including domains such as *.outlook.com. Does this have potential to work as well, or am I misunderstanding the use of the URL Category feature within a security policy rule?

Re: External Email Server Filtering

BPry — Thu, 24 Jan 2019 21:42:23 GMT

@CastawayKid,

I'm actually not certain that you'll always get the URL in a custom URL category to actually accomplish this. You'll get assigned categories due to StartTLS connections if enabled, but I don't recall really being able to see the URL in the logs for SMTP connections.

Re: External Email Server Filtering

Remo — Sat, 26 Jan 2019 15:59:19 GMT

@CastawayKid

If the smtp connection is encrypted (SMTPs) then yes you will see an URL, but this normally the CN of the used certificate in such connections. The problem in your case is this cannot be used for incoming connections as you then only have the name of your own mailserver in the URL-logs and not the source.