External Email Server Filtering

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

External Email Server Filtering

L1 Bithead

We have a ListServ server which needs to accept email from a user hosted in Office 365.  I would like to limit the security rule allowing the inbound traffic to only accept SMTP connections from the O365 mail servers.  I know the list of those servers can be dynamic, so I was wondering if this is even possible, or if there is a more effective method for filtering this traffic on the network perimeter?

1 accepted solution

Accepted Solutions

Cyber Elite
Cyber Elite

@CastawayKid,

If you're up to utilizing MineMeld, they actually have Office 365 prototypes built out already to accomplish this so you don't have to duplicate the work. 

View solution in original post

7 REPLIES 7

Cyber Elite
Cyber Elite

@CastawayKid,

If you're up to utilizing MineMeld, they actually have Office 365 prototypes built out already to accomplish this so you don't have to duplicate the work. 

It looks like the MineMeld product is a bit overkill for what I'm needing.  I was just hoping to point to an EDL and be done with it.  I don't have VMWare or an Azure cloud account.  My virtualization environment is a Microsoft Hyper-V cluster.

Hello,

Unfortunatly there is no easy answer on this. They did provide some assitance. Check out this link.

 

https://docs.microsoft.com/en-us/office365/enterprise/office-365-ip-web-service

 

Regards,

@CastawayKid,

I don't know of any publically available EDLs to accomplish this. 

 

Also just as a note, MineMeld takes maybe an hour tops to configure it to the point where you can get what you are looking for, as it's a built in prototype. You can run MineMeld on a minimal Ubuntu Server install easily on your Hyper-V cluster; VMWare or Azure is completely not a requirement. 

Ok, when I have time I can try looking into how to get that setup.  I'll readily admit almost all my Linux experience has been limited to working on specific vendor products using specific builds for their products.

 

Until then, I've attempted to modify my inbound security rule using URL Categories.  I then made a custom URL list including domains such as *.outlook.com.  Does this have potential to work as well, or am I misunderstanding the use of the URL Category feature within a security policy rule?

@CastawayKid,

I'm actually not certain that you'll always get the URL in a custom URL category to actually accomplish this. You'll get assigned categories due to StartTLS connections if enabled, but I don't recall really being able to see the URL in the logs for SMTP connections. 

L7 Applicator

@CastawayKid

If the smtp connection is encrypted (SMTPs) then yes you will see an URL, but this normally the CN of the used certificate in such connections. The problem in your case is this cannot be used for incoming connections as you then only have the name of your own mailserver in the URL-logs and not the source.

  • 1 accepted solution
  • 3178 Views
  • 7 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!