External Email Server Filtering

Reply
L1 Bithead

External Email Server Filtering

We have a ListServ server which needs to accept email from a user hosted in Office 365.  I would like to limit the security rule allowing the inbound traffic to only accept SMTP connections from the O365 mail servers.  I know the list of those servers can be dynamic, so I was wondering if this is even possible, or if there is a more effective method for filtering this traffic on the network perimeter?

L7 Applicator

Re: External Email Server Filtering

@CastawayKid,

If you're up to utilizing MineMeld, they actually have Office 365 prototypes built out already to accomplish this so you don't have to duplicate the work. 

L1 Bithead

Re: External Email Server Filtering

It looks like the MineMeld product is a bit overkill for what I'm needing.  I was just hoping to point to an EDL and be done with it.  I don't have VMWare or an Azure cloud account.  My virtualization environment is a Microsoft Hyper-V cluster.

L7 Applicator

Re: External Email Server Filtering

Hello,

Unfortunatly there is no easy answer on this. They did provide some assitance. Check out this link.

 

https://docs.microsoft.com/en-us/office365/enterprise/office-365-ip-web-service

 

Regards,

L7 Applicator

Re: External Email Server Filtering

@CastawayKid,

I don't know of any publically available EDLs to accomplish this. 

 

Also just as a note, MineMeld takes maybe an hour tops to configure it to the point where you can get what you are looking for, as it's a built in prototype. You can run MineMeld on a minimal Ubuntu Server install easily on your Hyper-V cluster; VMWare or Azure is completely not a requirement. 

L1 Bithead

Re: External Email Server Filtering

Ok, when I have time I can try looking into how to get that setup.  I'll readily admit almost all my Linux experience has been limited to working on specific vendor products using specific builds for their products.

 

Until then, I've attempted to modify my inbound security rule using URL Categories.  I then made a custom URL list including domains such as *.outlook.com.  Does this have potential to work as well, or am I misunderstanding the use of the URL Category feature within a security policy rule?

L7 Applicator

Re: External Email Server Filtering

@CastawayKid,

I'm actually not certain that you'll always get the URL in a custom URL category to actually accomplish this. You'll get assigned categories due to StartTLS connections if enabled, but I don't recall really being able to see the URL in the logs for SMTP connections. 

L7 Applicator

Re: External Email Server Filtering

@CastawayKid

If the smtp connection is encrypted (SMTPs) then yes you will see an URL, but this normally the CN of the used certificate in such connections. The problem in your case is this cannot be used for incoming connections as you then only have the name of your own mailserver in the URL-logs and not the source.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!