This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

How to control reverse DNS lookup through DNS SecurityLicense

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

How to control reverse DNS lookup through DNS SecurityLicense

OsamaKhan
L2 Linker

‎12-28-2020 05:29 AM

The user was trying to send a mail from internal to external domain but it is blocking by sinkhole because it is showing as malicious traffic, however, we are able to receive from that malicious domain, Can we block reverse mail from an external server to internal using DNS license. In my case, it has received.

 

Eg- User mail is test@abc.com and trying to send malicious domain i.e xyz@xyz.com ====blocked by sinkhole policy in NGFW

However, user test@abc.com received mail from malicious domain i.e xyz@xyz.com === can I control using DNS license.

 

User should not receive an email from any malicious domain so can I control in NGFW using DNS security.

 

Thanks and Regards,
OK.
0 Likes Likes
1 REPLY 1

BPry
Cyber Elite
Cyber Elite

‎12-28-2020 08:26 PM

@OsamaKhan,

DNS really doesn't come into play when you receive an email from an outside email system*. If the IP itself is a known malicious address within any of the PAN lists you could configure a security policy blocking that traffic inbound (and you should), but on a shared/hosted email platform that's not going to be an option.

This is really a job for an email security gateway or a transport rule on your email system. Your firewall can do limited inspection on SMTP traffic and some basic filtering, but you're really going to want to have an actual email security product in place. 

 

* A lot of email security products and email systems will attempt to resolve the source address if properly configured to figure out if the source is in the SPF or DKIM records. That doesn't mean it's going to resolve back to mybaddomain.abc or anything like that, and that doesn't mean that all systems do that if they aren't configured to do so. 

0 Likes Likes
  • 2727 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks