Hi,
I am relatively new to EFA, and I have hit upon a small problem I am not sure how to solve.
Scenario:
We have MFD Printers, they can scan to email. This is OK but we don't want users to be able to scan a document and send it straight out. (for data loss)
eg: Scan a pdf- the printer sends it from elfranko@internal.com to elfranko@internal.com. (Subject is always the same: "Message from printer" and the filename is always "skmbt_c364eyymmddhhmmss.pdf"
I want to allow this.
and:
Scan a pdf- the printer sends it from elfranko@internal.com to elfranko@external.com. (Subject is always the same: "Message from printer" and the filename is always "skmbt_c364eyymmddhhmmss.pdf"
I want to block this.
I though I had cracked it, but my subject rule just discards the email internal and external.
Does anyone have any ideas in the best way to do this - or any pointers to put me on the right path.
As an aside, I think it is a great solution. And I am getting a lot better at making it do what I want it to do.
Cheers
Frank
Filtering based on both subject and recipient
-
shawniverson
- Posts: 3649
- Joined: 13 Jan 2014 23:30
- Location: Indianapolis, Indiana USA
- Contact:
Re: Filtering based on both subject and recipient
A simpler solution may be to use whitelists and blacklists. Whitelisting overrides blacklisting, so...
If your MFP is relaying via the appliance...
From: ip_of_mfp To: default --> blacklist
From: ip_of_mfp To: example.org --> whitelist
This would block all attempts to send outside the domain of example.org.
If your MFP is relaying via the appliance...
From: ip_of_mfp To: default --> blacklist
From: ip_of_mfp To: example.org --> whitelist
This would block all attempts to send outside the domain of example.org.
Re: Filtering based on both subject and recipient
Prior to using the EFA we used a product from McAfee. A decision was made to swap - prior to this the setup was all the printers were set to use an internal relay and then forward on to the outbound box.
The outbound box is now the EFA - so now it is MFD to Relay, to EFA, which would then either route to Exchange for internal, or out to the internet for external. I'd rather not visit 100+MFD's to alter their mail server settings if can avoid it.
Cheers
Frank
The outbound box is now the EFA - so now it is MFD to Relay, to EFA, which would then either route to Exchange for internal, or out to the internet for external. I'd rather not visit 100+MFD's to alter their mail server settings if can avoid it.
Cheers
Frank
-
shawniverson
- Posts: 3649
- Joined: 13 Jan 2014 23:30
- Location: Indianapolis, Indiana USA
- Contact:
Re: Filtering based on both subject and recipient
I'm thinking about this, since it is indirectly relayed, this becomes challenging. It may be possible to create a ruleset in spamassassin that could check the ip addresses and subject, perhaps assigning a high score to emails destined outside the organization, thereby quarantining the emails.