Quarantine messages that contain malware or attachment that is password protected, encrypted or damaged
|
|
Objective: Quarantine messages that contain malware or attachment that is password protected, encrypted or damaged
Create the following rule for Mail transport protection:
Condition
•Type: Antivirus scan result
•Operation: is not
•Parameter: Clean
Action
Type: Quarantine message
|
Move messages that failed SPF check to a Junk folder
|
|
Objective: Move messages that failed SPF check to a Junk folder
Create the following rule for Mail transport protection:
Condition
•Type: SPF result
•Operation: is
•Parameter: Fail
Action
•Type: Set SCL value
•Value: 5
Set the value according to SCLJunkThreshold parameter of Get-OrganizationConfig cmdlet of your Exchange server. For more details, see SCL threshold actions article.
|
Verify email message suspicious from sender spoofing
|
|
Objective: Verify email message suspicious from sender spoofing. If the message contains your own domain in the "From:" email header or Envelope sender, further verify by SPF result. If SPF result is neutral, quarantine message, log to events, and notify the administrator.
Condition
•Type: Envelope sender and From header comparison result
•Operation: is
•Parameter: Match
•Type: SPF result - From header
•Operation: is
•Parameter: Neutral
Action
Type: Quarantine message, Log to events and Send event notification to administrator
|
Drop messages from specific senders
|
|
Objective: Drop messages from specific senders
Create the following rule for Mail transport protection:
Condition
•Type: Sender
•Operation: is / is one of
•Parameter: spammer1@domain.com, spammer2@domain.com
Action
Type: Drop message silently
|
Customize pre-defined rule
|
|
Objective: Customize pre-defined rule
Details: Allow archive attachments in messages from specified IP addresses (in case of internal systems, for example) while using Forbidden archive file attachments rule
Open Mail transport protection rule set, select Forbidden archive file attachments and click Edit.
Condition
•Type: Sender's IP address
•Operation: is not / is not any
•Parameter: 1.1.1.2, 1.1.1.50-1.1.1.99 |
Message body
|
|
Objective: Quarantine messages that contain certain string in Message body
Create the following rule for Mail transport protection:
Condition
•Type: Message body
•Operation: contains / contains one of, click Add type web site URL or part of URL
Action
Type: Quarantine message
|
Store messages for non-existent recipients
|
|
Objective: Store messages for non-existent recipients
Details: If you want to have all messages to non-existent recipients quarantined (regardless of being marked by Antivirus or Antispam protection)
Condition
•Type: Recipient validation result
•Operation: is
•Parameter: Contains invalid recipient
Action
Type: Quarantine message
|