Maybe you have seen it mails from unknown domains will be relayed via the internal mailserver or mailserver that is placed in the DMZ. Normally when configuring the mailservers correctly it’s not possibly to send mail from a domain which is not hosted on the internal mailserver. But it can also be that a virus is active on a mailserver which is allowed to relay.</p>
In this tutorial I will explain how you can create a policy in Trend Micro IMSS to prevent this. The way of configuring is not really the way you think you have to do it, but the endresult will work.
First we will create a rule which matches incoming messages.
Select the button add and choose the option other.
Ensure that the this rule will apply to option is set to incoming , we wil change this later to both incoming and outgoing messages. We could not do this right now because the policy will not be created correctly then.
Next select on the link recipients a new window will be opened.
Select the option anyone and select save, the window will close. Next click on senders a new windows will be opened again.
Select the option anyone and select save, the last parameter we need to define in this step is the exceptions.
Add the following exception:
- from (sender) *@*
- to (recipient) *@trendmicro.dyndns.org
Repeat this for each domain.
When ready click on save to save the changes, you will get the following overview after this.
Click on the next button to continue. In this step we will define the conditions when a mail must be scanned by this policy.
In this case we want to scan all messages so we don't select anything en click on the next button.
You will get a warning that all messages will be scanned if not choosing any condition. Confirm this by clicking on the OK button.
The next step is the action that needs to be executed when a mail meets the conditions. In this case we will delete all messages which meet the conditions. You could choose to quarantine the messages, if you would like to do this change the action.
Next we will define the name and number of the policy. Keep in mind that the policy always needs to be created below the Global Antivirus Rule and Default Spam Rule. You may choose to not activate the policy right now but activate it after the steps below.
When you return to the policy overview you can see that the policy is added.
Now we have added the policy we need to change it. This because it's not possible to add *@* as sender/recipient in this policy when choosing the option to apply this policy on both incoming and outgoing messages.
Click on the policy to view the details
Click on if recipient and senders are
Change the option this rule will apply to to both incoming and outgoing messages. Next we will change the exceptions. This can be done by clicking the link Senders and Recipients after the option exceptions.
Add the following exception:
- from (sender) *@trendmico.dyndns.org
- to (recipient) *@*
Add the exception for each domain, when ready click save 4 times to return to the policy overview. If you have not activated the policy activate it.