Creating a sender-domain filter list

  • Article

 

Applies to: Forefront Protection for Exchange

Sender-domain filtering enables you to filter messages with specified senders or domains. Sender-domain filtering is available with all scan jobs (transport, realtime, scheduled, and on-demand). You can use wildcard characters in order to enable filters to filter all messages from a certain domain (for example: *@domain.com).

Note

Sender-domain filtering only applies to the From field in a message. It cannot be used for the To field.

Note

The scan looks at both the display name and the e-mail address of the sender in order to match against sender-domain filters. It applies the filter against the display name first. If the display name and sender e-mail address are different, Forefront Protection 2010 for Exchange Server (FPE) also applies the filter against the sender e-mail address. If either matches, the filter action is taken.

To create a sender-domain filter list

  1. In the Forefront Protection 2010 for Exchange Server Administrator Console, click Policy Management, and then under the Filters section, click Filter Lists.

  2. In the Filters – Filter Lists pane, click the Create button.

  3. In the Select Filter Type dialog box, select Sender-domain and then click Next.

  4. In the Filter Details dialog box, specify the filter list name and filter details:

    1. In the Filter list name box, type a name for the new list.

    2. In the Filter criteria box, type the sender or domain to be included in the filter list, and then click Add. You can repeat this step in order to add multiple senders or domains, or you can add multiple items on the same line, provided that they are separated by a comma.

      If you want to use a generic domain name filter, you must use an asterisk wildcard character (*) before the domain name. For example, you would specify a generic domain as *@domain.com, and a specific sender as someone@domain.com. For more information about using wildcard characters to refine your filters, see Using wildcard characters to refine filters.

      Note

      You can edit items in a sender-domain filter list by double-clicking the item, editing the item, and then pressing ENTER. You can delete items from a sender-domain filter list by selecting the item and then clicking Remove. You can also import items into a sender-domain filter list (for more information, see Importing items into a filter list) and export items from a sender-domain filter list (for more information, see Exporting items from a filter list).

    3. Click Next.

  5. In the Target dialog box, configure how you want the filter list to be applied to the transport, realtime, scheduled, and on-demand scan jobs:

    1. To enable the filter list for use with the scan job, using the Enabled drop-down list, select Yes.

    2. Configure the action that FPE should take when a file filter is matched by using the Action drop-down list for each scan job.

      For the transport scan job, select Skip detect, Purge, Identify in subject line (the default), Identify in message header, or Identify in subject line and message header.

      For the realtime and scheduled scan jobs, select either Skip detect (the default) or Purge.

      For the on-demand scan job, Skip detect is the only option.

      For more information about these options, see Configuring the action when a filter is matched.

    3. To configure FPE to quarantine messages and attachments when the filter is matched, using the Quarantine files drop-down list, select Yes. Quarantining for filters is enabled by default. Enabling quarantining causes deleted attachments and purged messages to be stored, permitting you to recover them. However, worm-purged messages are not recoverable.

    4. To configure notifications when the filter is matched, using the Notifications drop-down list, you can select Never send notifications to prevent the sending of the Sender-domain filter matched notification, even if it is enabled. Otherwise, when Use notification settings is selected (this is the default), FPE uses the configured Sender-domain filter matched notification settings.

    5. Click Create.

      The filter list you just created appears on the Filters – Filter Lists pane.

  6. Click Save.

For more information about viewing and managing this filter list and others, see Viewing and managing filter lists.

Example: Exempting specific users from mail filtering

This section describes how to create and configure sender-domain filter lists to filter mail from all users in a domain except for specific users in that domain. Use the default values unless otherwise directed.

To exempt specific users from mail filtering

  1. In the Forefront Protection 2010 for Exchange Server Administrator Console, click Policy Management, and then under the Filters section, click Filter Lists.

  2. In the Filters – Filter Lists pane, click the Create button.

  3. In the Select Filter Type dialog box, select Sender-domain and then click Next.

  4. In the Sender-Domain Filter dialog box, in the Filter list name box, type a name for the new list.

  5. In the Filter criteria box, type the e-mail address of a specific user whose mail you do not want filtered. For example, type username@domain.com, and then click Add.

    Repeat this step if you want to add more e-mail addresses whose mail you do not want filtered. Note that you can add multiple e-mail addresses on the same line, provided that they are separated by a comma.

  6. Click Next.

  7. In the Target dialog box, for the Hub/Edge Transport Scan, using the Action drop-down list, select Skip detect.

  8. Click Create to create your filter list, and then click Save.

  9. To create a sender-domain filter list that will filter mail from all users in a specified domain, repeat the previous steps, with the following exceptions:

    1. In the Filter criteria box, type the name of the domain that you want filtered. When you type the domain name, include the asterisk (*) wildcard character. For example, type *@domain.com.

      Note

      Make sure that you create the filter list for the domain name after the filter list containing the specific users whose mail you do not want filtered. FPE executes filter lists in the order that they were created (from oldest to newest).

    2. In the Target dialog box, for the Hub/Edge Transport Scan, using the Action drop-down list, select Purge.

    3. Click Create to create your filter list, and then click Save.