Inbound vs Outbound Email policies

book

Article ID: 160132

calendar_today

Updated On:

Products

Data Loss Prevention Enforce

Issue/Introduction

How to break out email policies into inbound and outbound

Resolution

Create two policies, each with an IP-based exclusion.

First Policy (inbound): Set up a policy that excludes traffic from the sender IP (Internal IP address of previous hop MTA or Exchange), such as 192.168.1.1, 192.168.1.2, etc. This will give you all traffic from the Internet to internal recipients.

Second Policy (outbound): Set up a policy that excludes traffic from the destination IP (internal IP address of previous hop MTA or Exchange), such as 192.168.1.1, 192.168.1.2, etc. This will give you all traffic going from internal to the Internet.

To get the IP address, summarize by source IP.  Create an all SMTP policy, run it for a few seconds and then kill it.  Then summarize the incidents by sending IP to work out the MTAs, which will then give you the IPs for your filter.

NOTE: The sender IP will be of the MTA and not the proxy.