This page is a walkthrough of how to block email by domain name in Symantec Mail Security for Microsoft Exchange on a perimeter Exchange server receiving inbound email through SMTP.

Conditions

Before you begin:

• This document is provided "as is," and is not supported by Symantec online or phone support.
• Make sure that the logged on user is a member of the Domain Admins group
• Symantec Mail Security  for Microsoft Exchange does not have the ability to open password-protected archives or archives that use encryption.
• Archives renamed to another extension will not open properly.

The process of blocking email by domain name requires a named match list and at least one rule. The named match list defines the specific strings to filter on. The rule determines what happens when a specified field contains a match. One or more named match lists can be associated with a rule. This is the general process to set up Symantec Mail Security for Microsoft Exchange to block a specific sender domain (details follow):

• Create a match list.
• Create a filtering rule
• Configure the filtering rule
• Test the rule

You can use this document for two different purposes:

• To actually make changes on your systems:
  • The writing in black gives the steps needed to configure your network; just insert the settings and preferences for your network.
• To perform the walkthrough (a self-paced tutorial):
  • The specific examples you need to enter are in red. Follow the instructions in black, and the instructions in the green For this Walkthrough sections.
    
    
    To create a Match List:

1. On the Windows taskbar, click Start > Programs > Symantec Mail Security for Microsoft Exchange > Server Management Console
2. In the left pane, click Policies.
3. Click Match Lists.
4. In the left pane, under Tasks, click Add New Matchlist.
5. Under Add Match List, in the Match list name box, type a name.
   For this Walkthrough type: Blocked Spam Domains List
   Do not use punctuation in the name. If you do use punctuation, you will see a message when you click Save. It will say "The field Match list name contains invalid characters (&%?\:/*?.|>%$'#@+=")"
6. In Match list description, describe the function of the match list, if you want. This description does not affect the function of any rule, or the match list itself.
7. Under the "Type" drop down list, the default is Literal String.
   For this Walkthrough: select Wild Cards.
8. In the "Filter (one per line)" box, type the specific string that will correspond to the domain to catch. Each domain name string occupies a single line.
   Example using a wild card string: *@domain.com

To create a Filtering Rule:

1. In the single-server user interface, in the left pane, click Policies > Content Filtering Rules.
2. In the left pane, under Tasks, click Add new rule.
3. Under Add Filtering Rule, type a name in the Filtering rule name box.For this Walkthrough: Type: Blocked Spam Domains
Do not use punctuation at the end of a name. If you do use punctuation, you will see a message when you click Save. It says "The field Match list name contains invalid characters (&%?\:/*?.|>%$'#@+=")"4. Under ?Apply rule to:?, click the option for where the rule should scan.

For this Walkthrough Click "Inbound Messages"
For additional information on these options, press F1 to bring up the Dynamic Help menu.

To configure the rule:

1.  In the “Message Part to Scan” list, select what part of the email will be scanned by the rule. For this Walkthrough select Sender
2.  In the “Match Type” section, there are three options for this Walkthrough select Wild Cards
3.  In the “Content” section, there are two options. The default is Contains. For this Walkthrough: Make sure that "Contains" is selected.
4.  To the right of “Content” section, click the option, Add match list. 
5.  Select Blocked Spam Domains and click Select.

Select the Actions tab to specify action to take when a content violation occurs:
In this section you select the action to take when an email violates the triggering condition.
For this Walkthrough: Make sure that the selection is set to: "Quarantine attachment/message body, replace with text description."

To specify replacement text when a content violation occurs:
The "Replacement text" box contains sample text with variables. The variables are information pulled from email fields. This text replaces the message body of the email. The replacement occurs for a violation and the selection of quarantine or delete is the action to take.

To specify the users the rule applies to:
Click the “Users” tab at the top, and select the users the rule will apply to
For this Walkthrough: Change the dropdown menu to ?Apply if the sender of the message is NOT in the list?.

To configure Email Notifications:
In the Notifications tab, make sure that Enable is checked for "To administrators.”
For this Walkthrough: Leave the defaults checked.

To test the new rule:
1. Create a message with a subject line containing one of the match list strings.
2. Send this message through the test network, and monitor the results.
3. If the message triggers a violation, the rule is working.
4. Continue testing until satisfied that the rule is working as expected.
5. Add the rule and match list to your production environment. Monitor the results.

Symantec recommends testing every new or modified rule to make sure that it works as expected. Use a test network. This allows more control over the process, and it is generally quicker when sending mail through the system.