Add GEO blocking option in Email security rules - Black/White List

Options
Przemek
Przemek Posts: 28  Freshman Member
First Anniversary 10 Comments Friend Collector
edited July 2 in Security Ideas

I wish I have in Black/White List an option for GEOGRAPHY blocking. And block all emails sent from blocked countries.

1 votes

Active · Last Updated

Comments

  • mMontana
    mMontana Posts: 1,350  Guru Member
    Community MVP First Anniversary 10 Comments Friend Collector
    Options

    You can.

    Create a group composed from the countries you want to block. Let's call that "Email_Block".
    Then configure incoming communications on port 25, 465, 587 to being blocked from the group.

  • Przemek
    Przemek Posts: 28  Freshman Member
    First Anniversary 10 Comments Friend Collector
    Options

    It looks like blocking GEO Group from accessing my network ports.

    Will it block emails sent to external hosting and downloaded to my network from there?

    I was thinking about Rule creating here:

  • nielsscheldeman
    nielsscheldeman Posts: 46  Freshman Member
    First Anniversary 10 Comments Friend Collector
    Options

    Do you have your own mailserver or are you working with something like Office 365? This could only work if you use your own mailserver.

  • Przemek
    Przemek Posts: 28  Freshman Member
    First Anniversary 10 Comments Friend Collector
    Options

    I have my own mail server.

    If I have an IP option in rules GEO option should not be something impossible to add here.

  • nielsscheldeman
    nielsscheldeman Posts: 46  Freshman Member
    First Anniversary 10 Comments Friend Collector
    Options

    You have to block these ports then in your Policy Control. Now you have a policy From "WAN" to "LAN1", IPv4 Source "Any", IPv4 Destination "mailserver", Service "25, 465, 587".

    First create objects → Address, Type Geography and select the countries you wish to allow (you can also work reverse and block only countries, but then you need to create an extra rule with higher priority to block these first). Put them in an address group, let's say GEOALLOW.

    Now in case you only want to allow some countries, change your Policy Control rule. Change IPv4 Source "Any" to this object "GEOALLOW"