Mail enabled Distribution lists - Allow/Block for/from External Senders

Good day, we are a large school board in Canada with 10,000 staff and 85,000 students. Our AD Groups are 20,000+ in numbers. Our current Directory Sync is via Azure which has imported ALL of the groups and not just the mail enabled ones.

Our intent is to only allow a small group of external senders to be allowed to email the mail enabled groups. i.e: Cloud based service providers. And block external senders to those same groups. This is a serious security issue and we need to protect our end users. 1 address can send to 10,000 people.

Has anyone been able to allow to some and restrict to others on inbound external mail to dist. lists and how did you do it?
1. Our failed attempt ended up not only just looking at the top level of the smtp address of the dist. list but drilled down and effected the individual users.
Has anyone been able to import/sync just a certain subset of groups other than via LDAP?

Thank you Kathryn

Find more posts tagged with

Email Security Cloud Gateway

Accepted answers

All comments

Holzer

H, Kathryn.

We just did that and it works fine:

Create a Blocked Senders Policy:
- From = External Addresses
- To = Individual Email Address = Distribution List
- Action = Block sender
Create a Blocked Senders Bypass Policy:
- From = E.g. an Address Group where every Email Address that is allowed to send is added
- To = Individual Email Address = Distribution List
- Action = Take no action

Best regards
Robert

Toby Metcalf

Thank you @Philpott, Kathryn - appreciate the new question - keep them coming!
Really appreciate the contribution @Holzer

Cheers,
Toby

Philpott, Kathryn

Did similar to what you did with the following exception.

Blocked Senders Bypass Policy:
- From = E.g. an Address Group where every Email Address that is allowed to send is added
- To = Address Groups = Exchange.RelayOffice365 (AD group where as this group hosts the groups we wish to allow based on group membership
- Action = Take no action

The block sender policy we created is where we are getting grief. You will note that the policy is currently disabled. When enabled, individual users incoming emails where getting blocked. The sender did not need to use a dist. list to send a message. It was like the rule drilled down.

My other question was that I don't believe both Allow/Bypass policy and the Block Sender policy should both have "Policy Override"

Our Block sender is as follows:

Blocked Senders Policy:

From = External Addresses
To = Address Groups -
= Exchange.RelayOffice365 (AD group where as this group hosts the groups we wish to allow based on group membership
Action = Block sender

When you configured your Block policy, how did you get Distribution List with the Individual Email Address option. or did you just type in 1 dist. list?

Holzer: Blocked Senders Policy:

From = External Addresses
To = Individual Email Address = Distribution List
Action = Block sender