How do I block email being sent to invalid addresses on my domain?


This article applies to:

  • Trustwave MailMarshal (SEG)

Question:

  • How do I block email being sent to invalid addresses on my domain?
  • How do I automate administration and maintenance of valid recipient lists?

Procedure:

To block messages to invalid recipients and  prevent generating multiple Non-Delivery Reports (NDRs), MailMarshal must identify valid recipients.

  • Valid recipient lists can be entered manually into the MailMarshal Configuration.
  • For best results, recipient lists can be downloaded through the LDAP or Active Directory connector. This method has the advantage of providing automatic updates to the lists, thereby reducing list administration.

To use LDAP to enter valid recipients:

  1. Create the LDAP connector and download the users.
  2. Enable (if necessary create) the Connection rule to block messages to invalid recipients.

Note: Terminology and user interfaces vary slightly between MailMarshal versions.

    To create the LDAP connection and import user groups:

    1. Open the MailMarshal Configurator or Management Interface. Exact steps vary by version - see Help for full details.
    2. Navigate to Policy Elements > Connectors
    3. Add a connector for LDAP or AD.
    4. Once the connector has been created it is necessary to choose which groups should be downloaded to MailMarshal. In Policy Elements > User Groups choose to import a new connector based group.
    5. Choose the appropriate connector.
    6. Choose the group(s) that you want to import. You can browse, or enter group DNs manually.
    7. Right-click User Groups and choose Reload User Groups.
    8. Add the connector based groups into the default All Employees group, or create a new local group and add the connector based groups to your new group.

    Current SEG version include a default connection rule to block connections where the user is not in the All Employees group. This rule returns a SMTP 550 response if the addressee is not found in that group.

    If your installation was upgraded from an older version and does not include this rule, you can add it manually. See the current Default Rules document for a definition of this rule.

    1. Go to the Email Policy > Policy Groups > Connection Policies.
    2. Edit the rule Deny Messages to Invalid Addresses, review group usage, and enable the rule.
    3. Commit configuration.

    This article was previously published as:
    NETIQKB38475

    Last Modified 4/1/2020.
    https://support.trustwave.com/kb/KnowledgebaseArticle10227.aspx