Hi,
My organization receives a lot of mail from "some-domain-that-refuses-to-configure-spf.tld", resulting in a bit of "fake" email.
I do however know the IP that the real "some-domain-that-refuses-to-configure-spf.tld" sends mail from, let's pretend it's 123.123.123.123
I wanted to create a rule and do something like adding a "Who" object for that domain, and a "Who" object for the IP address, and an "Action" object of Block, but the snag I'm running into is I can't specifically choose in the "Match if" different criteria for the different "Who" objects, I can pick one criteria for all of the "Who" objects.
What should I be doing differently when I have two objects of the same type and know what one of the objects must be, and know what the other object must NOT be when deciding to take action on the message?
(eg. if the message is from "some-domain-that-refuses-to-configure-spf.tld", and the IP it came from is 123.123.123.124, I know that it's from the "wrong" source and should block it, because 123.123.123.124 is not 123.123.123.123)
EDIT:
It turns out that I can set the criteria on the "Who" object on the who object itself, instead of in the rule, so my who object for matching 123.123.123.123 I just changed to be a who object that NOT matches 123.123.123.123
My organization receives a lot of mail from "some-domain-that-refuses-to-configure-spf.tld", resulting in a bit of "fake" email.
I do however know the IP that the real "some-domain-that-refuses-to-configure-spf.tld" sends mail from, let's pretend it's 123.123.123.123
I wanted to create a rule and do something like adding a "Who" object for that domain, and a "Who" object for the IP address, and an "Action" object of Block, but the snag I'm running into is I can't specifically choose in the "Match if" different criteria for the different "Who" objects, I can pick one criteria for all of the "Who" objects.
What should I be doing differently when I have two objects of the same type and know what one of the objects must be, and know what the other object must NOT be when deciding to take action on the message?
(eg. if the message is from "some-domain-that-refuses-to-configure-spf.tld", and the IP it came from is 123.123.123.124, I know that it's from the "wrong" source and should block it, because 123.123.123.124 is not 123.123.123.123)
EDIT:
It turns out that I can set the criteria on the "Who" object on the who object itself, instead of in the rule, so my who object for matching 123.123.123.123 I just changed to be a who object that NOT matches 123.123.123.123
Last edited: