Friday, January 8, 2016

Block Sender in Office 365 based on Regex Pattern

We have seen products like Proofpoint & Ironport use Pattern blocks quite effectively, Today we will go ahead & test the same functionality in office 365.

Below rule is demonstrated as an example, there can be other regex expressions that can also be utilized.

Scenario: Lot of spam was being received from Envelope sender, numbers are always getting changed, only Name is unique.

Name+bncBCAJ75O6TMERBLWFWK2AKGQE3SRMX7I@googlegroups.com

We can't block googlegroups so we arrived at a conclusion to use regex pattern:

Name.*@googlegroups.com

You can test this pattern before implementation at https://regex101.com/

Capture

Now lets create a pattern block in Office 365

Launch O365 admin console -->Admin --> Exchange --> Mailflow

Capture

Click on Plus to create a New Rule

Capture

Click on More Options, Provide Name to the rule

Capture

Apply this rule if Sender --> Sender Address Matches any of the Text Pattern

Capture1

 

Do the following --> Deliver the message to the Hosted Quarantine

Capture

Scroll down & Match Sender address in Message--> Select Envelope --> Save

Also, Please check Stop processing more rules.

Capture

Note:- If you use grouping, which is allowed in Cisco Ironport  & not in o365, you will receive an error as shown below so you have to avoid it.

Example:-

Name(.*)@googlegroups.com

Capture

Now let's test by sending a message based on pattern, I had created one test pattern which matches my personal id so that I can test the above approach..

Message was successfully quarantined :)

Capture

Regards

Sukhija Vikas

http://msexchange.me

 

 

No comments:

Post a Comment