This question is actually on the watchguard exam objectives sample questions. The answer is prevent mail relay for example.com domain. Answer should be C.
Everyone here says that che corrent answer is C but if you read the official guide there almost the same image at page 194 "Prevent SMTP Mail Relay"
The only difference is that they configure Rcpt to and NOT Mail From.
Read the guide online as well:
You can use the Address: Mail From ruleset to put limits on email and to allow email into your network only from specified senders. The default configuration is to allow email from all senders. You can add, delete, or modify rules. For example, you can create rules to deny emails from a specific sender ([email protected]) or to deny all emails from a domain (*@example.com).
The Address: Rcpt To ruleset can limit the email that goes out of your network to only specified recipients. The default configuration allows email to all recipients out of your network. On an SMTP-Incoming proxy action, you can use the Rcpt To ruleset to make sure your email server can not be used for email relaying. For more information, see Protect Your SMTP Server from Email Relaying.
Logically the only option is C. The question asks specifically "for outgoing SMTP traffic"; so that rules out B. immediately. A is wrong because the rules formatting would reflect the "rewrite" with domainA -> domainB. D. is wrong because this policy ONLY allows *@example.com; deny none matched. You can NOT have a DENY rule in the "simple view". C is the only options because relay is both inbound and outbound, this rule blocks the Outgoing SMTP traffic, as stated in the question. ALSO remember this snip is from the Proxy Action saved config, it doesn't actually mean because it is labeled "outgoing" that the policy that is applying this Proxy Action is not outbound or inbound, that information is not provided outside of the actual question which states "for outgoing SMTP traffic"
Actually the answer should be A. The window is shown in Simple Mode, but only "allow" and "replace/rewrite" rules can be shown in simple mode. B, C, D require a "Deny" rule which cannot be shown in Simple Mode. You can try it yourself in WSM.
Correct answer should be C:
"You can configure the SMTP proxy action to provide basic mail relay protection. In the proxy action, in the Address
> Rcpt To settings, configure the proxy to allow messages addressed to the domains your SMTP server receives mail
for, and to deny messages addressed to any other domain.
SMTP proxy action configured to allow mail to the domain example.com
For more"
SMTP-Proxy: Mail From/Rcpt To
You can use the Address: Mail From ruleset to put limits on email and to allow email into your network only from specified senders. The default configuration is to allow email from all senders. You can add, delete, or modify rules. For example, you can create rules to deny emails from a specific sender ([email protected]) or to deny all emails from a domain (*@example.com).
In this particular question, as its set to Deny, it will DENY any email from example.com
read more here >> https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/proxies/smtp/proxy_smtp_mail_from_to_c.html
This applies to outgoing mail so it must be C or D. I just had a look on a live Watchguard and the newer O/S shows it more clearly and says allowed or denied, above the no match denied box. I would probably guess D.
The correct answer is D, as preventing email relay is from via "Rcpt To", not "Mail from"
Source: https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/proxies/smtp/proxy_smtp_email_relay_c.html#:~:text=To%20protect%20against%20email%20relaying,Click%20Edit.
Using the Simple view (Change View buttom) you can switch the view type. The Simple view is used for this picture then you can create rules for Allow and Rewrite only. The correct answer is for avoid mail relay.
Confused... only info given is - Categories - Mail From; Rules - Simple view with *@etc & *@*etc; and Actions to take - None Matched - Deny.
https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/proxies/smtp/proxy_smtp_mail_from_to_c.html
"You can use the Address: Mail From ruleset to put limits on email and to allow email into your network only from specified senders. The default configuration is to allow email from all senders. You can add, delete, or modify rules. For example, you can create rules to deny emails from a specific sender ([email protected]) or to deny all emails from a domain (*@example.com)."
so, all the above suggests B, no?
The meaning of configuration is "Allow only email sender from domain and sub domain of example.com."
I think "C." is make sense because for smtp relay they trust the ip address so we can fake sender for some reason.
this configure can prevent you to fake domain but you can still fake name also.
Answer is C - This is an outgoing SMTP Policy. The config shown permits traffic from example.com, anything that doesn't match that gets denied. If someone tries to spoof your mail server and send mail as example1.com, this will be denied.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Arjjra
Highly Voted 4 years, 2 months agoviks83au
Most Recent 2 months, 1 week agoFrancis96
2 months, 2 weeks agoBradKenn75
5 months, 1 week agock1703
5 months, 1 week agobfg9000
6 months, 1 week agoXavi3D
7 months, 4 weeks agohfrpkrqgsrwwmlwjeg
1 year agoidevilkz
1 year, 1 month agoSteve94228
1 year, 6 months agoTurak64
1 year, 6 months agoTurak64
1 year, 5 months agoidevilkz
1 year, 1 month agonataldogomes
2 years agoR199ERS
2 years, 2 months agonataldogomes
2 years agoWatry
2 years, 2 months agoSatornjkk
2 years, 5 months ago[Removed]
2 years, 8 months agoItachI_Sama
2 years, 9 months agoEdward_
2 years, 9 months agogarga
2 years, 9 months ago