Since it is possible for an individual to intentionally send an infected email by changing the sender’s email address, you must enable Reject different SMTP sender identify for authenticated user in the relevant recipient-based policies.
Note that these steps are not necessary if you have already blocked the machine's IP address.
- Go to Policy > Recipient Policy > Inbound and edit your policy.
- Under Advanced Settings, enable Reject different SMTP sender identity for authenticated user.
- Click OK.