Steps to allow a certain mail in? (false positive)

Unanswered Question
Jul 2nd, 2008

A certain repetitive message from a customer has started being rejected for reputation reasons.

The message has characteristics that I think explain why

- it' periodic (once a day at the same hour)
- always the same subject (it's a customer ID)
- sending account name called like our mail domain (i.e. [email protected] while we own

I need to know how I can allow these messages through - what I was thinking of trying was

- creating a policy that disables spam check on their sending domain
- adding the IP addresses of the 2 machines involved in the sending to the whitelist for incoming mail policy.

Any other ideas please?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
ava-iron_ironport Wed, 07/02/2008 - 15:06

If connection from that mail server droped for reputation reason:
- MAIL POLICIES/HAT Overview: add ip address to whitelist (for example).

If messages goes into quarantine:
- MAIL POLICIES/Incoming mail Policies: create policy disable anti spam for it, add sender's or recepient's e-mail addresses to it.

gv_ironport Thu, 07/03/2008 - 09:22

I have done both and it doesn't work: I still don't receive the message.

Where else should I be looking?

Wargot_ironport Thu, 07/03/2008 - 12:39

Have you done a Grep of the IP address within the mail logs? Is is being dropped because the SBRS of the sending MTA put's it in to a Sender Group that drops the connection (I.E Blacklist)?

If the you have added the IP address (or Partial IP Address, CIDR range or Hostname) to a Sender Group above the Blacklist Sender Group (remember Sender Group order is important).

If it is in a Sender Group that will allow the message and you are still not receving it, then it may be being dropped or quarantined (depending on your setting) by the CASE engine.

With our configuration, if we have senders that we trust but are getting messages from them dropped, the IP address or addresses of their sending MTA's are added to a Sender Group with a Mail Flow Policy that accepts the message and bypasses the CASE engine.

gv_ironport Fri, 07/04/2008 - 14:33

Turned out my second configuration change (adding the mail servers Ips to the whitelist) had solved the problem: the customer hadn't informed me they would not send the usual message on Wednesday and that's why I thought I was still having an issue :)

Thanks for help


This Discussion