Because the HAT Overview/Sendergroup sees the hostname and the IP of the connecting host, what you would need to do is to kind of allow it through first, let the particular email address/domain through first, then enforce your SBRS scoring. Let me know if this addresses your inquiry or if you need clarification.
For situations where some recipients are not receiving messages from sending MTA's that have low SBRS score, this is a workaround to allow those recipients to receive messages from this low-scoring sending MTA and then allowing the SBRS score to take effect.
Configurations that will be affected:
- HAT Overview, the addition of a new sendergroup
- message filters
Steps:
1. In "Mail Policies -> HAT Overview", add a new sendergroup. You can title it something like "Temporarily_Accept". Then add this as a sender, ".comcast.net". You are adding this hostname, IP address or IP address.
2. Order this new Sendergroup so that it above the "Blacklist sendergroup".
3. Create the following message filter below
4.
temporary_accept:
if ( mail-from == '(?i)joe@company.com' )
{
deliver();
}
5. Then create a message filter that enforces the blacklist sendergroup policy:
6.
enforce_blacklist_sbrs:
if ( reputation < -2 )
{
drop();
}
----------------------------------------
Here is a summary of what the above HAT Overview sendergroup and message filters do. The new HAT Overview Sendergroup was created (Step #1) so that it can be used to allow messages from a low-scoring SBRS host into the Ironport.
Next, the first message filter (Step #4) is created so that messages from specific email senders can be allowed into the machine.
The last message filter (Step #6) was put in place so that the low SBRS score of the sending MTA could be enforced and dropped if the connecting host has a low SBRS score.
References:
1. How do I add a new message filter to my IronPort Appliance?
http://tinyurl.com/mg8kp
