Safelist for Admins

Unanswered Question
Oct 1st, 2008

I noticed that when I get the End User Quarantine notifications I can add the address to my safelist and release but when I log into the quarantine and go to options, I don't see the safelist.
I tested this on another admin on our team by removing them from the Ironport admins and then he could see the safelist.
Is there a way for admins to see their own safelist and block lists?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
kluu_ironport Thu, 10/02/2008 - 05:26

The individual safelist/blocklist is tied to each email address. The admins of the IronPort system cannot see any of the individual safelist/blocklist.


I noticed that when I get the End User Quarantine notifications I can add the address to my safelist and release but when I log into the quarantine and go to options, I don't see the safelist.
I tested this on another admin on our team by removing them from the Ironport admins and then he could see the safelist.
Is there a way for admins to see their own safelist and block lists?
rnarvaez_ironport Tue, 10/07/2008 - 16:23

I understand that the individual safelist/blocklist for each mail account. What I am asking is how do I, as the administrator see my own safe/block list.

kluu_ironport Tue, 10/07/2008 - 16:31

If the administrator has a routable email address, then you should be able to log into your own "end user quarantine" section.

If there's no email address, then that's not possible.

I understand that the individual safelist/blocklist for each mail account. What I am asking is how do I, as the administrator see my own safe/block list.
rnarvaez_ironport Tue, 10/07/2008 - 17:17

I am using my own account and it is associated with AD and Exchange.
When I open the Email Quarantine and log in using my AD credentials I get access to the EUQ. When I go to options there is no option to see safe/block list.[/img]

kluu_ironport Tue, 10/07/2008 - 17:50

When you log into the EUQ, and it's prompting for the username, try using the full email address of your account.

When you use only the "username", it may think you're logging in as the Administrator and not the user. Try it again with the full email address.


I am using my own account and it is associated with AD and Exchange.
When I open the Email Quarantine and log in using my AD credentials I get access to the EUQ. When I go to options there is no option to see safe/block list.[/img]
rnarvaez_ironport Tue, 10/07/2008 - 18:20

Nope, now it tells me that I have an invalid name or password.
I had my other administrator try his account and he can see his safe/block list.
When I add him back into Ironport as an admin an have him log in again he doesn't see it any more.
He also tried logging in using his full email address and it didn't work.
I am using LDAP to authenticate when logging in.

kluu_ironport Tue, 10/07/2008 - 20:47

Try tailing the "euqgui_logs" and log in and paste the results from that log.


When I do it on my lab box, here is what it looks like:

1. When I log in as the "kluu" Administrator user, this is what shows in the log:

Tue Oct 7 19:43:18 2008 Info: login:kluu user:zi0cwQYkfF2f7mpe6J4T session:10.251.16.148
Tue Oct 7 19:43:18 2008 Info: Authentication OK, user kluu


2. When I log in as the [email protected], here's the log output:


Tue Oct 7 19:45:40 2008 Debug: LDAP: Query (sAMAccountName=kluu) resolved via cache hit
Tue Oct 7 19:45:40 2008 Debug: ISQ: SELECT count(*) FROM messages m WHERE (m.mid in (select mid from recipients where userid in(1)))
Tue Oct 7 19:45:40 2008 Debug: ISQ:
SELECT mid, envelope_sender, from_header, subject, size, quarantine_time, mga_inject_time, body_charset
FROM messages m
WHERE (m.mid in (select mid from recipients where userid in(1)))
ORDER BY quarantine_time desc
LIMIT 2 OFFSET 0

Tue Oct 7 19:45:40 2008 Debug: ISQ: SELECT mid, header_rid, to_header FROM header_recipients WHERE mid IN (223) ORDER BY mid, header_rid
Tue Oct 7 19:45:40 2008 Debug: ISQ:
SELECT r.mid as mid, r.rid as rid, u.email_address as envelope_recipient
FROM recipients AS r, users AS u
WHERE r.userid=u.userid AND r.mid in (223)
ORDER BY mid, rid


The first one does not have a safelist/blocklist because it's a user on the AsyncOS.

The second one does have a safelist/blocklist as it's a recipient email address.

Now, if you do the same thing and get results similar to #2, I'd be surprised why you wouldn't see the safelist/blocklist.

Also, can you provide the EUQ query string and mail attribute you're using for the EUQ login?

Jason Meyer Wed, 09/29/2010 - 14:17

Did this ever get resolved.  I'm at the same place now...    Currently trying the different suggestions in the previous posts.

When I log in with a non-administrative Ironport appliance account I notice in the logs the line:

     Wed Sep 29 16:23:59 2010 Info: login:tom.test user:0Vc8s1DLEGO22z0wZ1t6 session:10.20.23.162 email: tom.test@mydomain.com

When I log in with an administrative IronPort appliance account I don't get the e-mail information at the end:

     Wed Sep 29 16:24:52 2010 Info: login:[email protected] user:0Vc8s1DLEGO22z0wZ1t6 session:10.20.23.162

Seems to be working for my users but I as an IronPort admin am not able to get to my safelist/blocklist.

Rachel Bautista Mon, 08/20/2012 - 11:49

I reallize this is old, but I had this issue a while back.  If your IronPort ADMIN id and password are the same as your domain account userid and password, the appliance will default to your ADMIN priveledges I believe. 

Make sure you have different passwords on the two accounts if the logon id is the same.  Go to the quarantine url and log in with your DOMAIN account credentials.  That should give you the Safelist/Blocklist option under the menus.

Jason Meyer Wed, 09/12/2012 - 14:12

I think that's the problem. 

I have our IronPort SPAM appliance integrated with Active Directory so that I as an IronPort administrator can log in to the M660 with my Active Directory User account credentials.   When I do that I get administrative privilidges and no safelist/blocklist.   Because of this I don't find a way that I can get to my own safelist/blocklst.

I don't want to break the Active Directory integration but I bet if I turn that off I would get my safelist/blocklist option because then the appliance would not see me as as administrator.

Thoughts?

Rachel Bautista Wed, 09/12/2012 - 20:38

I think that's your problem too.  Although, I'm not sure how you fix it without either setting up an alternative Admin account.  Either in AD or on the IronPort.

Good luck!

Rehan Latif Wed, 09/12/2012 - 21:59

Currently, ESA does not allow admins (internally or externally authenticated) to modify/access their SL/BL. However, there is a feature enhancement request logged earlier to have this ability.

The simplest workaround would be to save one of the ISQ notification link and use it when required.

Rehan

Actions

This Discussion