Cisco Support Community
Community Member

Auto create Whitelist

Can the C160 be configured to automatically add an email address that is being sent by one of our users? 

I can see where I can manually add an address to an incoming mail policy but I would like to have it automatically happen each time we send out a message.                  

Community Member

Auto create Whitelist

I assume that you are talking about a list of sender email addresses in an incoming mail policy? There is no way that I know of to automatically add an address to the list of recipient addresses. You would have to have some sort of external process looking at logs and then script the addition on the CLI (expect).

If you wanted to do that it would probably be easier to add them to an LDAP directory and configure an incoming mail policy to use ldap. It seems like you are looking for an automated whitelist which is an idea that has proven to be a huge security hole.

Just a couple (of many) issues that I can think of:

1) Your appliance can & should reject a lot of messages based on IP rather than just mail-from.

2) It would be very hard to not add typos that people send to as well as emails sent based on auto-responders. I am thinking of out-of-office messages. (The list would get huge very quickly)

3) If I knew or suspected that you had this set up you are asking for trouble. It would not be hard to predict an email that your userbase might have sent to, or use an auto-responder to get whatever I wanted added and then leverage that to send you spam/phishing/viruses.

Recommendation: Focus on blocking by IP Reputation as much as possible. If you are seeing a high number of false positives being blocked then there are ways to solve that without the holes that an automated whitelisting brings.

Cisco Employee

Auto create Whitelist

Hi Jamie,

To my knowledge it isn't possible to auto whitelist an email address for messages that are sent out.

This  method is not recommended either, as it allows messages to be spoofed  for those addresses - I agree with Bob, use the built in security  engines to block by IP as much as possible.



CreatePlease to create content