Dear All i am a new user for ironport, would like to check with you all how do i set bypass a few domain from reputation filtering. There are a few client facing a problem sending mail to us was block my reputation filtering. the problem is sender mail was hosted by someone, and the sending IP is dynamic. please advice.
In addition, I wanted to add to the post, on how to best detect what hostname/domain/ip address to add to this sendergroup.
Like the previous post mentioned, you'll want to create a new sendergroup and possibly label it "Bypass_SBRS_scoring". Because the mail that you're mentioning is getting blocked, you may want to position this new sendergroup above the "Blacklist" sendergroup. Note, when incoming connections occur, the HAT Overview works in a top-down environment. In other words, it will start at the top and move on down until there's a match or else go into the default of all.
To add a domain or company as a sender in this new sendergroup, you'll need to add either the hostname, IP address, or IP address range. When you add a sender, there is a little question mark that details how you can add the sender. This is what the help says,
Enter the hosts to add. CIDR addresses such as 10.1.1.0/24 are allowed. IP address ranges such as 10.1.1.10-20 are allowed. IP subnets such as 10.2.3. are allowed. Hostnames such as crm.example.com are allowed. Partial hostnames such as .example.com are allowed.
How to locate the hostname or IP address of a sender
- When customers have difficulty obtaining the hostname or ip address of a sender to add to a sendergroup.
- Trying to obtain the SBRS score of a connecting server
How to search in the logs for the IP or hostname of a sender:
You want to find out the IP address or hostname of the sender called of the sender called "email@example.com".
4. The information that I have put in BOLD above displays the information that you want.
The IP address is: 10.1.1.209 The hostname of the connecting server is: outgoing232.ispserver.com The SBRS score of the connecting IP is: 1.2 The sendergroup that was matched was: Suspectlist 172.19.0.146 is the IP of your Ironport appliance.
So, if you wanted to whitelist the sender, firstname.lastname@example.org or test.com, you would add any of these to the Sendergroup:
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...