09-14-2009 03:44 PM
Is there a way with out using Quaratine to have a global safelist and blocklist?? I see the exception Table, but I have over 400 email addresses to add (migrating from Barracuda).....these are full email addresses....can anyone think of an easy way to do this?? Is there an easy way to bulk import these??
Thanks,
Dave
09-14-2009 05:28 PM
hi dave -
perhaps you could share a bit more about what type of addresses you're blocking? individual sender addresses? IP blocks? entire domain names?
anyways, it may be a matter of just using either your incoming mail policies or mail flow policies / HAT, or even a combination of the two, to accomplish this. in terms of importing a big list, this would differ based on your end solution.
cheers,
andrew
09-14-2009 05:32 PM
These will be individual Email addresses....so I can't add them under the HAT as that only takes IP or domains.
09-14-2009 06:02 PM
i can think of two good ways to do this:
1) create a new incoming mail policy ('blocklist' for instance)
A) in the creation page, there is a text box to enter new addresses.
B) enter your list delimited by either commas or line breaks, ie:
a@cisco.com
b@cisco.com
c@cisco.com
C) add this list as 'sender' addresses, commit
D) create a new incoming content filter with no match criteria and have a final action to drop or quarantine or something final.
E) enable this content filter on your new incoming mail policy
2) combine the match criteria and drop action into a single filter and stick that in your default mail policy
A) create a new dictionary and enter the same addresses in it as terms, just like you did above
B) create a new incoming content filter with your new dictionary as match criteria for the 'envelope sender' field
C) add an action to drop or quarantine as desired
D) enable this content filter on your existing incoming mail policy
i'd highly recommend reading through the list and seeing if anything is outdated and can be pruned out. this will save processing power. for instance, we can match bogusaddress@sillydomain.cn, bogusaddress@sillydomain.us, bogusaddress@sillydomain.uk, and bogusaddress@sillymisspelleddomain.com, all with a single REGEX rather than looking four separate times. so a bit of manual work upfront may save your box some valuable processing power in the future...
with the IronPort product, it's not really necessary to maintain large static lists like this, because SenderBase and IPAS scoring systems greatly reduce the number of false positives that drive lists like these.
let me know how that works.
andrew
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide