Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Email Security Quick-links: ESA Product Support | SMA Product Support | Email Submission and Tracking Portal | Cisco SecurityHub
Current General Deployment (GD) Releases:
ESA: 11.0.0-264 WSA: 10.5.1-296 SMA: 11.0.0-115 Email Plug-in (Reporting): 1.0.1-048 Email Plug-in (Encryption): 1.0.0-036

New Member

MailMarshal to IronPort migration


I am helping a client to migrate from MailMarshal to a C150. They have a extensive Whitelist and Blacklist that contain *@*.domain.* I know that IronPort does not accept those kind of formatting. Has anyone come across any kind of script where I can import these lists or even the configurations for MAilMarshal?

Any info would help.


New Member

Re: MailMarshal to IronPort migration

Here are some kb articles that may help.

Can i whitelist or blacklist individual users in the HAT?

No, you cannot whitelist or blacklist individual users via email addresses in the HAT. Actions determined at the HAT level occur before the SMTP conversation is engaged. The remote host is not allowed to proceed to the point where they can issue 'mail from' or 'rcpt to' commands.

Sendergroup entries are restricted to the following formats: Full IP Address Partial IP Addresses - Matches any IP address beginning with this string Range of IP addresses CIDR Address Block Fully Qualified Domain Name Partial Domains
Note: in order for the prior 2 entry types to work the connecting IP address must be reverse-resolved.
SBRS[-10:-8] Sender Base Reputation Score Range
SBO:177 Sender Base Network Owner ID number (CLI only)
dnslist[] DNS list query against domain RBL DNS server
ALL Special keyword that matches ALL addresses


How to quickly add IP's or hostnames or partial hostnames to the whitelist (trusted group)?



You can export the list of Sendergroups to your configuration directory on the Ironport appliance. You can access the configuration directory using a FTP program. Save it to your desktop, then edit the file where you can copy/paste in the new information. Then save it back to the configuration ftp directory and then re-import the file. I've put it down below in steps.

1. On the web interface, go to (Mail Policies --> HAT Overview)

2. Click on the "Export HAT..." button on the right hand corner.
Give it a name like "sender_groups.txt". It will save it on the Ironport appliance in the "configuration" directory.

3. You can access this file when you FTP into the Ironport. If FTP doesn't connect, you'll need to make that service available (Network -> IP interface --> public interface -> FTP service --> enable)

4. FTP the file to your workstation. Open up the file with a text editor like Notepad or Wordpad. Make changes to the file as appropriate.

5. Then after you've saved your changes to the file, save it back to the FTP "configuration" directory. That file may already exist, so you will want to just overwrite the file.

6. Now, you can re-import the file. Go to (Mail Policies --> HAT Overview). There is an "Import HAT..." button on the top right hand corner. Select the file you want to reimport.
Submit and Commit your changes and the new values should be there.

New Member

Re: MailMarshal to IronPort migration


Personally when I am migrating customers from another solution to Ironport I try to persuade them to not migrate the safe/block lists as I find the accuracy of Ironport better able to detect what is/is not spam. In most cases I have never had to use any of the addresses that they previously listed.

I would start off with nothing and add only if necessary.



New Member

Re: MailMarshal to IronPort migration

I totally agree with Daryl, I have a very large customer based in the UK that had a whitelist of over 35,000 domains and a blacklist of over 10,000 domains. And guess what...yep Senderbase replaced all of it reducing the admin time down to Zero :D
Now they use SBRS and are absolutely loving it.

P.S. The 35,000 domains equated to over 90,000 IP addresses and Senderbase had them all :lol:

New Member

Re: MailMarshal to IronPort migration

Thanks guys,

I got the customer not to use any whitelists unless he knows fact that SenderBase is blocking legit emails. Also he did not need the blacklist at all.

Thanks for everyone that replied.