I am helping a client to migrate from MailMarshal to a C150. They have a extensive Whitelist and Blacklist that contain *@*.domain.* I know that IronPort does not accept those kind of formatting. Has anyone come across any kind of script where I can import these lists or even the configurations for MAilMarshal?
Can i whitelist or blacklist individual users in the HAT?
No, you cannot whitelist or blacklist individual users via email addresses in the HAT. Actions determined at the HAT level occur before the SMTP conversation is engaged. The remote host is not allowed to proceed to the point where they can issue 'mail from' or 'rcpt to' commands.
Sendergroup entries are restricted to the following formats:
192.168.20.100 Full IP Address 192.168.20.0 Partial IP Addresses - Matches any IP address beginning with this string 192.168.20.20-50 Range of IP addresses 192.168.20.0/24 CIDR Address Block test.com Fully Qualified Domain Name .mx.test.com Partial Domains Note: in order for the prior 2 entry types to work the connecting IP address must be reverse-resolved. SBRS[-10:-8] Sender Base Reputation Score Range SBO:177 Sender Base Network Owner ID number (CLI only) dnslist[bl.spamcop.net] DNS list query against domain RBL DNS server ALL Special keyword that matches ALL addresses
How to quickly add IP's or hostnames or partial hostnames to the whitelist (trusted group)?
You can export the list of Sendergroups to your configuration directory on the Ironport appliance. You can access the configuration directory using a FTP program. Save it to your desktop, then edit the file where you can copy/paste in the new information. Then save it back to the configuration ftp directory and then re-import the file. I've put it down below in steps.
1. On the web interface, go to (Mail Policies --> HAT Overview)
2. Click on the "Export HAT..." button on the right hand corner. Give it a name like "sender_groups.txt". It will save it on the Ironport appliance in the "configuration" directory.
3. You can access this file when you FTP into the Ironport. If FTP doesn't connect, you'll need to make that service available (Network -> IP interface --> public interface -> FTP service --> enable)
4. FTP the file to your workstation. Open up the file with a text editor like Notepad or Wordpad. Make changes to the file as appropriate.
5. Then after you've saved your changes to the file, save it back to the FTP "configuration" directory. That file may already exist, so you will want to just overwrite the file.
6. Now, you can re-import the file. Go to (Mail Policies --> HAT Overview). There is an "Import HAT..." button on the top right hand corner. Select the file you want to reimport. Submit and Commit your changes and the new values should be there.
Personally when I am migrating customers from another solution to Ironport I try to persuade them to not migrate the safe/block lists as I find the accuracy of Ironport better able to detect what is/is not spam. In most cases I have never had to use any of the addresses that they previously listed.
I would start off with nothing and add only if necessary.
I totally agree with Daryl, I have a very large customer based in the UK that had a whitelist of over 35,000 domains and a blacklist of over 10,000 domains. And guess what...yep Senderbase replaced all of it reducing the admin time down to Zero :D Now they use SBRS and are absolutely loving it.
P.S. The 35,000 domains equated to over 90,000 IP addresses and Senderbase had them all :lol:
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...