Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Steps to allow a certain mail in? (false positive)

A certain repetitive message from a customer has started being rejected for reputation reasons.

The message has characteristics that I think explain why

- it' periodic (once a day at the same hour)
- always the same subject (it's a customer ID)
- sending account name called like our mail domain (i.e. foo@domain.com while we own foo.com).

I need to know how I can allow these messages through - what I was thinking of trying was

- creating a policy that disables spam check on their sending domain
- adding the IP addresses of the 2 machines involved in the sending to the whitelist for incoming mail policy.

Any other ideas please?

4 REPLIES
Community Member

Re: Steps to allow a certain mail in? (false positive)

If connection from that mail server droped for reputation reason:
- MAIL POLICIES/HAT Overview: add ip address to whitelist (for example).

If messages goes into quarantine:
- MAIL POLICIES/Incoming mail Policies: create policy disable anti spam for it, add sender's or recepient's e-mail addresses to it.

Community Member

Re: Steps to allow a certain mail in? (false positive)

I have done both and it doesn't work: I still don't receive the message.

Where else should I be looking?

Community Member

Re: Steps to allow a certain mail in? (false positive)

Have you done a Grep of the IP address within the mail logs? Is is being dropped because the SBRS of the sending MTA put's it in to a Sender Group that drops the connection (I.E Blacklist)?

If the you have added the IP address (or Partial IP Address, CIDR range or Hostname) to a Sender Group above the Blacklist Sender Group (remember Sender Group order is important).

If it is in a Sender Group that will allow the message and you are still not receving it, then it may be being dropped or quarantined (depending on your setting) by the CASE engine.

With our configuration, if we have senders that we trust but are getting messages from them dropped, the IP address or addresses of their sending MTA's are added to a Sender Group with a Mail Flow Policy that accepts the message and bypasses the CASE engine.

Community Member

Re: Steps to allow a certain mail in? (false positive)

Turned out my second configuration change (adding the mail servers Ips to the whitelist) had solved the problem: the customer hadn't informed me they would not send the usual message on Wednesday and that's why I thought I was still having an issue :)

Thanks for help

178
Views
0
Helpful
4
Replies
CreatePlease to create content