Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Email Security Quick-links: ESA Product Support | SMA Product Support | Email Submission and Tracking Portal | Cisco SecurityHub
Current General Deployment (GD) Releases:
ESA: 11.0.0-264 WSA: 10.5.1-296 SMA: 11.0.0-115 Email Plug-in (Reporting): 1.0.1-048 Email Plug-in (Encryption): 1.0.0-036

New Member

Whitelist a whole domain in IronPort C370?

Hi!

I have a customer that can't send emails to us cause of bad reputation.  Not sure how am going to whitelist their domain.

Their domain is: domainABC.com

Their SMTP servers is A.domainXYZ.com, B.domainXYZ.com, C.domainXYZ.com.

What should i put in the HAT - Whitelist?

domainABC.com? domainXYZ.com? A, B, C.domainXYZ.com? The IPs of the SMTP-servers?

 

Thanks for the help!

 

2 ACCEPTED SOLUTIONS

Accepted Solutions
Cisco Employee

To whitelist or blocklist any

To whitelist or blocklist any domain including subdomains use .domainABC.com, the "." in front of domainABC.com instructs any sub domain as well. Now you have to understand if domainABC.com is sending from their own servers. If they are using a hosted system that is shared by others it could create issues. Generally it would be advisable to get the IP address of the servers with the bad reputation and put them in a temporary allow list. I say allow because if you use the default whitelist please understand it by default does not do spam scanning.

 

Tom

Cisco Employee

On the spoofing depends on

On the spoofing depends on where you whitelist the domain and if you have it configured to perform reverse DNS validation. 

White listing the IP is not bad unless that IP also sends mail for other domains as well. 

Both methods have good points and bad points. 

Glad your mail is flowing again!

4 REPLIES
Cisco Employee

To whitelist or blocklist any

To whitelist or blocklist any domain including subdomains use .domainABC.com, the "." in front of domainABC.com instructs any sub domain as well. Now you have to understand if domainABC.com is sending from their own servers. If they are using a hosted system that is shared by others it could create issues. Generally it would be advisable to get the IP address of the servers with the bad reputation and put them in a temporary allow list. I say allow because if you use the default whitelist please understand it by default does not do spam scanning.

 

Tom

New Member

Hi! Thanks for the answer! So

Hi!

 

Thanks for the answer! So if i white list the domain: ".domainABC.com". Can anyone with a sender address of *domainABC.com email us? In this case it would be easy to just spoof the sender address.

I actually did what you said and just whitelisted the IP of the bad SMTP-server and it started ti work again. I will remove them from the whitelist in a while.

 

Thanks!

Cisco Employee

On the spoofing depends on

On the spoofing depends on where you whitelist the domain and if you have it configured to perform reverse DNS validation. 

White listing the IP is not bad unless that IP also sends mail for other domains as well. 

Both methods have good points and bad points. 

Glad your mail is flowing again!

New Member

Ok, then i understand!Thank

Ok, then i understand!

Thank you so much for the help Tommy!

485
Views
0
Helpful
4
Replies