Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Whitelist sender address from Reputation filtering

Is it possible to allow a specific sender coming from a host with a bad reputation score?

Actually a BLOCKED Policy is assigned to that host and the Exception table with a "ALLOW" behaviour to senders EnvelopeFrom address does not work.

Any suggestions?

3 REPLIES
New Member

Re: Whitelist sender address from Reputation filtering

Is it possible to allow a specific sender coming from a host with a bad reputation score?

Actually a BLOCKED Policy is assigned to that host and the Exception table with a "ALLOW" behaviour to senders EnvelopeFrom address does not work.

Any suggestions?


You will have to add the host to a sender group that doesn't block. Then you can write a message filter that drops all mail from that host that doesn't match the sender you want to allow.

dropbadhost:
if (remote-ip = '1.1.1.1') and (mail-from != 'goodsender@badhost.com')
{
drop();
}

New Member

Re: Whitelist sender address from Reputation filtering

Because the HAT Overview/Sendergroup sees the hostname and the IP of the connecting host, what you would need to do is to kind of allow it through first, let the particular email address/domain through first, then enforce your SBRS scoring. Let me know if this addresses your inquiry or if you need clarification.

For situations where some recipients are not receiving messages from sending MTA's that have low SBRS score, this is a workaround to allow those recipients to receive messages from this low-scoring sending MTA and then allowing the SBRS score to take effect.

Configurations that will be affected:

- HAT Overview, the addition of a new sendergroup
- message filters

Steps:

1. In "Mail Policies -> HAT Overview", add a new sendergroup. You can title it something like "Temporarily_Accept". Then add this as a sender, ".comcast.net". You are adding this hostname, IP address or IP address.

2. Order this new Sendergroup so that it above the "Blacklist sendergroup".

3. Create the following message filter below

4.

temporary_accept:
if ( mail-from == '(?i)joe@company.com' )
{
deliver();
}

5. Then create a message filter that enforces the blacklist sendergroup policy:

6.

enforce_blacklist_sbrs:
if ( reputation < -2 )
{
drop();
}


----------------------------------------

Here is a summary of what the above HAT Overview sendergroup and message filters do. The new HAT Overview Sendergroup was created (Step #1) so that it can be used to allow messages from a low-scoring SBRS host into the Ironport.

Next, the first message filter (Step #4) is created so that messages from specific email senders can be allowed into the machine.

The last message filter (Step #6) was put in place so that the low SBRS score of the sending MTA could be enforced and dropped if the connecting host has a low SBRS score.



References:


1. How do I add a new message filter to my IronPort Appliance?

http://tinyurl.com/mg8kp

New Member

Re: Whitelist sender address from Reputation filtering

Thanks for your help.

308
Views
0
Helpful
3
Replies
CreatePlease to create content