Whitelist a whole domain in IronPort C370?

Hi!
I have a customer that can't send emails to us cause of bad reputation.  Not sure how am going to whitelist their domain.
Their domain is: domainABC.com
Their SMTP servers is A.domainXYZ.com, B.domainXYZ.com, C.domainXYZ.com.
What should i put in the HAT - Whitelist?
domainABC.com? domainXYZ.com? A, B, C.domainXYZ.com? The IPs of the SMTP-servers?
Thanks for the help!

To whitelist or blocklist any domain including subdomains use .domainABC.com, the "." in front of domainABC.com instructs any sub domain as well. Now you have to understand if domainABC.com is sending from their own servers. If they are using a hosted system that is shared by others it could create issues. Generally it would be advisable to get the IP address of the servers with the bad reputation and put them in a temporary allow list. I say allow because if you use the default whitelist please understand it by default does not do spam scanning.
Tom

Similar Messages

  • About CPU utilization value of ironport C370 email-security-appliance

    Hello all,
    What is the normal / abnormal value for the following parameters of ironport C370 email-security-appliance ?
    total active recipients
    active messages in work queue
    CPU utilization

    Each appliance would be a little different based on the expected mail processing, throughput for your environment/domains... and then throw in which processes you have turned up (IPAS, AV, VOF, etc.)...
    Typical C370 (running 8.0.1) should be able to handle:
    1. ~18 +/- recipients/sec
    2. average workqueue ~ 462 
    3. average CPU utilization of ~ 91%
    The #s vary, again, based on what you have enabled and licensed.  You would be well suited to open a dialog with your Sales Ops/Account team, as they have means to determine the proper numbers and outcomes for your environment.
    I hope this helps!
    -Robert
    (*If you have received the answer to your original question, and found this helpful/correct - please mark the question as answered, and be sure to leave a rating to reflect!)

  • Ironport C370 LDAP issues

    Hello Folks. We have an Ironport C370 and we couldn't log in to it anymore (GUI or SSH) using our domain password. It sends an e-mail showing "LDAP:query Server Name-AD accep result LDAP server misconfigured or unreachable"
    Nothing has been changed in the configuration nor in the AD. Any ideas??? Thank you!

    Please note that these are indications that the appliance is trying to establish a connection to the configured LDAP server under the "Server Name-AD" profile and the server is not responding.  Based on this, it would be advisable to investigate the LDAP server to correct this issue.
    Anything network wise changed?  Network issues between the IronPort and your LDAP server?  Domain controller?
    I hope this helps!
    -Robert
    (*If you have received the answer to your original question, and found this helpful/correct - please mark the question as answered, and be sure to leave a rating to reflect!)

  • TLS mutual authentication and Separate default SMTP routes per listener - IronPort c370

    Dear all ,
    We have two IronPort C370 ESAs , formed in a cluster.
    We are in a need to route e-mails targeted to a special group using TLS Required/Verify.
    I have two questions :
    1.  Is TLS mutual authentication possible on both incoming and outgoing ?
    2.  Due to the nature of the TLS need the existing listener cannot be used. So I created a new listener and respective filters to decide when the recipient requirements are met. The new listener is going to be configured with a policy specifying TLS required/verify. Problem is that  there is always a default SMTP route pointing specifically to a cloud service rather than directly to the Internet while for the new listener usedns is required. Is it possible to have two different default SMTP routes assigned to different listeners ?
    Thanks and kind regards ,
    Gino.
    PS : Please bear with me and questions. I am making my first steps in Iron Port administration.

    I have made some sort of progress but I would also like to have your expert opinions.
    I have came to understand that in order to present TLS mutual authentication for the incoming traffic I will just have to trust the sender(s) CA ( containing SANs etc for both the SMTP domain and the ESA itself ) while if I spread own SANs to the counterparts I will also have TLS mutual authentication on the outgoing traffic as well. Issue is that I will have to declare it in destination controls and it cannot be generic.
    Is there any way to make TLS required/verify with mutual authentication the default without having to set destination contol(s) ?
    As for my second question I have came to understand that the additional listener is not an aditional MTA and concequently I cannot have separate default SMTP route ( default = what is called as "ALL" in IronPort ). Still if anyone knows something more it would be really helpful if it was shared.

  • How do I whitelist a Web domain in Internet Explorer 11 (Win 7 OS)?

    I want to whitelist a Web domain in Internet Explorer 11. That is, I want a searcher using IE 11 to be able to go to only one website and have all other sites blocked. We are in a public environment and I don't want users going to Facebook, etc. The solution
    has to make provision for whitelisting the Web domain in such a way that all URLs below it are not blocked. I thought I had a perfect solution using a PAC file. Next, I want to be able to whitelist two URLs so will need the syntax for that, too. I look
    forward to hearing from someone on this topic. I have spent two full days combing the Web for a solution. Thanks.

    Hi,
    I want a searcher using IE 11 to be able to go to only one website and have all other sites blocked.
    For me, if I only want the user search on one website, then I would set a proxy to 127.0.0.1, then add a proxy extension to bypass the specific web address, as shown below:
    If you want to configure PAC file, then I would suggest to the following two guide to create the pac, anyway, a pac is more flexible.
    http://blogs.technet.com/b/emeaie/archive/2013/11/04/optimizing-performance-with-automatic-proxyconfiguration-scripts-pac.aspx
    http://technet.microsoft.com/library/Dd361950
    Yolanda Zhu
    TechNet Community Support

  • Questions about ESA license of ironport C370

    Hello all,
    We have two Cisco ironport C370 appliances.
    There is one Product Authorization Key for the ESA Inbound Essentials SW Bundle (AS, AV, OF) License.
    And there is a term called "entitlement quantity" for the ESA license.
    The value of "entitlement quantity" = 1000
    What is the meaning of "entitlement quantity" that is related to the ESA license ?
    We would like to share the ESA license for two ironport C370.
    Then is it means each ironport C370 get entitlement quantity of 500 ?
    May you please help give advice on the questions above ?
    Thanks very much !
    Regards,
    Roy

    Answer to 1 :
    http://www.cisco.com/c/en/us/td/docs/security/ise/1-2/user_guide/ise_user_guide/ise_man_license.html#pgfId-1053140
    Answer to 2 :
    Same link, it does state which licenses are non stackable.
    For 3,
    You probably may want to obtain a wireless service but do note of your requirements.

  • Ironport C370 Ldap Accept problems

    Hello all,
    I'm having problems using ldap queries to validate recipients from my Cisco Ironport C370.
    I'm receiving permanent Warning message like this:
    The query CP_LDAP.accept failed with result inquiry timed out
    I need to know how C370 establish TCP sessions for each Ldap host (one session for query, one session for all queries..). Ldap administrators are seeing lots of Established TCP connections fron Ironport C370 event though I've configured "Maximum number of simultaneous connections for each host" to 10.
    I've checked it running the netstat command on C370 appliance (around 20 for each).
    Is this a normal behaviour?
    Thanks a lot.
    Best Regards,
    Alfonso Moneo

    Hi Alfonso,
    Do you have any kind of FW on the path or built-in FW on the email server?
    In regards to your other question, the ESA will mantain a number of active TCP conns to your LDAP server (6 hours or 10,000 queries, what happens first).
    HTH
    Luis Silva
    "If you need PDI (Planning, Design, Implement) assistance feel free to reach"
    http://www.cisco.com/web/partners/tools/pdihd.html

  • Problem with access to Ironport C370

    Hi,
    We have C370 (upgraded to last version) configured and everythings work fine! But one day, from some reason, we cant access Ironport via HTTPS, HTTP and SSH, only works ping. Problem with network is not because we try access Ironport direct from Managment port. After reboot, then access is fine. Please can you tell me how I can figure out what was a problem, which logs I need to analyze.... Why I could not access to ironport via HTTP/S, SSH?

    I dont think that problem is exchange because problem also was about accessing to ironport, I think that some problem is on ironport:
    Tue Apr 16 16:08:52 2013 Info: New SMTP DCID 15929874 interface 172.30.20.4 address 65.55.37.88 port 25
    Tue Apr 16 16:08:52 2013 Info: ICID 5276886 Receiving Failed: Out of Memory
    Tue Apr 16 16:08:52 2013 Info: ICID 5276886 close
    Tue Apr 16 16:08:53 2013 Info: Delayed: DCID 15929873 MID 11206813 to RID 0 - 4.1.0 - Unknown address error ('450', ['too many connections from your IP (rate controlled)']) []
    Tue Apr 16 16:08:53 2013 Info: MID 11206813 to RID [0] pending till Tue Apr 16 17:08:53 2013 [Default]
    Tue Apr 16 16:08:53 2013 Info: Connection Error: DCID 15929873 domain: shop.com IP: 216.136.0.12 port: 25 details: EOF interface: 172.30.20.4 reason: network error
    Tue Apr 16 16:08:53 2013 Info: ICID 5276890 Receiving Failed: Out of Memory
    Tue Apr 16 16:08:53 2013 Info: ICID 5276890 close
    Tue Apr 16 16:08:53 2013 Info: New SMTP DCID 15929875 interface 172.30.20.4 address 216.136.0.12 port 25
    Tue Apr 16 16:08:53 2013 Info: Delivery start DCID 15929874 MID 11744351 to RID [0]
    Tue Apr 16 16:08:53 2013 Info: New SMTP ICID 5276899 interface data (172.30.20.4) address 172.29.18.137 reverse dns host unknown verified no
    Tue Apr 16 16:08:53 2013 Info: ICID 5276899 RELAY SG RELAY match 172.0.0.0/8 SBRS rfc1918
    Tue Apr 16 16:08:53 2013 Info: Connection Error: DCID 15929874 domain: hotmail.com IP: 65.55.37.88 port: 25 details: 421-"RP-001 (COL0-MC2-F35) Unfortunately, some messages from 195.222.56.65 weren't sent. Please try again. We have limits for how many messages can be sent per hour and per day. You can also refer to http://mail.live.com/mail/troubleshooting.aspx#errors." interface: 172.30.20.4 reason: unexpected SMTP response
    Tue Apr 16 16:08:53 2013 Info: Delayed: DCID 15929874 MID 11744351 to RID 0 - 4.3.2 - Not accepting messages at this time ('421', ["RP-001 (COL0-MC2-F35) Unfortunately, some messages from 195.222.56.65 weren't sent. Please try again. We have limits for how many messages can be sent per hour and per day. You can also refer to http://mail.live.com/mail/troubleshooting.aspx#errors."]) []

  • IronPort C370 Queue Size

    How do i determine the size of the queue or how long messages will stay in the queue? Also is this configurable?
    Thanks

    Hi Mike,
    the 'workqueue' command in the CLI will show you the size of the workqueue (messages that are currently being evaluated)
    the 'tophosts' command will show you what is in the delivery queue waiting to be delivered
    the 'status detail' command will show you both workqueue and delivery queue numbers
    The queue sizes themselves are not configurable but message retention for the delivery queue is configurable via bounce profiles
    More information can be found in the configuration guides:
    http://www.cisco.com/en/US/docs/security/esa/esa7.6/ESA_7.6_Configuration_Guide.pdf
    http://www.cisco.com/en/US/docs/security/esa/esa7.6/ESA_7.6_AdvancedGuide.pdf
    http://www.cisco.com/en/US/docs/security/esa/esa7.6/ESA_7.6_Daily_Management_Guide.pdf
    Regards,
    Steve
    Content Security Technical Services - RTP, NC
    Cisco Customer Interaction:  1-800-553-2447

  • White-list junk mail

    On 10.5.8 Server, is there a way to specify a white list for trusted senders? For some reason the junk mail filter is flagging users @ourdomain as junk to the Apple Mail clients in the same domain.

    Edit the file /etc/mail/spamassassin/local.cf
    and add one of two flavors of white list..
    The first assumes you know the source mail server the email address originates from and is slightly more secure.
    whitelistfromrcvd [email protected] skytel.com
    Or just whitelist the email address regardless of where it comes from.
    whitelist_from [email protected]
    Or if you want to whitelist the whole domain
    whitelist_from *@domain.com

  • Add domain to whitelist

    I need to open a case for a whitelisting of our domain.  Our organization is getting blocked with error:
    451 4.4.0 Primary Target IP address responded with "571 Email from (ipaddress) is currently blocked by Verizon Online's anti spam system."
    Tried to use the auto whitelist form but it cam back as denied because of a "dynamic ip address" which is 100% false. 
    What's the best way to talk to a human? 

    Also,  judging by this forum, you might consider taking a good look at your current anti-spam system. 

  • How to whitelist a specific email address

    We are trying out an ironport C350. I am looking for a way to whitelist a specific email address ex. [email protected] The whitlist appears to onlyl let you add a whole domain or i.p. range and not a specific address. Is there a way to do this or would I need to build some kind of incomming content filter by sender name?

    A Content Filter would be the easiest but it is processed after the SBRS check.. Remember you can have a one content filter with multiple checks just make sure you use OR and not AND.
    So if you want to make sure a specific email is not spammed check you would need to create a Message Filter (regX expression) but then every single inbound email would be checked againest this filter.
    So the best way might be to create a whole new policy and place it before your normal or default policy. Have the policy only apply for sender = [email protected] You can turn off the spam check for this policy.

  • Ironport C160-Best practice config for my 2 listeners?

    I am trialling an Ironport C160.
    I want it to scan inbound and outbound mail. I have configured a public inbound listener for mail from the internet. It is configured to accept all my domains, and forward them to my exchange server. It does LDAP lookups for recpients to ensure they are valid. It uses the Data1 interface on the ip address of the Ironport and also has the hostname ironport.mydomain.com.
    What is the recommended way to configure the private outbound listener? I just want it to do simple av scanning, then pass it on to my ASA.
    Should I configure a new interface o Data2, and use port 25? If so, what would the hostname be?
    Or use the same interface and use port 24 instead?
    What are the pros and cons of each setup?

    Please note that you can add your Exchange server IP address into RELAYLIST or any sender group with RELAYED mail flow policy or mail flow policy with 'Relay' connection behavior. Add IronPort listener iP as smart host on Exchange server. All emails from Exchange server will then be treated as outgoing emails and envelope recipient address will not be checked against LDAP.
    Most of my customers simply use one listener for both incoming and outgoing emails. You can choose to have multiple listeners for incoming (e.g. Different domains want to have their own MX IP addresses, sender groups for whitelist, greylist, blacklist domain/IP ranges) and outgoing emails (e.g. Not adding 'Received' header for outgoing listener for security reason).
    Please note that there is a restriction that you cannot configure IP addresses on same network range on different physical interfaces on IronPort.
    You can also configure multiple IP interfaces or interface groups on IronPort such that you can deliver emails for different domains, normal or urgent, management or marketing or other emails by different IP addresses or IP range.

  • Is there a way to stop firefox from asking to remember a password for an entire domain?

    At work I have to connect through our website multiple times a day to client machines. We use our machine that creates a connection which is accessed by going to http://*****.ourfakeserver.com where the ***** will change each time. I would like to not be prompted every time I go to ourfakeserver.com. Is there any way to do this?

    The problem is that the subdomain changes all the time. I want to set the "Never Remember Password for This Site" for a whole domain regardless of the subdomain.

  • Advice on moving from workgroup to domain for very small network

    Hello all,
    I work for a small company and inherited the part time IT/Operations position and I want to understand the impact of changing from workgroup to domain.  I understand the process and I have set up small test domains before but I want to be certain I
    understand this so I figured I better ask the pros.
    The setup:
    1 Desktop class system, recent i5 quad, 16GB RAM, 1TB HD with Server 2008 R2.  Current roles are File Sharing and WSUS. 
    3 Desktops running Win 7 Home
    1 Desktop with win 7 Pro
    1 Laptop with Vista Home
    1 Laptop with Win 7
    1 Laptop with Win 8 Pro
    I have configured all devices to uses the WSUS for updates as they wanted these managed and this seems to be the easiest way.
    Right now all users have an account on the server that is used to map to their shares.  I know that the home versions cannot join to a domain and with this small of a network I don't want to join any device to a domain as we have only one server and
    it would not be reasonable to add more servers.
    The thing is they want to setup local sharing of calendars and contacts, etc.  I have 2010 exchange server and it is required to be on a domain.
    The Questions:
    Can the domain still "act" as a workgroup and users still connect to the shares and exchange without being joined to the domain?  What is the impact on performance for this server?  Will the home version users still be able to connect to
    the shares (I assume yes) and to the exchange through outlook?  Is there a better way to achieve the workgroup features of exchange without using exchange and not subscribing to Office 365?  We do not have an internet domain name for this business.
    Does this matter for setting up a domain?
    Anything you can think of that I should consider please feel free.
    Thank you all for your advice.

    Hi Paul,
    You are very welcome, I am very glad that my suggestions helped.
    For your first question, in a domain, the Domain Controller clearly has much more tasks to perform than a work group server, while it also has more management options for an administrator to better control his/her client machines.
    In addition, domain acts as a central management solution will reduce the work of the administrator. For an example, under workgroup mode, if we have multiple servers which have shared resources, we need to create the same user
    accounts on each of them, while in a domain, we only need to create accounts once on the DC, then all the accounts can be recognized across the whole domain, no matter how many servers and client machines are within it.
    For the second question, yes, single lable domain name is not recommended, but it is allowed. Single lable domains are supported in
    Exchange Server 2007 Service Pack 1 (SP1) and Exchange 2010, while single label DNS name resolution is also possible.
    However, there are other Microsoft and third-party products which don’t support
    single lable domains. My suggestion is don’t use it while it will cause you trouble.
    More information for you:
    Single-Labeled Domain Names and Exchange 2007 SP1
    http://technet.microsoft.com/en-us/library/cc788134(v=EXCHG.80).aspx
    Microsoft Exchange compatibility with Single Label Domains, Disjointed Namespaces, and Discontiguous Namespaces
    http://support.microsoft.com/kb/2269838
    Help and support for namespaces in Microsoft products including Single Label Domains (SLDs), Disjoint Namespaces, and Discontiguous Namespaces.
    http://support.microsoft.com/gp/gp_namespace_master#tab3
    Providing Single-Label DNS Name Resolution
    http://technet.microsoft.com/en-us/library/cc816610(v=WS.10).aspx
    Regards,
    Amy

Maybe you are looking for

  • How do i authorize my new computer to allow my previous purchases to play on it?

    I have an older model ipod touch and had the itunes set up on another laptop. i just bought a cd and wanted to get it on my new lap top and it won't play certain songs. a box pops up saying my computer must be authorized before playing previously pur

  • Customer PDC Solution

    Hello, Here in our project, we need to design Post Dated Cheques (PDC) through SAP. I did not find any standard functionality in SAP for handling PDCs. We are designing it for two company codes. First company code is in leasing operations. They give

  • How to view lines in table control after pressing vertical scroll bar

    Hi Experts,  I created table control in MPP, While design my layout I design table control with 12 lines(Fixed),  But I am moving my internal table values to table control. my internal table have more then 12 lines. My problem is I cant view my 13, 1

  • Query iview error

    Hi all, I set up an EP6 SP11 system connecting to my BW server.  All the connector tests are good and I'm able to upload roles from the BW server. When I try to create and preview a query iview, I get an error: No response from the backend applicatio

  • MES and SAP integration....

    How to mapping the manufacturing result will come into recipe through MES in SAP? What would be the configured? And what is the user interface? Please give the solution.