Introduction
Cisco IronPort is a widely used email relay appliance that helps organizations manage and secure their email communication. Whitelisting specific senders or domains in Cisco IronPort ensures that emails from trusted sources are allowed through without being subjected to strict email filtering rules. This technical document provides step-by-step instructions on how to whitelist a sender in Cisco IronPort to allow their emails to pass through the system without obstruction.
Prerequisites
Before proceeding with the whitelisting process, make sure you have the following prerequisites in place:
1. Access to the Cisco IronPort admin console.
2. Knowledge of Dcoya IP addresses or hostnames that you want to whitelist.
Whitelisting Procedure
Follow these steps to whitelist a sender in Cisco IronPort:
1. Access the Cisco IronPort Admin Console: Log in to the Cisco IronPort admin console using your administrator credentials.
2. Navigate to the Mail Policies Tab: Once logged in, navigate to the "Mail Policies" tab. This tab contains settings related to email filtering and policies.
3. Select HAT Overview: Within the "Mail Policies" tab, locate and select "HAT Overview." Ensure that the context is set to "InboundMail Listener."
4. Click WHITELIST: In the "HAT Overview" section, you will find various lists, including "WHITELIST." Click on "WHITELIST" to access the whitelisting settings. If you do not see an existing "WHITELIST," you can create your own group with this name.
5. Add Sender: To whitelist a sender, click on "Add Sender." This action will allow you to specify the sender's IP addresses or hostnames that you want to whitelist. Ensure that you enter the correct information for the sender.
6. Provide Sender Information: Input the sender's IP addresses or hostnames in the provided fields.
7. Click Submit: After entering the sender's information, click the "Submit" button to save your whitelisting configuration.
8. Commit Changes: Finally, to apply the changes and whitelist the specified sender, click on "Commit Changes" within the Cisco IronPort admin console.
Configuring Cisco IronPort Mail Relay to Exclude Outbreak Filter Scanning
In cases where our emails are being quarantined, it may become necessary to configure our IPs or hostnames to bypass this filtering process.
1. Access the Cisco IronPort Admin Console: Log in to the Cisco IronPort admin console using your administrator credentials.
2. Navigate to the Mail Policies Tab: Once logged in, navigate to the "Mail Policies" tab. This tab contains settings related to email filtering and policies.
3. Configure Message Modification: Under the "Mail Policies" tab, locate the "Message Modification" section. This section allows you to make specific modifications to email handling.
4. Bypass Domain Scanning: In the "Message Modification" section, you will find the "Bypass Domain Scanning" table. This is where you can specify the IP addresses or hostnames that you want to exempt from Outbreak Filter scanning.
5. Enter Sender Information: In the "Bypass Domain Scanning" table, enter the IP addresses or hostnames of the sender(s) you wish to bypass the Outbreak Filter scanning. Ensure that you input this information accurately.
6. Refer to Whitelisting Data and Anti-Spam Filtering Information: To obtain the most up-to-date list of the IP addresses and hostnames associated with the sender(s), consult their Whitelisting Data and Anti-Spam Filtering Information article or documentation.
7. Click Submit: After entering the sender's information in the "Bypass Domain Scanning" table, click the "Submit" button to save your configuration.
8. Commit Changes: To apply the changes and ensure that the specified sender(s) bypasses the Outbreak Filter scanning, click on "Commit Changes" within the Cisco IronPort admin console.
Additional configuration
In some cases, Cisco IronPort may flag simulated phishing emails from Dcoya as spam or remove attachments, causing potential issues with email communication. To address this problem and troubleshoot false positives, we provide a step-by-step guide for configuring Cisco IronPort to handle Dcoya’s emails correctly.
If the proposed solution does not resolve the issue, we recommend seeking assistance from Cisco IronPort support.
1. Create an Individual HAT Mail Flow Policy:
a. Log in to the Cisco IronPort administration console.
b. Navigate to the Mail Policies section and create a new, individual HAT (Host Access Table) Mail Flow Policy specifically for Dcoya.
2. Disable Spam Detection and Virus Protection:
a. Within the newly created HAT Mail Flow Policy for Dcoya, disable both Spam Detection and Virus Protection. This ensures that these emails are not mistakenly flagged or have attachments removed.
b. For detailed information on configuring Mail Flow Policies, refer to Cisco IronPort's official Mail Flow Policy documentation.
3. Add a Sender Group for Dcoya’s IP Addresses or Hostnames:
a. In the same HAT Mail Flow Policy for Dcoya, add a sender group that includes the IP addresses or hostnames associated with Dcoya.
b. For the most up-to-date list of Dcoya’s IP addresses and hostnames, refer to our Whitelisting Data and Anti-Spam Filtering Information article.
4. Apply the Policy to the Sender Group:
a. Ensure that the HAT Mail Flow Policy you created for Dcoya is applied specifically to the sender group containing Dcoya's IP addresses or hostnames.
b. For comprehensive guidance on message handling and policy application, consult Cisco IronPort's Message Handling documentation.