Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1135
Views
0
Helpful
2
Replies

Auto create Whitelist

jheadley
Level 1
Level 1

‎10-11-2013 01:06 PM

Can the C160 be configured to automatically add an email address that is being sent by one of our users? 

I can see where I can manually add an address to an incoming mail policy but I would like to have it automatically happen each time we send out a message.                  

Labels:
0 Helpful
2 Replies 2

Bob Fayne
Level 1
Level 1

‎10-15-2013 07:23 AM

I assume that you are talking about a list of sender email addresses in an incoming mail policy? There is no way that I know of to automatically add an address to the list of recipient addresses. You would have to have some sort of external process looking at logs and then script the addition on the CLI (expect).

If you wanted to do that it would probably be easier to add them to an LDAP directory and configure an incoming mail policy to use ldap. It seems like you are looking for an automated whitelist which is an idea that has proven to be a huge security hole.

Just a couple (of many) issues that I can think of:

1) Your appliance can & should reject a lot of messages based on IP rather than just mail-from.

2) It would be very hard to not add typos that people send to as well as emails sent based on auto-responders. I am thinking of out-of-office messages. (The list would get huge very quickly)

3) If I knew or suspected that you had this set up you are asking for trouble. It would not be hard to predict an email that your userbase might have sent to, or use an auto-responder to get whatever I wanted added and then leverage that to send you spam/phishing/viruses.

Recommendation: Focus on blocking by IP Reputation as much as possible. If you are seeing a high number of false positives being blocked then there are ways to solve that without the holes that an automated whitelisting brings.

0 Helpful

Stephan Bayer
Cisco Employee
Cisco Employee

‎10-16-2013 07:40 AM

Hi Jamie,

To my knowledge it isn't possible to auto whitelist an email address for messages that are sent out.

This  method is not recommended either, as it allows messages to be spoofed  for those addresses - I agree with Bob, use the built in security  engines to block by IP as much as possible.

Regards,

Stephan

0 Helpful
Customers Also Viewed These Support Documents