08-05-2019 04:27 AM
Hi. some crucial emails being blocked by content filter. that is way I added it to whitelist on HAT overview by adding mail.company.com server name. But unfortunately some emails form company.com still being blocked. Any solution?
Solved! Go to Solution.
08-05-2019 09:23 AM
08-05-2019 08:54 PM
That's great. Just to update you again that adding the domain name to the HAT sendergroup won't work. We need to add the hostname or IP address of the sending mail server in the following format/syntax.
08-06-2019 12:27 AM
08-05-2019 05:15 AM - edited 08-05-2019 05:39 AM
Hi CCns,
Adding hostname of the sending server to the WHITELIST sendergroup will only skip the Anti-spam engine not help in skipping the Content filter engine in the email security pipeline.
For your requirement, I would recommend you to create another content filter (place it in the order above the content filter blocking the emails). In the newly created content filter use the condition as "Envelope Sender" with value contains (sending domain name) "company.com" and action as "Skip Remaining Content Filters (Final Action)".
Below articles will be helpful to you in creating the content filter as per the requirement:
https://www.cisco.com/c/dam/en/us/products/collateral/security/esa-content-filters.pdf
https://www.cisco.com/c/en/us/td/docs/security/esa/esa11-1/user_guide/b_ESA_Admin_Guide_11_1/b_ESA_Admin_Guide_chapter_01010.html
I hope this explains and helps!
Regards,
Pratham
08-05-2019 05:15 AM
08-05-2019 05:37 AM
Thank you. you helped me again ) I really appreciate that.
I am going to create new Incoming Mail Policy called WhiteList above Default mail policy. then it would be more flexible to manage I guess. For instance if mail comes from company.com I can scan with antispam or antivirus. Or I can let that email to reach destination without scanning by antispam,content filter or antivirus. Is my thought correct?
08-05-2019 05:48 AM - edited 08-05-2019 05:48 AM
Hi CCns90,
Yes, you are thinking correct. However, in the new incoming mail policy, I would recommend having anti-virus engine enabled as it will help protect your network from virus threats and as per your requirement, you can go ahead and disable the anti-spam and content filters engine.
However, to can keep the hostname in the Whitelist sendergroup as it will be matching against the TRUSTED (by default) mail flow policy which will provide more leniency to the sender domain (if it is trusted by your end) against various security measures including having more simultaneous connections to your ESA appliance.
Regards,
Pratham
08-05-2019 06:00 AM
So let me summarize this issue. I will create new incoming mail policy and enable antivirus but disable the rest. More over I will remove company.com from hat->whitelist. When I need to add some trusted domain to whitelist it would be new created Incoming Mail Policy.
One more guestions I want to ask. what if someone spoofed company.com domain and send to our users? What would hat->whitelist or My new created Incoming mail policy do for it.
08-05-2019 08:10 AM
08-05-2019 08:58 AM
That is great explanation. But what if company.com seen by esa as spam(false positive)? It will be droped before reaching to content filter.
08-05-2019 09:23 AM
08-05-2019 10:56 AM
So i will add domains to hat-whitelist that i want not to be blocked and will create content filter appropriate to it. It is clear. Thank you so much.
08-05-2019 08:54 PM
That's great. Just to update you again that adding the domain name to the HAT sendergroup won't work. We need to add the hostname or IP address of the sending mail server in the following format/syntax.
08-05-2019 09:30 PM
One last question I want to make sure. Suppose email comes from mail.company.com and sender is ccns90@company.com. according to your post (screenshot) hostname here is company.com? Don't you think host name must be ccns90? maybe I am wrong. I would be pleased if you explain this
08-06-2019 12:27 AM
08-06-2019 12:41 AM
That is great explanation, it is totally clear. Thanks you so much for spending your valuable time to assist me.
08-06-2019 01:53 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide