Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4063
Views
5
Helpful
3
Replies

Cisco ESA domain exception

Go to solution
yevgen1991
Level 1
Level 1

‎01-06-2021 12:40 PM

Hi all!

 

When I receive the new mail, i get the log:

изображение_2021-01-07_003211.png

 

There are situations when the domain underlined in blue is blocked and generates an error from the sender:

 

554 smtp.example.com Your access to this mail system has been rejected due to the sending MTA's poor reputation. If you believe that this failure is in error, please contact the intended recipient via alternate means.


What exception should I add a domain to, so that even in case of a bad rating, this mail is not blocked at the first stage, but moves on to policies?

 

Thanks!

Labels:
1 Accepted Solution

Accepted Solutions

Go to solution
Libin Varghese
Cisco Employee
Cisco Employee

‎01-06-2021 06:56 PM

The error mentioned suggests that the sending server IP has a poor senderbase reputation score, which would lead to it matching HAT sendergroup BLACKLIST and getting rejected.

 

https://www.cisco.com/c/en/us/support/docs/security/email-security-appliance/200436-Identify-and-allow-poor-SenderBase-Reput.html

 

The solution would be to identify these IP's and add them to a custom HAT sendergroup or WHITELIST sendergroup to allow those connections.

Do note that these appear to be cloud hosted servers and the IP's could be dynamic or be used by non-legitimate domains as well.

Sendergroups allow IP, FQDN and partial hostnames for sending servers as entries.

 

Regards,

Libin

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Libin Varghese
Cisco Employee
Cisco Employee

‎01-06-2021 06:56 PM

The error mentioned suggests that the sending server IP has a poor senderbase reputation score, which would lead to it matching HAT sendergroup BLACKLIST and getting rejected.

 

https://www.cisco.com/c/en/us/support/docs/security/email-security-appliance/200436-Identify-and-allow-poor-SenderBase-Reput.html

 

The solution would be to identify these IP's and add them to a custom HAT sendergroup or WHITELIST sendergroup to allow those connections.

Do note that these appear to be cloud hosted servers and the IP's could be dynamic or be used by non-legitimate domains as well.

Sendergroups allow IP, FQDN and partial hostnames for sending servers as entries.

 

Regards,

Libin

0 Helpful

Go to solution
yevgen1991
Level 1
Level 1

‎01-07-2021 12:28 AM

@Libin Varghese , do you mean that I may add ".google.com" in whitelist, and all the subdomains, for example xxx.google.com, yyy.google.com will be pass the HAT verification even if they have a bad reputation on the site?

Do I understand right?

0 Helpful

Go to solution
Libin Varghese
Cisco Employee
Cisco Employee

‎01-07-2021 12:37 AM

Correct, adding .google.com as a partial hostname to the HAT Whitelist would bypass sender IP reputation checks.

 

However, again its not recommended practise to do that for cloud servers since you would effectively be bypassing the reputation check for all of their servers.

 

Regards,

Libin

0 Helpful
Customers Also Viewed These Support Documents