Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1311
Views
5
Helpful
3
Replies

Cisco Iront Port C370D: IP SBRS -4.0 but is still listed in WhiteList Sender Group in HAT Listener !

Go to solution
mikelpham88
Level 1
Level 1

‎10-07-2015 07:28 PM

Hi everybody, my system is facing a problem now when some IP address has very low Sender Base Score but instead of considering it in a BLACKLIST Sender Group, Iron Port C370 is considering that Sender IP as in WHITELIST Sender Group and Accept the SMTP Connection.

Below is the example Message Tracking Info for the Sender IP address 119.122.248.251 with SBRS -4.0 but IronPort still consider it as WHITELIST Sender Group (my BLACKLIST Sender Group is configure SBRS from -10 to -3)

So what is the problem here and how i can fix it !

I'm very appreciated for your help guys !

 

Labels:
Preview file
123 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Mathew Huynh
Cisco Employee
Cisco Employee

‎10-07-2015 10:20 PM

Hey Mikel,

 

This would likely be this sender may be added directly into your ESA's WHITELIST.

 

Please go to the GUI > Mail Policies > HAT overview > Click on "WHITELIST"

Ensure this IP is not in there.

Also i noticed "nx.domain" on the matching.

Ensure your WHITELIST does not have the checkbox for the DNS verification enabled on the WHITELIST as it may cause the match we see here.

 

I hope this helps.

 

Regards,

Matthew

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Mathew Huynh
Cisco Employee
Cisco Employee

‎10-07-2015 10:20 PM

Hey Mikel,

 

This would likely be this sender may be added directly into your ESA's WHITELIST.

 

Please go to the GUI > Mail Policies > HAT overview > Click on "WHITELIST"

Ensure this IP is not in there.

Also i noticed "nx.domain" on the matching.

Ensure your WHITELIST does not have the checkbox for the DNS verification enabled on the WHITELIST as it may cause the match we see here.

 

I hope this helps.

 

Regards,

Matthew

0 Helpful

Go to solution
mikelpham88
Level 1
Level 1
In response to Mathew Huynh

‎10-09-2015 12:13 AM

Hi Mathew,

Thank you for your very support !

After reviewing my configuration, i have discovered that my WHITELIST Sender Group is misconfigured when all three option of Connecting Host DNS Verification are checked. And at the same time, the WHITELIST SenderGroup is at the first order. So that every Sender IP passthrough Ironport is primarily checked with WHITELIST Sender Group. Some IP has low SBSR point but it match the option of Connecting Host DNS Verification (non-existent domain..). Then Ironport consider these IP as WHITELIST and continue the process pipeline.

The solution is uncheck all the three option of Connecting Host DNS Verification in WHITELIST and check these options in SUSPECTLIST or BLACKLIST.

Again, thank you for your reply as it is big clue for me to discover my misconfiguration !

 

0 Helpful

Go to solution
Mathew Huynh
Cisco Employee
Cisco Employee
In response to mikelpham88

‎10-09-2015 04:54 PM

Hey Mikel,


Glad to be of assistance :)

 

Have a good one, and do not hesitate to post another thread should you have a query.

 

Regards,

Matthew

Customers Also Viewed These Support Documents