I apologise if this update is late.
To further assist with capturing the IP of the rejected server as well, if you have not enabled tracking of rejected connections (it's disabled by default in GUI > Security Services > Message Tracking)
You can go through your mail_logs or historical message tracking when this domain was able to connect through.
CLI > grep “mail2world.com” mail_logs
This will return either of the following
- Date Time Info: MID XXXXX ICID XXXXX From: test@mail2world.com
- Date Time Info: MID XXXXX ICID XXXXX To: test@mail2world.com
- Date Time Info: New ICID XXXXXXX to Management(IP) from X.X.X.X connecting host reverse DNS hostname: smtp1.mail2world.com -- this followed by some further details
What we’re looking for is actually number 3, but in some circumstances you might not get this result, so you need to use the last time you noticed the From:test@mail2world.com result and do the following
CLI > grep “ICID XXXXX” mail_logs (from the ICID given with the From or with New ICID
This will normally return information pertaining to the injection connection ID which will list:
Sender Group (Whitelist, Blacklist, Unknownlist, Customlist) etc
Connecting Host name
Connecting Host IP
SBRS Score
You will be able to notice, if the email is BLACKLISTED then it will not have any envelope sender or recipients defined, only the BLACKLIST and its SBRS score.
-----
To allow a blacklisted sender to still connect to the appliance but force them through normal mail processing such as anti-spam, antivirus and virus outbreak filters you will need to do the following on the GUI.
GUI > Mail Policies > HAT overview
Click on “Add Sender Group”
Define it Above blacklist but Below Whitelist so the order would be overriding the number of Blacklist
Leave SBRS empty
Mail Policy -> ACCEPTED or THROTTLED whichever you would prefer, throttled will allow fewer connections and will temporarily delay senders if they send too many through
Submit this sendergroup and click on “Add Senders”
here you will add the connecting IP or their connecting reverse DNS hostname, for mail2world.com all their mail servers are similar pattern of smtp1.mail2world.com or mx1.mail2world.com so to allow all mail servers, use the name “.mail2world.com” the dot in the front to allow any other variable infront, then please go forward and commit this change and you will see their connections allowed.
They will not bypass any spam scanning , it will be treated as any other incoming email and pass through the incoming mail policies defined on the appliance.
-----
To check incoming mail domains which may be stopped by blacklist without the CLI commands ( this will not return SBRS Scores)
GUI > Monitor > Incoming Mail > at the bottom you can type the incoming mail domain that connects through, this will locate the incoming mail domain and show the counters of emails where the domains matched and their last named sendergroup (it will outline if their last match was blacklist or not)
------
How do I ensure that the connecting host’s reputation is restored?
This comes down to the connecting host’s ability to stop the source of spam exiting their IP, they will need to ensure their network and mail security is resolved and the spammer stopped.
Over time with the volume of legitimate emails against spam being reviewed, their score should improve if no spam exits and a lot of legitimate emails are sent.
Their score gets dropped based on complaints of spam reports on their sending IP, many complaints will cause reputation scoring to be dropped.
