Buy or Renew
Buy or Renew
Meraki Community is live! Welcome Meraki Members! Learn more here.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2481
Views
0
Helpful
3
Replies

Sender Whitelisting

Go to solution
kmkrause2
Level 2
Level 2

‎02-19-2016 06:27 AM

When whitelisting a sender, should the Envelope Sender information be entered or should I use the Reverse DNS domain information in found in the logs for a given message?

I have a situation where the sender domain has been entered in the whitelist but upon receipt from that sender, sometimes message is not whitelisted, sometimes it is. When it isn't, the DNS host information is different than when it is whitelisted

Thanks,

Ken

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
exMSW4319
Level 7
Level 7

‎02-19-2016 08:34 AM

For all of the HAT sender groups you want the actual IP address of the connecting equipment, though a reliable rDNS entry will work.

You therefore need to have your spiel ready for when your manager wants domain.tld whitelisted and when you look into it, the connections are from dynamic.pool - a nice low SBRS rating may bolster your argument: "Look, the space is listed for a reason..."

View solution in original post

0 Helpful

Go to solution
Mathew Huynh
Cisco Employee
Cisco Employee

‎02-19-2016 06:54 PM

Hello Ken, 

as exMSW4319 explained, the HAT table WHITELIST will require the rDNS hostname or the IP of the connecting machine, this is located in your "Sending Host Summary" on the message tracking.

To Whitelist by actual domains, this is done with creating a mail policy setup, add the sending domains you wish to allow to skip the scanners.

Submit this policy, then disable the scanners per policy.

Regards,

Matthew

View solution in original post

0 Helpful
3 Replies 3

Go to solution
exMSW4319
Level 7
Level 7

‎02-19-2016 08:34 AM

For all of the HAT sender groups you want the actual IP address of the connecting equipment, though a reliable rDNS entry will work.

You therefore need to have your spiel ready for when your manager wants domain.tld whitelisted and when you look into it, the connections are from dynamic.pool - a nice low SBRS rating may bolster your argument: "Look, the space is listed for a reason..."

0 Helpful

Go to solution
kmkrause2
Level 2
Level 2
In response to exMSW4319

‎02-22-2016 06:34 AM

Thanks to both of you for responding. This should clear things up a bit.

Thanks again,

Ken

0 Helpful

Go to solution
Mathew Huynh
Cisco Employee
Cisco Employee

‎02-19-2016 06:54 PM

Hello Ken, 

as exMSW4319 explained, the HAT table WHITELIST will require the rDNS hostname or the IP of the connecting machine, this is located in your "Sending Host Summary" on the message tracking.

To Whitelist by actual domains, this is done with creating a mail policy setup, add the sending domains you wish to allow to skip the scanners.

Submit this policy, then disable the scanners per policy.

Regards,

Matthew

0 Helpful
Customers Also Viewed These Support Documents