I have a vendor that is sending us a good amount of email. I usually use HAT to apply diff. throttling policy however in the case of this vendor when I look at logs they are sending from a lot of diff IPs and DSN hostnames (looks like they are using outlook.com prob for email filtering). Their Envelope sender domain doesn't match their DNS hostname.
What would be the best way for me to whitelist them
Solved! Go to Solution.
Rejected by receiving controls would mean they won't make it to the mail policies - correct.
The limits are being applied at the HAT overview already at this stage.
As you shared this sender comes from a variety of IPs/DNS hostname and you cannot add them to your whitelisting at the HAT level; it would require the mail policy level if their domain name remains constant to whitelist them.
With regards to allowing them to meet the incoming mail policy level - you would either need to generate and track the list of IPs they use and create a separate sendergroup for them; or risk changing your overall rate limits to be more accommodating.
(if there is a common part of their hostname that is unique to them, then you can always add the hostname wildcard for sendergroup matching. For example .domain.com if the senders are always from n.domain.com where the n can be anything.)
Issue is that its coming from outlook.com or amazon.com as their rDNS. I don't mind changing # of messages allowed per hour I just don't also want to open it up to the spam coming from outlook.com
I just need to allow based on their send envelope address
They are diff.
envelope sender is our vendors domain. firstname.lastname@example.org it's also from address in outlook.
However its not what ESA sees as where emails are coming from. It sees it coming from outlook.com
so my steps would be
1. to create another sender group in HAT and add *.outlook.com there.
2. Create a policy that will be assigned to that senders group that has low mps
3. create addresses book
4. select that addreeses book in policy under envelope sender options that says ignore
I already tracked header. That's what I do in almost all the cases. Typically vendors and other sender host their own email servers so I look at headers and add that and/or IPs to our policies. Usually its 2 or 3 IPs so not a huge deal. Issue i'm running into is when they use office 365 or some other service and I don't want to use policy with high mps for outlook.com, because I a lot of cases we get phishing emails from there as well
just to clarify by senders you mean outlook.com what I see in the first line of the message in the logs and not email@example.com which is envelope domain.
So essentially I still have to track all IPs and/or host of rDNS and just add it to senders group as I see new ones appearing.?
in rDNS I see variousinfo.outlook.com so adding *.outlook.com wont be enough?
Let' get back to the beginning... are these emails you want to whitelist from someone using the free email service? Aka Mail is from JohnDoe@outlook.com?
Or is mail from a someone using Office365? Aka mail is from JohnDoe@company.com, IPs resolve back to *.outlook.com
Either way, don't bother with the HAT (that "Whitelist"name is poorly chosen).
Create an Incoming MaIL Policy. For the first option you'l have to enter each firstname.lastname@example.org address as from addreset that the policy applies to.
For the second option, you can just use @company.com for the from addresses.
Its the second option.
in outlook and in ESA envelope sender its from email@example.com we get reports that emails are being delayed. When I look at logs on ESA its because they are hitting message allowed limit per hour (rejected by receiving control). Typically I would assign their ip or rDNS from the logs to higher mps policy, but in this case they are using office 365 so technically everything is coming from xxxxxxx.outlook.com.
I did add @vendor.com to incoming mail policy and I see it on the log that it matches however if they send a ton of email per hour they are still getting "rejected by receiving control" on the logs
The only way I was able to work around that if I add IPs to HAT that uses higher mph policy, however I don't want to do that with outlook.com IPs