SBG 8 Good Senders policy
Updated: 22 May 2010 | 11 comments
This issue has been solved. See solution.
I'm having a problem whitelisting mail from a specific SMTP server. I have the SMTP hostname in Reputation --> Good Senders --> Local Good Sender Domains, with an action to Deliver Message Normally and to bypass compliance policies. However, some messages from this server are still being caught as suspected spam.
I must whitelist by SMTP server hostname because all the other info (IP address, sender, recipient, subject, etc) can vary. This is an external SaaS hosted application that sends regular notifications, important for internal use.
Thanks
discussion Filed Under:
Comments
Hey Doni,
Can you send me the Suspect Spam tracker on a PM? Please don't post it to this thread. I'll see if I can find out why they are being caught.
From my understanding though, whitelisting should bypass suspect spam verdicts... so I'm wondering if something is changing in the content of the message and we are not flagging the allow list.
Does Message tracking say it tested against the allow list? It should come back as having the allowed verditc as well.
Thanks!
Thanks Tom, sent you a PM
Thanks Tom, sent you a PM
Hi Doni, Not sure if you
Hi Doni,
Not sure if you can do what you want, you are trying to add a hostname to a domains list and I think that's what the problem is. Check to see if the hosted provider can provide you a range of IP's this should be possible, and then add them to the Good Senders IP based allow list.
If you are getting some Suspected Spam FP's then our suggestion would always be to raise your Suspected Spam threshold...
Kevin
Thanks for the suggestion
Thanks for the suggestion Kevin, I've asked for the IP addresses and am awaiting a response. The problem with IP-based whitelisting is that IPs are often subject to change, esp with a hosted service with a large SMTP farm. Hostname is always a better option. I've also whitelisted by full domain, but it may be that it only checks the sender FROM header domain, which in this case won't match the SMTP server's domain so won't help. TomC is working with me offline, so hopefully we'll figure out the best solution shortly.
Looks like the discrepancies
Looks like the discrepancies I was seeing in IP addresses were due to some (new?) gateway on their end. So I now have it whitelisted by confirmed IP addresses. Of course, I'd still like to know for sure how to do this by SMTP hostname, which should be possible.
Just an update, while I discuss offline with Tom. Will post back with any concrete answers. Thanks
Hi Doni, So I'm pretty sure
Hi Doni,
So I'm pretty sure it's not possible to do what you are trying to do. I think this is it, let me know if I'm wrong. You are receiving messages from mydomain.com(and other domains) and they are getting a Suspected Spam verdict. You want to allow messages from the sending SMTP servers. Let's say the sending domain is mydomain.com(and other domains as well) and the name of the host sending the messages is mailserver.mydomain.com. You are trying to add mailserver.mydomain.com to the Reputation-> Good Senders-> Local Good Senders domains list?
This won't work because when you add domains to this list, we basically analyze the 'mail from' and the 'envelope mail from address' for messages from users at the domain you list. So when you add a hostname to this list it's being treated as a domain name and you are disabling spam and compliance scanning for messages that would be addressed from users@mailserver.mydomain.com, but messages aren't really coming from that domain.
I think you might be able to achieve what you want using a compliance policy similar to the following:
Text in this specific part of the message, then 'select Message header' from the drop drown. For Header name, set it 'Received' contains 1 or more occurrences of 'mailserver.mydomain.com'. Set your action to 'Bypass spam scanning' and apply it to your group policies.
I think that should proabably work for you.
Kevin
Good idea, thanks Kevin.
Good idea, thanks Kevin. Still a bit odd that you can't easily whitelist by SMTP server name -- guess I never realized this, should be a standard feature -- but that sounds like a good solution. Appreciated.
Btw, Are you on the Brightmail team? I read a lot of "we"s but don't see a "Symantec Employee" flag. Just curious... Thanks again.
Kudos to Kevin
Thanks for following up on this Kevin. I ended up having to do jury duty yesterday so I was unable to follow up with Doni.
So sorry about that Doni! Sounds like we have a good as possible resolution here so glad we progressed.
Yup, Kevin is one of our
Yup, Kevin is one of our Brightmail superstars here at Symantec.
Ah, thanks for the
Ah, thanks for the clarification. You and Tom should drag Kevin into an intervention to force him to wear a "Symantec Employee" tag. :-)
Guess my secret is out, yes
Guess my secret is out, yes indeed I am a Symantec employee, and no I'm not embarrased to be one :)
I registered to the forums using a personal email account, I should probably reregister with my Symantec account.
Kevin
Would you like to reply?
Login or Register to post your comment.