Symantec Protection Center Product Community

With Symantec Messaging Gateway:  Does anyone know a way to white list an internal recipient?  We have good sender, but no white list for an internal recipient

Greetings,

I am not understanding your question.  The SMG has the ability and was designed to block/allow for who the sender is not the recipient.  The whitelists are generally for Anti-spam.  If you have an end user that wants to get spam, create a new group for the user and for the anti-spam rules allow for delivery.

If you could clarify or provide an example of what you are trying to do, it may make more sense.

For instance.  I had a rule for exe types to be spam quarantined then BCC to a central mailbox.  The BCC was being grabbed for the same rule violation and I wanted some flexibility in how that was handled.  I wanted a mail box destination that when a memo was sent to would not be scanned or held for any reason.

I had this functionality in a competitor product and was just assuming or hoping it would exist in SMG.

Greetings,

That makes more sense at what you are seeing.  I suspect that the control center is receiving the quarantined item and is responsible for generating the BCC message and sending it out.  The default setting for the Control Center when it sends out messages is to use DNS for the next hop.  This is most likely resolving back to the inbound MTA of the scanner causing the message to be caught as it is violating the policy.

A message audit search for the emails can confirm this behavior.  If this is indeed the case, you may want to create a new group with AV, content filter and AS turned off and make sure that the user is targeted.

I would recommend the use of a incident folders over other options.  This can allow for an administrator to be notified that an item has been sent to an incident folder.  The administrator can log in and then decide to release the item or deny sending it.  Through the control center settings, you can create an administrator that has just enough permissions to log in and view incident folders for review and release if needed without granting full access to the interface.

The quarantine was originally designed for Anti-spam and has since been used as a regular quarantine for all items.  Incident folders was created and designed to give more control over content as the spam quarantine originally had a message size limit of 1MB as most spam is under 1MB and this caused undesired behavior.

Thank you for the information.  I will try to put some of these ideas into practice soon.  I appreciate your time, guidance and explanation.