Messaging Gateway

Hi there,

Ive got a problem

I need real whitelist for couple domains, my current most annoying verdict "suspicious attachements", but after 3 weeks of fighting its time to say: "I dont know how it can be done"

No luck with good senders at all - its only able bypass spam filter.

Policy group - a have no even one event of get into that policy.

Dear Symantec or smbdy else. Please help me!

Why it's so hard to make so simple wellknown for all "Whitelist", which simply bypass ALL.?!

I made some additional tests:

Made new PolicyGroup - "_TEST". for exact email - the only modification i applied - add some text to subject - [TEST].

No luck.

In Message audit Log - Verdict was - "default"

I think something goes wrong. Any other policy - ignored.

You would do this by creating a different policy for Suspicious Attachment that takes the action Deliver Message Normally, then creating a policy group for people you want this applied to, The members have to be local email addresses, so you can create a policy group with either a list of local email addresses or AD groups. You can then change this under the Malware tab for that policy group and set the 'Inbound suspicious attachment policy' to the policy which delivers normally.

As i wrote:

i tried to make even simple email modification for ona specific address.

But my policy ignored. I even reboot all of my three servers. still no success.

What is wrong with that policy?

wait a second.

what do mean "he members have to be local email addresses" 

Am I right that policy operates over "rcpt to:" context in that case?!

PS

yep, it is! o_O

Ok. Now i have a magic to make bypass everything for specific employee INSIDE my company.

How can i make same for specific address OUTSIDE my company?

for example:

mail from: non_virus@trusted.com - > my_email@mycompany.com

bypass everything: spam,malware,viruses, suspicious. 

???

Hi,

As already written, policies apply to local addresses. By this you can add a policy for a certain sender (case outbound) and recipient (case inbound) and add the specific settings / rules / filters to this policy.

Eg, add spam-, malware- and content-rules matching your needs (bypass, deliver normaly, ... - even NOT recommended) and apply these rules to the policy matching the senders-, recipients-address.

But, beware of certain other settings like ip-reputation, dns-checks, etc. These cant be (only hardly) be overritten.

Regards

Thomas

TomVie,

in yours solution sender\recipient is employee INSIDE.

that is the strangest thing i have ever seen in whitelisting. 

I need method to whitelist some address OUTSIDE, and that sender must be "whitelisted" for any of email INSIDE my company.

Alex,

If you would take a look at the documentation it states:

"Symantec Messaging Gateway treats mail coming from an address or connection in the Local Good Sender Domains and Local Good Sender IPs groups as legitimate mail. The good sender groups reduce the small risk that messages sent from trusted senders will be treated as spam or filtered in any way. By default messages from these senders are delivered normally. "

To reduce this last bit of risk, as far as i know its the only possibility.

Sorry, but now i dont know what exactly do you need:

- Internet -> one of your users: Mail should get through OR

- One of your users -> Internet: Mail get through?

Why is the need of whitelisting? What exactly is happening, what verdicts, which rule etc.

Depending on that the solution is different

Thomas

Internet -> one of your users: Mail should get through. BYPASS

my main problem is - "suspicious attachments"

Most annoying thing - striped attachaments from archives. 

In most case that's DOC,XLS, but somtimes even JPEG gone to ashes...

no system at all in that manioulations.

i need to get email from list of addresses 146% approved. with no sudden striped attachments.

*on the other hand im sure that default actions on all inbound mail is correct.

OK, now we come closer to your problem, thanks.

If, lets say i send you a email its been scanned several times. First SMG takes a look at ip-reputation, global and local (ip connect, ehlo name, etc). After that the we come to the smtp data part, the message body incl header is received. This content is scanned several times, some in parallel (eg spam and virus is scanned parallel).

Only if none of them complain about anything the message gets through - depending on your built policies or to be more precise the policies which are applied to the senders email address.

In your case, suspicious attachement take a look at the malware policies.

You could add policy group which applies to a certain recipient. Within this policy group you can decide how or what to do with suspicious attachments.

Its up to you.

Thomas

i understand all that, thx for explanation.

but in my case you are WHITELISTED, not me.

I want YOU to send anyone in my company emails.

I need white list for incoming mail based on SENDER email.

that how whitelist in any mail gateway works, except SMG

Then just add me to a custom rule excluding me from beeing scanned for certain attachments - its that simple.

I know, other products handle it differently - but within smg it works that way.

If you dont like it send an enhancement request to symantec or change the product youre using.

Thomas

How can I make it?

Can u show a little example?

There is no way to enforce a policy group on an external sender, only internal users.