Background:
In an IronPort, the “WHITELIST” is sender group is linked to the TRUSTED Mail Flow Policy. The TRUSTED policy contains reduced restrictions and is not scanned for Spam. Note: IronPort reputation IP filters are still in affect, however the false positive rate on the reputation based filtering is less than one in one million.
Steps:
To add an email domain to the Whitelist sender group, click Mail Policies > HAT Overview
Click “Whitelist”
Click Add Sender
Enter the email address domain or IP Address of the senders mail server and click Submit
Remember to Commit Changes
That should do it, I hope you found this post helpful for using the WhiteList feature of the IronPort.
If you read this article: https://www.cisco.com/c/en/us/support/docs/security/email-security-appliance/118569-qa-esa-00.html
you ca understand why,
the suggested above would not work :)
“Merely adding a domain name to the HAT will not work, as the HAT matches hostnames and IP addresses and not sender domain names. Remember, you are configuring a HOST Access Table, not a DOMAIN access table.”
This is entirely wrong!!. In the HAT you are adding HOSTS and not domains!! (the name states this even; HOST ACCESS TABLE, and not DOMAIN ACCESS TABLE).
To whitelist a domain you need to know the hostname of the sending domain (putting in simple, the MX record(s)). You can also put the IP address of the sending host.
is it possible to add single email address ?
or how to do this ?
Yes you should be able to add a single email address, highlight the question mark in the screen where you are adding a sender and it will show you the different formats it accepts.
As a Cisco engineer for the past 3 years, I can tell you that you should delete this article, this is all wrong and the answer that you are providing here as well….In the HAT we can only add hostaname/IP address. I know that the hostname is similar to the domain name, but it is not the same! This is why many customers are coming and asking questions why the email isn’t allowed when they are adding domains in the HAT……Check the guide or even there is a question mark when you are trying to add a sender, where it is saying what formats are allowed…..
Thank you for your time and effort. Much appreciated