Introduction
This document describes how to allow some messages from a sender with a low SBRS score, but block all other messages.
How do I allow some messages from a sender with a low SBRS score, but block all other messages?
-
In Mail Policies > HAT Overview, add a new Sender Group. Add a name, such as, "Temporarily_Accept". Then add this as a sender, ".example.net". (You are adding this hostname or IP address.)
-
Order this new Sender Group so that it is above the Blacklist Sender Group.
- Create the following message filter from the CLI of your appliance:
temporary_accept:
if ( mail-from == '(?i)joe@example.net' )
{
deliver();
}
- Create a message filter that enforces the Blacklist Sender Group policy:
enforce_blacklist_sbrs:
if ( reputation < -2 )
{
drop();
}
Note: The order of the message filters are important, so make sure that your message filter as written in step #3 is above the message filter as written in step #4.
Note: SBRS of -2 is the general standard score used for Blacklist. You may need to check what your specific settings is. (Mail Policies > HAT Overview > Blacklist Sender Group)
Here is a summary of what the above HAT Overview sendergroup and message filters do:
The new HAT Overview Sendergroup was created (Step #1) so that it can be used to allow messages from a low-scoring SBRS host into the ESA. Next, the first message filter (Step #3) is created so that messages from specific email senders can be further processed by the device. The last message filter (Step #4) was put in place so that the low SBRS score of the sending MTA could be enforced and will drop any messages with a low SBRS score that are not from the sender specified in the temporary_accept filter.
Related Information
Feedback