Review of Bypass, Accept, or Allow Lists

Efficacy Guide using Cisco Secure Email

Scrub Existing Bypass, Accept, or Allow Lists

  • Host Access TableHost Access Table - The HAT maintains a set of rules that control incoming connections from remote hosts for a listener. Every configured listener has its own HAT. You configure HATs for both public and private listeners. (HAT)
    From your Gateway/Cloud Gateway, review Mail Policies > HAT Overview
    • Are there Sender Groups for "Bypass", "Accept", "Allow"?
    • Review the Sender Lists for these policies

📘

Specifically, ALL Mail Flow Policies that have the behavior of Accept

Note: Cluster: Hosted_Cluster as this is Cloud GatewayNote: Cluster: Hosted_Cluster as this is Cloud Gateway

Note: Cluster: Hosted_Cluster as this is Cloud Gateway

  • Exceptions TableExceptions Table - The sender verification exception table is a list of domains or email addresses that will either be automatically allowed or rejected during the SMTP conversation. You can also specify an optional SMTP code and reject response for rejected domains. There is only one sender verification exception table per email gateway and it is enabled per mail flow policy.
    From your Gateway/Cloud Gateway, review Mail Policies > Exception Table

    • Are there any exceptions and behaviors?
    • Review and purge as needed
  • Address ListsAddress Lists - Mail flow policies allow you to use of an address list for certain settings that apply to a group of envelope senders, such as rate limiting exemptions and mandatory TLS connections. An address list can consist of email addresses, domains, partial domains, and IP addresses. You can use the Mail Policies > Address Lists page in the GUI or the addresslistconfig command in the CLI to create an address list. The Address Lists page displays all address lists on the email gateway, along with any mail flow policies that use an address list.
    From your Gateway/Cloud Gateway, review Mail Policies > Address Lists

    • Are there Address Lists active for DMARC or named "Bypass"?
    • Review and purge as needed
  • Forged Email Detection (if enabled)
    From your Gateway/Cloud Gateway, review Mail Policies > Dictionaries

    • Review and scrub "Allowed" or dictionaries that contain email addresses, domain names
    • Review Mail Policies > Incoming Content Filters
      • Select 'Rules' and using your browser search, search for any matching dictionary names that are associated from the step above. Review and confirm Conditions and Actions.
Note: Cluster: Hosted_Cluster as this is Cloud GatewayNote: Cluster: Hosted_Cluster as this is Cloud Gateway

Note: Cluster: Hosted_Cluster as this is Cloud Gateway

Guide Checklist

At this time, we have completed the following:

  • Introduction
  • Validate Detection Services
  • Review of Bypass, Accept, or Allow Lists
  • Aggressive Profile for Anti-Spam
  • Review and Validate MX Records
  • Submissions to Talos
  • Support Cases
  • Security Review (Optional)

Once you have completed review and any changes to your Bypass, Accept, or Allow Lists, proceed on to the next section of this document.


Did this page help you?