Introduction

This document describes how an administrator can modify the End-User Safelist/Blocklist (SLBL) on the Cisco Email Security Appliance (ESA).

How to modify the End-User Safelist/Blocklist on ESA

An ESA administrator can directly see the SLBL from the IronPort Spam Quarantine (ISQ) interface.  Administrators see and work with the superset of the same entries that each end user sees and works with.

In order to see or modify the SLBL, and administrator would need to do one of the following:

  1. log into the EUQ using their admin account and password
    • Choose Safelist or Blocklist from the Options drop-down menu in the upper right
    • Find and modify the Senders/Senders List for the Recipient Address, as needed
  2. export the SLBL to a .csv file
    • System Administration > Configuration File and choose Backup/Backup Now
    • The file is saved on the appliance and will need exported via FTP, or other file retrieval method from the appliance.
    • The file is saved to the configuration directory, and indicated by the file name saved as.  i.e., slbl-564D6C9B806B5719XXXX-57284F5DYYYY-20160203T141646.csv
    • Looking at the SLBL .csv file, you should see similar:
# File exported by the SL/BL at 20070922T012001
c=us;a=;p=test;o=exchange;s=smith;g=joe;, BLOCKED, black2@x.com
c=us;a=;p=test;o=exchange;s=smith;g=joe;, SAFE, white4@x.com, white5@x.com, white6@x.com, white3@x.com, white7@x.com
joe@exchange.test.com, BLOCKED, black2@x.com
joe@exchange.test.com, SAFE, white4@x.com, white5@x.com, white6@x.com, white3@x.com, white7@x.com
joe@testcom, BLOCKED, black2@x.com
joe@testcom, SAFE, white4@x.com, white5@x.com, white6@x.com, white3@x.com, white7@x.com
joe@test.com, BLOCKED, black2@x.com
joe@test.com, SAFE, white3@x.com, white4@x.com, white5@x.com, white6@x.com, white7@x.com
    • Once the file is modified, it can be loaded back to the ESA via the same method System Administration > Configuration File and Restore.

Syntax for Safelists and Blocklist Entries

Senders can be added to safelists and blocklists using the following formats:

  • user@domain.com
  • server.domain.com
  • domain.com
  • [10.1.1.0]
  • [ipv6:2001:DB8:1::1]
  • user@[1.2.3.4]

Note: For complete information regarding Safelists and Blocklists, please see the User Guide for the version of AsyncOS for Email Security your appliance is currently running, or visit the ISQ Help page directly: https://<IP OR HOSTNAME OF ESA>:83/help/admin_help

Related Information