This document describes how an administrator can modify the End-User Safelist/Blocklist (SLBL) on the Cisco Email Security Appliance (ESA).
How to modify the End-User Safelist/Blocklist on ESA
An ESA administrator can directly see the SLBL from the IronPort Spam Quarantine (ISQ) interface. Administrators see and work with the superset of the same entries that each end user sees and works with.
In order to see or modify the SLBL, and administrator would need to do one of the following:
log into the EUQ using their admin account and password
Choose Safelist or Blocklist from the Options drop-down menu in the upper right
Find and modify the Senders/Senders List for the Recipient Address, as needed
export the SLBL to a .csv file
System Administration > Configuration File and choose Backup/Backup Now
The file is saved on the appliance and will need exported via FTP, or other file retrieval method from the appliance.
The file is saved to the configuration directory, and indicated by the file name saved as. i.e., slbl-564D6C9B806B5719XXXX-57284F5DYYYY-20160203T141646.csv
Looking at the SLBL .csv file, you should see similar:
Once the file is modified, it can be loaded back to the ESA via the same method System Administration > Configuration File and Restore.
Syntax for Safelists and Blocklist Entries
Senders can be added to safelists and blocklists using the following formats:
Note: For complete information regarding Safelists and Blocklists, please see the User Guide for the version of AsyncOS for Email Security your appliance is currently running, or visit the ISQ Help page directly: https://<IP OR HOSTNAME OF ESA>:83/help/admin_help