How to modify the End-User Safelist/Blocklist on ESA

Available Languages

Updated:February 3, 2016
Document ID:1454515589382105

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

Introduction

This document describes how an administrator can modify the End-User Safelist/Blocklist (SLBL) on the Cisco Email Security Appliance (ESA).

How to modify the End-User Safelist/Blocklist on ESA

An ESA administrator can directly see the SLBL from the IronPort Spam Quarantine (ISQ) interface.  Administrators see and work with the superset of the same entries that each end user sees and works with.

In order to see or modify the SLBL, and administrator would need to do one of the following:

  1. log into the EUQ using their admin account and password
    • Choose Safelist or Blocklist from the Options drop-down menu in the upper right
    • Find and modify the Senders/Senders List for the Recipient Address, as needed
  2. export the SLBL to a .csv file
    • System Administration > Configuration File and choose Backup/Backup Now
    • The file is saved on the appliance and will need exported via FTP, or other file retrieval method from the appliance.
    • The file is saved to the configuration directory, and indicated by the file name saved as.  i.e., slbl-564D6C9B806B5719XXXX-57284F5DYYYY-20160203T141646.csv
    • Looking at the SLBL .csv file, you should see similar:
# File exported by the SL/BL at 20070922T012001
c=us;a=;p=test;o=exchange;s=smith;g=joe;, BLOCKED, black2@x.com
c=us;a=;p=test;o=exchange;s=smith;g=joe;, SAFE, white4@x.com, white5@x.com, white6@x.com, white3@x.com, white7@x.com
joe@exchange.test.com, BLOCKED, black2@x.com
joe@exchange.test.com, SAFE, white4@x.com, white5@x.com, white6@x.com, white3@x.com, white7@x.com
joe@testcom, BLOCKED, black2@x.com
joe@testcom, SAFE, white4@x.com, white5@x.com, white6@x.com, white3@x.com, white7@x.com
joe@test.com, BLOCKED, black2@x.com
joe@test.com, SAFE, white3@x.com, white4@x.com, white5@x.com, white6@x.com, white7@x.com
[an error occurred while processing this directive]
    • Once the file is modified, it can be loaded back to the ESA via the same method System Administration > Configuration File and Restore.

Syntax for Safelists and Blocklist Entries

Senders can be added to safelists and blocklists using the following formats:

  • user@domain.com
  • server.domain.com
  • domain.com
  • [10.1.1.0]
  • [ipv6:2001:DB8:1::1]
  • user@[1.2.3.4]

Note: For complete information regarding Safelists and Blocklists, please see the User Guide for the version of AsyncOS for Email Security your appliance is currently running, or visit the ISQ Help page directly: https://<IP OR HOSTNAME OF ESA>:83/help/admin_help

Related Information

Revision History

Revision Publish Date Comments
1.0
03-Feb-2016
Initial Release
TAC Authored

Contributed by Cisco Engineers

  • Kevin Luu
    Cisco TAC Engineer
  • Robert Sherwin
    Cisco TAC Engineer

Was this Document Helpful?

FeedbackFeedback

Contact Cisco

This Document Applies to These Products