How to whitelist an IP address

  • 7024474
  • 04-Mar-2020
  • 18-Aug-2020

Environment


GWAVA (Secure Messaging Gateway) 7

Situation

Messages from a trusted IP are getting blocked, the IP needs to be added to the whitelist. How can this be done?

Resolution

If email from a specific IP is getting blocked it can be added to a whitelist to be allowed in. The first thing that needs to be done is find out what the message is getting blocked for. That can be done by finding the message in message tracker, then click on the subject and look at Scan Engine Details | Filters
 
In this example it fired on SPF and Message Text (one or both of these are part of the spam filter group, which is why that shows up as well).
If the message doesn't show up in message tracker and the sender received an undeliverable message such as one of these:

421 IP address x.x.x.x temporary rejection [IP reputation tempfail]: retry timeout exceeded
554 IP address x.x.x.x rejected [Failed IP reputation check]

554 IP address x.x.x.x rejected [Failed RBL check]
554 IP x.x.x.x rejected [Failed SPF check for <senders email address>]

that means it was blocked for a connection drop filter or SPF on the SMTP level. If the undeliverable shows it was blocked for RBL or IP reputation the IP can be added to the skip connection drop tests, which will prevent them from being blocked for IP rep or RBL on this level. This can be added by:

1) Go under Module management | Interfaces | SMTP Interface Manager | SMTP Interface | Relay/host protection

    

2) Add the IP that should be whitelisted for IP rep and RBL and ONLY check the box for Skip Conn. Tests


Messages from this IP should now skip the connection drop tests. It will still get scanned by the policy, so it may need to be whitelisted there as well. See how to do that in step 2 below.

If it was blocked by SPF on the SMTP level (sender received an undeliverable stating it was blocked due to SPF), then it is recommended to disable SPF on the connection drop service and enable it on the policy workbench, and whitelist the IP address there, as there is not a way to whitelist SPF on the connection level:
1) Under Module Management | Interfaces | SMTP Interface Manager | SMTP Interface | Connection Drop Services, if Enable SPF is checked then SPF scanning is being done on the connection drop level.


If messages are getting blocked by SPF on this level and you need to whitelist, it is best to disable it here and do the scanning for this Filter on the policy workbench instead. To disable it uncheck  'Enable SPF'  and save changes.

2) Whitelisting an IP on the policy level:
a) Under Organization / Policy Management | Policy scan configuration | Inbound mail filter policy (or whatever the name is for the policy that handles inbound email) on the deployment workbench, find the SPF filter node (or if it's part of a group such as Spam Filter Group find this node instead) grab the yellow dot and drag it to the white space and let go. A list will appear, choose IP address from this list. A yellow line should appear, linking the two nodes.


Note: If this list is created from the group such as the Spam filter group, it will be an exception for all the filters that are a part of this group.

b) Edit the IP Address exceptions list by clicking on the icon on the left of the node and type in the IP address that is needed to be whitelisted.


c) Click OK and save changes.

d) If it needs to be whitelisted for more Filters, drag the yellow dot (on the right side of the node) from that filter to this IP address exception node and save changes. A yellow line should appear, linking the two nodes.

Email from this IP should now, not get blocked for the Filter(s) that this whitelist node is linked with.

Feedback service temporarily unavailable. For content questions or problems, please contact Support.