Whitelist TSAT in Cisco Ironport

Whitelist TSAT in Cisco Ironport

If you’re using Cisco Ironport for spam filtering, you might want to whitelist certain sources to ensure important emails and notifications get through to your end users. This guide will walk you through the process of whitelisting in Cisco Ironport, specifically for TSAT.


Before you start the whitelisting process, you need to know which IP addresses,sender ID (domain) and em of SenderID to whitelist. For TSAT, you need to whitelist the following:
  1. IP 1: 168.245.74.19 - This is the SMTP IP.
  2. IP 2: 15.206.189.81 - This is the website/landing page IP.
  3. Sender ID - While running the actual phishing simulation, the sender ID associated with that particular template will be whitelisted.
  4. Em of Sender ID
    The em value of a domain can be found in the email headers. Here’s how you can do it:
    Open the Email: Open the email for which you want to find the em value.
    Show Original: Look for an option to ‘Show Original’, ‘View Source’, or ‘View Message Source’. This option is usually found in the ‘More’ options in the email.Find the ‘em’ Value: In the original message source, look for a line that starts with ‘Received-SPF’. The em value is usually found in this line and would look something like em=domain.com.Remember, the steps to view the original message source can vary depending on the email client you are using.

Whitelisting TSAT in Cisco Ironport

To whitelist TSAT in Cisco Ironport, follow these steps:

  1. Access the Admin Console: Start by logging into the Cisco Ironport admin console.

  2. Navigate to Mail Policies: From the admin console, navigate to the Mail Policies tab.

  3. Select HAT Overview: Ensure that InboundMail lister is selected. Then, click on HAT Overview.

  4. Click WHITELIST: If you do not see WHITELIST, you can create your own group named WHITELIST.

  5. Add Sender: Click on Add Sender and add the IPs or hostnames of TSAT.

  6. Submit and Commit Changes: Click Submit and then Commit Changes.

After following these steps, it’s recommended to set up a test phishing campaign to 1-2 users to ensure your whitelisting was successful.

Bypassing Outbreak Filter Scanning

The instructions above do not prevent Ironport’s Outbreak Filter from scanning emails from TSAT’s IPs or hostnames. If you are experiencing issues with emails being quarantined, you may need to set TSAT’s IPs or hostnames to bypass this filter.

To skip Outbreak Filter Scanning, follow these steps:

  1. Access the Admin Console: Log into your Cisco Ironport admin console.

  2. Navigate to Mail Policies: From the admin console, navigate to the Mail Policies tab.

  3. Enter IPs or Hostnames: Under the Message Modification section, enter TSAT’s IP addresses or hostnames in the Bypass Domain Scanning table.


Individual HAT Mail Flow Policy

If the above points doesn't work then follow the below steps.


1.Navigate to Mail Policies > HAT Overview.
2.Click on Sender Groups. Here you can see the predefined sender groups.
3.Click on Add Sender Group to create a new sender group.
4.Enter a name for the sender group and add the sender’s IP addresses ,Sender ID and em Sender ID.
5.Click on Mail Flow Policies and then Add Policy to create a new mail flow policy.
6.Configure the settings as desired. For example, you can disable Spam Detection and Virus Protection.
7.Go back to the Sender Groups page and edit the sender group you created. Assign the new mail flow policy to this sender group.
8.Click Submit and then Commit Changes.










    • Related Articles

    • TSAT User Guide

      TSAT tool is used for various simulations for the purpose of raising awareness among the users. These simulations can be done using various attack vectors such as Phishing ,QR code,Attachment, Ransomware, Smishing, Vishing & Whatsapp Phishing. Here’s ...
    • How to Whitelist Threatcop IP in Lotus Domino.

      Kindly follow the steps outlined below to whitelist the IP in LOTUS : Step 1 : Open Domino Administrator : Go to Start > Programs > Lotus Domino > Domino Administrator. Step 2 : Navigate to the Server Document : Click on the Configuration tab, then ...
    • IAM User in TSAT

      IAM refers to Identity and Access Management. This feature enables administrators to manage user identities and control their access to resources within the tool's ecosystem. With IAM, administrators can create, modify, and delete user accounts, ...
    • How to Whitelist ThreatCop in Fortigate?

      To whitelist ThreatCop in Fortigate’s Static URL Filter, follow the steps given below: Step 1: Security Profiles > Web Filter Step 2: Create a new web filter or select one to edit Step 3: Expand the Static URL Filter, enable the URL Filter and then ...
    • How to Whitelist Threatcop in Thunderbird.

      To run a phishing simulation on Thunderbird and ensure the emails land in the mailbox, you need to whitelist the sender ID. Here are the steps you can follow : 1. Add the sender to your address book: Any email address that is in your address book is ...