Configuring Auto Allow Policies

Document created by user.oxriBaJeN4 Employee on Sep 11, 2015Last modified by user.Yo2IBgvWqr on Sep 14, 2017
Version 17Show Document
  • View in full screen mode

Auto Allow policies allow inbound mail to be processed more efficiently and effectively by circumventing spam checks. External email addresses that internal end users have previously sent emails to are stored in an 'Auto Allow database', and are considered known trusted senders. Auto Allow policies are created by default during the Mimecast Implementation process, however exceptions can be made via Auto Allow Creation policies if needed.

 

Usage Considerations


Consider the following before getting started:

  • Auto Allow database entries are configured in Managed Senders. A definition is not required.
  • As this policy is “always on”, the database continues to grow. When an internal user sends a message, Mimecast captures the recipients email address and adds it to the database.
  • Any inbound message from a sender listed in the Auto Allow database is not subjected to the typical IP reputation and spam checks. However it will still be scanned for viruses.
  • Bypassing spam checks (e.g. greylisting) reduces the delivery delay of emails to internal recipients, thereby reducing the number of messages on Hold.
  • Auto Allow database entries are not generated when:
    • Auto-responses are sent (including Out of Office messages).
    • Suspected spam related messages are released, and the recipient subsequently replies to the sender.

 

Configuring an Auto Allow Policy

 

To configure an Auto Allow policy:

  1. Log on to the Administration Console.
  2. Click on the Administration menu item. A menu drop down is displayed.
  3. Click on the Gateway | Policies menu item. The Gateway Policy Editor is displayed. 
  4. Click on Auto Allow. A list of policies is displayed.
  5. Either select the:
    • Policy to be changed.
    • New Policy button to create a policy.
  6. Complete the Options section as required:
    OptionDescription
    Policy NarrativeProvide a description for the policy to allow you to easily identify it in the future.
    Auto Allow Policy

    Enabled by default, this policy determines if the Auto Allow List (AAL) of your account should be checked for the mail flow specified below. AAL entries are created automatically when messages are sent from internal users to outbound recipients, so that the recipient address is marked as 'trusted'. When the external address sends a message to the internal user, Mimecast will check the AAL to see if the address is present. If it is, the message bypasses spam checks normally applied to inbound mail. 

    Malware and virus scanning is always applied.   

    OptionDescriptionExample
    Apply Auto Allow

    This is the default option and is the recommended setting.

      
    Applies Auto Allow to the recipient's email address for all internal end users, avoiding spam checks when users receive mail from this recipient.The internal user, John, sends an email to mary@mimecast.com. This generates an Auto Allow entry for mary@mimecast.com for all internal users. Therefore if Mary sends an email to any internal users, this email bypasses spam checks.
    Apply Auto Allow (Original Recipient Address)

    Applies Auto Allow based on the recipient's email address that is received prior to any Address Alterations or address rewrites being applied for inbound mail.

    An internal user, John (john@internaluser.com) sends a message to mary@externaluser.com, which is added to John's auto allow list. However John's email address is rewritten to sales@internaluser.com (e.g. by an Address Alteration policy) when it's sent. As Mary is not all on the auto allow list for the sales@internaluser.com email address, her reply to that address means that the auto allow policy doesn't apply and spam checks aren't bypassed. 
    Apply Auto Allow (Strict)Applies Auto Allow to the sender and recipient pair email addresses only.The internal user, John, sends an email to mary@mimecast.com. This generates an Auto Allow entry for mary@mimecast.com address. When mary@mimecast.com emails John, spam checks are bypassed.
    Take no actionAuto Allow entries are not generated.The internal user, John, sends an email to mimecast.com. An Auto Allow entry is not generated. When any mimecast.com sender sends an email to John, the email is subjected to all spam checks.
  7. Complete the Emails From and Emails To sections as required:
    Field / OptionDescription
    Addresses Based OnSpecify the email address characteristics the policy is based on. This option is only available in the "Emails From" section. The options are:
    OptionDescription
    The Return Address (Mail Envelope From)This default setting applies the policy to the SMTP address match, based on the message's envelope or true address (i.e. the address used during SMTP transmission).
    The Message From Address (Message Header From)Applies the policy based on the masked address used in the message's header.
    BothApplies the policy based on either the Mail Envelope From or the Message Header From whichever matches. When both match, the specified value the Message Header From will be used.
    Applies From / ToSpecify the Sender characteristics the policy is based on. For multiple policies, you should apply them from the most to least specific. The options are:
    OptionDescription
    EveryoneIncludes all email users (i.e. internal and external). This option is only available in the "Emails From" section.
    Internal AddressIncludes only internal organization addresses.
    External AddressIncludes only external organization addresses. This option is only available in the "Emails From" section.
    Email DomainEnables you to specify a domain name to which this policy is applied. The domain name is entered in the Specifically field.
    Address GroupsEnables you to specify a directory or local group. If this option is selected, click on the Lookup button to select a group from the Profile Group field. Once a group has been selected, you can click on the Show Location field to display the group's path.
    Address AttributesEnables you to specify a predefined Attribute. The attribute is selected from the Where Attribute drop down list. Once the Attribute is specified, an attribute value must be entered in the Is Equal To field. This can only be used if attributes have been configured for user accounts.
    Individual Email AddressEnables you to specify an SMTP address. The email address is entered in the Specifically field.
  8. Complete the Validity section as required:
    Field / OptionDescription
    Enable / DisableUse this to enable (default) or disable a policy. If a date range has been specified, the policy will automatically be disabled when the end of the configured date range is reached.
    Set Policy as PerpetualIf the policy's date range has no end date, this field displays "Always On" meaning that the policy never expires.
    Date RangeUse this field to specify a start and / or end date for the policy. If the Eternal option are selected, no date is required.
    Policy OverrideThis overrides the default order that policies are applied. If there are multiple applicable policies, this policy is applied first unless more specific policies of the same type are configured with an override.
    Bi-DirectionalIf selected the policy is applied when the policy's recipient is the sender, and the sender is the recipient.
    Source IP Ranges (n.n.n.n/x)Enter any required Source IP Ranges for the policy. These only apply if the source IP address used to transmit the message data, falls inside or matches the range(s) configured. IP ranges should be entered in CIDR notation.
  9. Click on the Save and Exit button.

 

See Also...

 

3 people found this helpful

Attachments

    Outcomes