Policies - Configuring Auto Allow Policies

Updated

This article contains information on configuring Auto Allow policies in Mimecast, including usage considerations, policy options, and steps to manage sender lists, bypass spam checks, and ensure secure email delivery.

Auto Allow policies are created by default during the Mimecast Implementation process. Exceptions can be made by Configuring Auto Allow Creation Policies.

Usage Considerations

Consider the following before getting started:

  • An Auto Allow policy entry is automatically deleted if no emails are sent to the address for 120 days.
  • Auto Allow database entries are configured in End User Managed Sender Lists. A definition is not required.
  • As this policy is “always on”, the database continues to grow. When an internal user sends a message, Mimecast captures the recipient's email address and adds it to the database.
  • Any inbound message from a sender listed in the Auto Allow database is not subjected to the typical IP reputation and spam checks. However, it will still be scanned for viruses.
  • Bypassing spam checks (e.g. greylisting) reduces the delivery delay of emails to internal recipients, thereby reducing the number of messages on Hold.
  • Auto Allow database entries are not generated when:
    • Auto-responses are sent (including out-of-office messages).
    • Suspected spam-related messages are released, and the recipient subsequently replies to the sender.

Configuring an Auto Allow Policy

To configure an Auto Allow policy:

  1. Log in to the Mimecast Administration Console..
  2. Navigate to Policies | Gateway Policies | Auto Allow.
  3. Either select the:
  •  
    • Policy to be changed.
    • New Policy button to create a policy.
  1. Complete the Options section as required:
Field / Option Description
Policy Narrative Provide a description for the policy to allow you to easily identify it in the future.
Auto Allow Policy

Enabled by default, this policy determines if the Auto Allow List (AAL) of your account should be checked for the mail flow specified below. AAL entries are created automatically when messages are sent from internal users to outbound recipients. When the external address sends a message to the internal user, Mimecast will check the AAL to see if the address is present. If it is, the message bypasses spam checks normally applied to inbound mail.

Malware and virus scanning is always applied.

Auto Allow Options
In the following examples, the internal user is John (john@internaluser.com​​) and the external user is Mary (mary@externaluser.com).

Option Description Example
Apply Auto Allow Applies Auto Allow to the recipient's email address for all internal end users, avoiding spam checks when users receive mail from this recipient. John sends an email to Mary, which generates an Auto Allow entry for Mary, for all internal users. If Mary sends an email to any internal users, this email bypasses spam checks.
Apply Auto Allow (Original-Recipient Address) Applies Auto Allow based on the recipient's email address that is received prior to any Address Alterations or address rewrites being applied for inbound mail.  John sends a message to Mary, this email address is added to John's Auto Allow list.
However, John's email address is rewritten to sales@internaluser.com (e.g. by an Address Alteration policy) when it's sent. As Mary is not all on the Auto Allow list for the sales@internaluser.com email address, her reply to that address means that the Auto Allow policy doesn't apply and spam checks aren't bypassed.
Apply Auto Allow (Strict) Applies Auto Allow to the sender and recipient pair email addresses only. John sends an email to Mary. This generates an Auto Allow entry for Mary's address. When Mary emails John, spam checks are bypassed.
Take no action The setting prevents the Auto Allow policy from being applied, however, an auto allow entry will still be generated.  John sends an email to an externaluser.com recipient, an auto-allow entry is generated. When any externaluser.com sender sends an email to John, the email is subjected to all spam checks.

To prevent Auto Allow entries from being generated, an Auto Allow Creation policy set to “Do Not Generate AAL Entries” is required.
  1. Complete the Emails From and Emails To sections as required:
Field / Option Description
Addresses Based On

Specify the Sender characteristics the policy is based on. For multiple policies, you should apply them from the most to least specific. The options are:

Return Address (Mail Envelope From): This default setting applies the policy to the SMTP address match, based on the message's envelope or true address (i.e. the address used during SMTP transmission).
• Message From Address (Message Header From): Applies the policy based on the masked address used in the message's header.
• Both: Applies the policy based on either the Mail Envelope From or the Message Header From whichever matches. When both match, the specified value of the Message Header From will be used.
Applies From / To

Specify the Sender characteristics the policy is based on. For multiple policies, you should apply them from the most to least specific. The options are:

• Everyone: Includes all email users (i.e. internal and external).
• Internal Address: Includes only internal organization addresses.
• External Address: Includes only external organization addresses. This option is only available in the "Emails From" section.
• Email Domain: Enables you to specify a domain name to which this policy is applied. The domain name is entered in the Specifically field.
• Address Groups: This enables you to specify a directory or local group. If this option is selected, click on the Lookup button to select a group from the Profile Group field. Once a group has been selected, you can click on the Show Location field to display the group's path.
Address Attributes: This enables you to specify a predefined Attribute. The attribute is selected from the Where Attribute drop-down list. Once the Attribute is specified, an attribute value must be entered in the Is Equal To field. This can only be used if attributes have been configured for user accounts.
Individual Email Address: Enables you to specify an SMTP address. The email address is entered in the Specifically field.
  1. Complete the Validity section as required:
Field / Option Description
Enable / Disable Use this to enable (default) or disable a policy. If a date range has been specified, the policy will automatically be disabled when the end of the configured date range is reached.
Set Policy as Perpetual If the policy's date range has no end date, this field displays "Always On" meaning that the policy never expires.
Date Range Use this field to specify a start and/or end date for the policy. If the Eternal option is selected, no date is required.
Policy Override This overrides the default order in which policies are applied. If there are multiple applicable policies, this policy is applied first unless more specific policies of the same type are configured with an override.
Bi-Directional If selected the policy is applied when the policy's recipient is the sender, and the sender is the recipient.
Source IP Ranges (n.n.n.n/x) Enter any required Source IP Ranges for the policy. These only apply if the source IP address used to transmit the message data, falls inside or matches the range(s) configured. IP ranges should be entered in CIDR notation.
  1. Click Save and Exit.

See Also...

Related to

Was this article helpful?
2 out of 2 found this helpful

Comments

0 comments

Please sign in to leave a comment.