This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Allow list functionality in Additional Policy


My users frequently have emails come in for work purposes that are caught in some of our "Additional Policies", I need a quick way to add specific external email addresses or domains to bypass all additional policies that are configured.

The way the Sophos documentation reads makes it sound as though the "include/exclude sender/receiver" is not the way to do it. I currently have a "Bypass All" policy set up as the highest priority item, and I have been experimenting with rules in that policy to try and make this work, but I'm not very proficient with regular expression, and my rules don't always seem to work.

Any insight would be greatly appreciated.


This thread was automatically locked due to age.
  • Hi  

    If you want to allow a certain Email address or a list, you should configure it in Allowed List under Configuration > Policy > Allow/Block Lists. Refer online help for this here. This will bypass the Anti-Spam and Content Scanning(additional policy) for the configured list and should allow those emails.



  • This appears incorrect - based on what I have been told in the past, and the link you provided, the allow list does not affect any policies other than "Anti-Spam". I am specifically talking about getting that sort of functionality in bypassing rules created in the "Additional Policies" section, which the Allow List does not do. Now, I believe that the Allow List *should* bypass all policy areas, but at present this does not appear to be how this works.

  • This appears incorrect - based on what I have been told in the past, and the link you provided, the allow list does not affect any policies other than "Anti-Spam". I am specifically talking about getting that sort of functionality in bypassing rules created in the "Additional Policies" section, which the Allow List does not do. Now, I believe that the Allow List *should* bypass all policy areas, but at present this does not appear to be how this works.

  • Yes, you're right. "Messages from Allowed Hosts/Senders will bypass anti-spam filtering, while messages from Blocked Hosts/Senders are blocked without being scanned for spam or content."

    There's no quick way to exclude certain senders without adding them in each exception list they trigger.

    However, if you have a hostname or IP address of Sender Email Server, you can create an Inbound Hostname/IP address list type of additional policy and select Mail actions as Deliver Immediately.

    Hope this helps.

