How to work with System Locked rules

Updated 5 months ago by admin

Locked rules, identified with (Locked) in the rule name, are rules that cannot be disabled or removed from the Message or Connection Rules list.

By default, there are three Locked Connection rules which are described in this article.

(Locked) DHA

The (Locked) DHA Rule checks whether a valid email address is configured in the Mailboxes section of the dashboard. If the email address does not exist, either as a primary or alias, then the message will be rejected.

To automatically add email addresses to the Mailboxes section you can use Active Directory or Azure Entra ID synchronisation. Please see the following KB article for further details:

https://help.clouduss.com/settings/active-directory

If you prefer to manually add email addresses to the Mailboxes section, you can follow the steps in this article:

https://help.clouduss.com/ems-knowledge-base/adding-an-alias-to-a-primary-mailbox

If you add an email address manually but still utilise the automatic methods, the email address will be merged ensuring any configuration of the associated mailbox is maintained.

(Locked) Spamhaus

Commercially available blacklists of IP addresses known to send spam.  This includes the XBL, SBL and PBL.

(Locked) Spam RBL

Commercially available blacklists of IP addresses known to send spam.

Troubleshooting

Both of these rules aim to stop the likes of known spambots and spammers at a connection level from sending spam to your organisation.  If you believe that an IP address is being rejected incorrectly, you can add the IP address to the Spam Safelist.

Be careful when adding to the safe list. If an IP address exist on a blacklist it is likely due to it sending spam or malicious content. Safe listing may result in spam or unsafe email and attachments being sent to your users.

It is recommended to use the following sites to discover why a particular IP address has been blacklisted:

https://check.spamhaus.org/

https://mxtoolbox.com/blacklists.aspx

IMPORTANT: Your Service Provider provider cannot request delisting of remote domains and IP addresses.  This can only be requested by the IP/Domain owners. 
IMPORTANT: To have any of these rules disabled you can request it from your Service Provider, however, justification is required as to why you want any of these rules disabled.


How did we do?