Skip to main content
Swapnil1
Swapnil1
New Member
November 18, 2021
Question

Cisco ESA Block sender action for SAAS based instance

  • November 18, 2021
  • 1 reply
  • 1398 views
The current Cisco ESA connector has an action named Block Sender. This used to work with the listener and needed SSH connection. However with the Cisco ESA SAAS based instance SSH connection is no longer available. Hence this action fails due to missing SSH connection. 
We looked at the API reference guide and observed that there is no API to Block Sender. 
AsyncOS 14.0 API for Cisco Secure Email Gateway - Getting Started Guide - GD (General Deployment) - APIs for Secure Email [Cisco Secure Email Gateway]

However, we found the below API for which we already have an action in the current connector: (Update Blocklist Entries)
POST /esa/api/v2.0/quarantine/blocklist{"action": "add","quarantineType": "spam","senderAddresses": ["xyz.com","space.com"],"recipientList": ["user@cronos.com"],"viewBy": "sender"}

We wanted to know that if this action performs the same functionality as the block sender action available in the connector?

Also, looks like the recipientList is a mandatory field. Can someone let us know what goes in this field if the only action we want to achieve is block the sender?

Can someone help on the above queries?

    1 reply

    Pranjali
    Staff
    Pranjali
    Staff
    November 24, 2021

    Hello @Swapnil1,

     

    The Working of actions  'Block Sender' and 'Update Blocklist Entries' is different.
    Block Sender – This action adds the IP/Domain into the HAT (Host Access Table) in listener config and we can do this only using SSH-based. No rest API available for this.
    Update Blocklist Entries – This action adds the IP/Domain into the End user Blocklist(Spam Quarantine)

     

    And to add the sender address in the Blocklist:
    senderAddresses : address of the sender which you want to block.

    recipientList: addresses of the recipients of them you want to block for above sender.

    In Blocklist each entry saves like below:
    {

          "senderAddress": "ace.com",

          "recipientList": [

            "abc@ace.com",

            "def@ace.com"

          ]

        }

    ​

    -------------------------------------------
    Original Message:
    Sent: Nov 17, 2021 10:02 PM
    From: Swapnil Koulgikar
    Subject: Cisco ESA Block sender action for SAAS based instance

    The current Cisco ESA connector has an action named Block Sender. This used to work with the listener and needed SSH connection. However with the Cisco ESA SAAS based instance SSH connection is no longer available. Hence this action fails due to missing SSH connection. 
    We looked at the API reference guide and observed that there is no API to Block Sender. 
    AsyncOS 14.0 API for Cisco Secure Email Gateway - Getting Started Guide - GD (General Deployment) - APIs for Secure Email [Cisco Secure Email Gateway]

    However, we found the below API for which we already have an action in the current connector: (Update Blocklist Entries)
    POST /esa/api/v2.0/quarantine/blocklist{"action": "add","quarantineType": "spam","senderAddresses": ["xyz.com","space.com"],"recipientList": [""],"viewBy": "sender"}

    We wanted to know that if this action performs the same functionality as the block sender action available in the connector?

    Also, looks like the recipientList is a mandatory field. Can someone let us know what goes in this field if the only action we want to achieve is block the sender?

    Can someone help on the above queries?

    Terms & ConditionsAccessibility statement