Whitelisting and Blacklisting
Document #:10383
Applies To:
- MailSite
7.x
- MailSite
8.x
- MailSite
9.x
Synopsis:
MailSite 7 and later versions provide a whitelisting and blacklisting feature which can be used in conjunction with the Anti Spam Engine and the Sieve filters.
This document explains how to setup whitelisting and blacklisting to allow mail to be recieved even if it has a high spam score.
More Information:
The Anti Spam Engine issues a spam score for any email addressed to users who have Anti Spam scanning enabled on their account. Some users may need to whitelist specific senders to prevent the Anti Spam Engine from incorrectly filing the message into the Junk Mail folder, or rejecting it.
Sieve Filters:
There are several different levels of sieve filtering:
- Server Receive Script (Applies to both inbound and outbound mail, set in the MailSite Console). These rules are run by SMTPRA. The remaining rules are run by SMTPDA.
- Domain Script (Set on individual domains through the MailSite Console, these apply to email addressed to the local domain only).
- Forced Mailbox Delivery Script (Applied to inbound email. This is controlled by the administrator and allows them to override rules defined by the end user).
- Mailbox Script (Set by end users via MailSite Express or through the MailSite console. Applies only to email addressed to their Mailbox).
- Mailbox Delivery Script (Set by the administrator, allows you to define rules for local users on a global level).
The precedence is implied by the list above, such that the Server Receive scripts are executed first, followed by any Domain scripts followed by Forced Mailbox Delivery scripts etc etc.
Whitelisting:
The whitelisting (and Blacklisting) options can be defined at the Server, Domain or Mailbox level. For these to be come into effect, you must define a sieve filter rule. For example if you want to enable whitelisting or blacklisting at the server level, you must define sieve filters under the Server Receive scripts. In a vanilla (a new clean) installation of MailSite, predefined scripts are provided. In some cases when customers upgraded, these scripts are not present.
To define such a script navigate to MailSite Console > Server > Filtering > Sieve Filter > Server Receive Scripts > Edit. Here you can select 'New' and run the wizard to create the rule.
To create a whitelisting rule:
- Select New.
- Enter a name and description of your new rule, click Next
- Change the criterion to read: If ‘From’ ‘Is listed in my’ ‘whitelist’, click OK.
- Click Next.
- Under ‘Then do one of the following’ select 'Deliver the message', click Next.
- Ensure that the checkbox is ticked so that this new rule will be enabled immediately, click Finish
This rule needs to be placed at the top in the list of rules so that it is executed first. With this rule in place, any incoming email, that has the From: address in its headers matching an address in the whitelist (defined at the server level), will be accepted. If the rule is set at the server level, MailSite will only read from the whitelist defined at the server level only. If a whitelist rule is defined at the domain level, this will read from the whitelists defined at both the domain level and server level only. If a whitelist rule is set at a mailbox level, it will read from both the mailbox, domain and server level whitelists.
IMPORTANT NOTE:
When you define ‘Deliver the message’ under a specific sieve filter, it bypasses all the remaining sieve filters at that level. It then passes the message onto the next set of filters. For example, if within the Server Receive script, you create a rule with the action to ‘Deliver the message’, assuming the message is addressed for a local user, no more rules will be processed at the server level and the message will be passed to the Domain script for processing, then onto the Forced Mailbox Delivery scripts, then to the Mailbox script and finally the Mailbox Delivery scripts before going into the users INBOX. This is a common point of confusion with Sieve filters.
If you would like to allow users to create and use their own whitelist, then you must create a sieve filter rule within the Mailbox Delivery Script or in the Forced Mailbox Delivery Script. (See the steps above on how to create the Sieve Filter rule). The rule will be similar to the one detailed above where the criterion will be:
- If ‘from’ ‘Is listed in my’ ‘whitelist’
If you have a rule which sends certain mail to the Junk Mail folder, then any whitelist rule MUST come before the Junk Mail rule to prevent messages being filed into that folder.
Blacklisting:
In the same way as whitelisting, you must setup sieve filters to act upon the blacklisted email addresses. A rule for the blacklist is defined under the ‘Forced Mailbox Delivery Script’ in a vanilla instalation which means users can utilize the blacklisting in their account (managed via Express). If you do not have a rule at this level you can create one using the steps below.
- Open the 'Forced Mailbox Delievery Script' as described earlier and click new.
- Enter a name and description of your new rule, click next.
- Set the criteria to: If ‘From’ ‘Is listed in my’ ‘Blacklist’, click OK.
- Click Next.
- Under ‘Then do one of the following’ select 'Reject message'
- Add in a helpful rejection message in the box below. (This is advised to assist with troubleshooting filters in the future). Click Next
- Ensure that the checkbox is ticked so that this new rule will be enabled immediately. Click Finish
If you wish to use blacklisting at the server level, simply create a similar new rule under the 'Server Receive Script'.
Like with whitelisting, if a blacklist rule is set at the Server level, it will read only from the Blacklist (found under Server > Filtering) defined at the Server level. If a blacklist rule is defined at the Domain level, it will read from both the Domain and Server level Blacklists. If set at the mailbox level, then MailSite will read from the Mailbox, Domain and Server level Blacklists.
Related:
See these other knowledge base documents:
Last revised 2011-8-9