Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » Whitelist for Domains to avoid RBLs
  •  
desven

Messages: 41
Karma: 3
Send a private message to this user
Is it possible to put domains or e-mail addresses in a list to avoid RBL blocking for these senders?

The concrete situation is that we need to receive mails from senders whose mailservers (mostly mass providers) are blacklisted. Of course you have no chance to remove such a server from the blacklist on your own.

That's why we need the whitelisting described above.


Thanks,

Sven
  •  
freakinvibe

Messages: 1552
Karma: 62
Send a private message to this user
Yes, that's possible. In KMS Admin under

Configuration > Content Filter > Spam Filter

go to the "Blacklists" tab. Add the servers you want to whitelist under

"Custom Whitelist of IP addresses"

Let me know if that solves your problem.

Dexion AG - The Blackberry Specialists in Switzerland
https://dexionag.ch
  •  
sedell

Messages: 1168
Karma: 1
Send a private message to this user
This isn't possible with RBLs. They are strictly IP based, and the domain names aren't involved in any part of the process.

Scott
  •  
desven

Messages: 41
Karma: 3
Send a private message to this user
I know that RBLs are IP-based, but nevertheless an e-mail- or domain-based whitelist can be involved in this process.
We have implemented this on Linux mailservers.
When you take a look at the security log you can even see the addresses of senders that are blacklisted. So it shouldn't be a big thing to use them for whitelisting.

Hint! Kerio!
  •  
freakinvibe

Messages: 1552
Karma: 62
Send a private message to this user
Why wouldn't you be able to whitelist the IP address of the sending server (just check in the headers)? You can also whitelist IP ranges if needed.

If this is not possible, instead of blocking blacklisted mail, just tag it (for example with a rating of 9) and then you can whitelist the sender domain or e-mail address in the "Custom message rules"

[Updated on: Wed, 12 November 2008 18:47]


Dexion AG - The Blackberry Specialists in Switzerland
https://dexionag.ch
  •  
desven

Messages: 41
Karma: 3
Send a private message to this user
I like blocking because it reduces traffic and mail volume. That's why I don't want to loose this feature.

Whitelisting the IP of the sender server isn't the solution for 3 reasons:

1. When I whitelist the whole server lot's of spam will come through.

2. The sending servers of mass providers change frequently.

3. When a customer calls and tells me he doesn't receive e-mails from a certain address anymore, I will not have to lookup the server(s) that sended the mail to whitelist them in the logs. I can't check the header because the e-mail didn't make it to the receivers mailbox.

Do you know what i mean?

[Updated on: Wed, 12 November 2008 19:13]

  •  
freakinvibe

Messages: 1552
Karma: 62
Send a private message to this user
Quote:

1. When I whitelist the whole server lot's of spam will come through.

So you are saying you are getting Spam and good (wanted) e-mails from the same IP address? I haven't seen this yet as good RBLs (such as spamhaus) only list IP addresses that are really "bad".

Anyhow, with Kerio, you can't whitelist RBLs by e-mail sender address. As you say correctly, the server has the information of the sender, so it would technically be possible, but Kerio just hasn't implemented this.

You can try to send an enhancment request to Kerio. If many people have the same request, it will eventually be implemented in a later version.

Dexion AG - The Blackberry Specialists in Switzerland
https://dexionag.ch
  •  
desven

Messages: 41
Karma: 3
Send a private message to this user
freakinvibe wrote on Thu, 13 November 2008 08:49


So you are saying you are getting Spam and good (wanted) e-mails from the same IP address? I haven't seen this yet as good RBLs (such as spamhaus) only list IP addresses that are really "bad".

Yes, exactly. The typical situation you have when maiilserver of mass providers (orange.fr in this case) are involved.
I will send an enhancement suggestion to Kerio.

What happens when I disable blocking for the RBLs, add an value of 10 to the spam score instead and leave the block level für spam scores at 9?
Probably a rule could reduce the spam level when it is a certain sender, correct?
Otherwise the server will block as before, right?
Or is there a difference in both blocking mechanisms?

Thanks a lot,

Sven
  •  
freakinvibe

Messages: 1552
Karma: 62
Send a private message to this user
Quote:

What happens when I disable blocking for the RBLs, add an value of 10 to the spam score instead and leave the block level für spam scores at 9?

The mechanism is different then. It will accept the whole mail, do the Spam checks and will then either reject or accept the message.

This will result in more mail and DNS traffic because, if you block based on RBL, the other RBLs in the list will not be contacted if the first already gets a positive result.

If you just tag the messages, it will contact all the RBLs in your list and add up all the scores.

Quote:

Probably a rule could reduce the spam level when it is a certain sender, correct?

Yes, you can set a rule for a specific e-mail address to "allow" the message, no matter what score it has.

[Updated on: Thu, 13 November 2008 10:48]


Dexion AG - The Blackberry Specialists in Switzerland
https://dexionag.ch
  •  
desven

Messages: 41
Karma: 3
Send a private message to this user
Quote:


The mechanism is different then. It will accept the whole mail, do the Spam checks and will then either reject or accept the message.

This will result in more mail and DNS traffic because, if you block based on RBL, the other RBLs in the list will not be contacted if the first already gets a positive result.

If you just tag the messages, it will contact all the RBLs in your list and add up all the scores.



Hmm, I thought this would happen. It will probably even send a bounce message for blocked mails, right?
  •  
freakinvibe

Messages: 1552
Karma: 62
Send a private message to this user
The sending of a bounce message can be switched on and off in KMS. Just un-tick the "Send bounce message to sender" in the Spam Rating tab.

Dexion AG - The Blackberry Specialists in Switzerland
https://dexionag.ch
  •  
freakinvibe

Messages: 1552
Karma: 62
Send a private message to this user
Quote:

The typical situation you have when maiilserver of mass providers (orange.fr in this case) are involved.

Which RBLs are you using? orange.fr IP addresses should not be listed on any of the good RBLs (I am using spamhaus and spamcop).

Dexion AG - The Blackberry Specialists in Switzerland
https://dexionag.ch
  •  
desven

Messages: 41
Karma: 3
Send a private message to this user
Quote:


Which RBLs are you using? orange.fr IP addresses should not be listed on any of the good RBLs (I am using spamhaus and spamcop).


We are using UCEProtect which is very efficient and a probably a little bit more ristrictive than others. That way we are very successful in blocking spammers.
Their techniques are explained on their site:
http://www.uceprotect.net/
  •  
freakinvibe

Messages: 1552
Karma: 62
Send a private message to this user
I am using UCEprotect as well, but I just add a score of 3 for it.

I have the following RBL list which is very effective for me:

zen.spamhaus.org = block
bl.spamcop.net = block
dnsbl-1.uceprotect.net = +3
dnsbl-2.uceprotect.net = +2
db.wpbl.info = +3
dnsbl.sorbs.net = +2

Spamhaus already kills 90% so the other RBLs are not contacted very often.

Dexion AG - The Blackberry Specialists in Switzerland
https://dexionag.ch
  •  
desven

Messages: 41
Karma: 3
Send a private message to this user
Cool, I will give that a try and see if/how spam amount will change.

Thanks,

Sven
Previous Topic: Emails from one specific sender (smartphone) disappear
Next Topic: Calendar events randomly losing color assignment
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Sat Nov 18 05:44:24 CET 2017

Total time taken to generate the page: 0.00582 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.