Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » Question on making a domain on whitelist on spam settings
  •  
mckingsley

Messages: 54
Karma: 3
Send a private message to this user
I have never really figured out for sure how the whitelist under the spam settings works. It seems like now I may have figured it out and correct me if I am wrong. But I guess it only applies to whitelisting a domain for the SpamAssasin settings? In other words if we use a blacklist (an it's set to block instead of add a spam score) then _that_ will override it even if I have the domain listed in the whitelist settings, right?

Basically we want to (at least for now) whitelist gmail and potentially yahoo, because some of their servers keep getting listed on the spamcop lists from time to time and we don't want gmail or yahoo getting blocked.

Thanks,
  •  
TorW

Messages: 769
Karma: 9
Send a private message to this user
Whitelisting an IP address in the Kerio Connect admin console will also make KC ignore any DNSBL-type blacklist entries for it. In other words: if you whitelist an IP, KC won't even look it up. SpamAssassin does not look up IP addresses. At least not in Kerio's (somewhat modified) default configuration. I.e., all of SpamAssassin's RCVD_IN_* checks are set to score 0.
  •  
mckingsley

Messages: 54
Karma: 3
Send a private message to this user
Yeah I should have mentioned that I understand that you can add an IP and even range. I don't see how that will be practical though for something like gmail or yahoo that have thousands of IP's and they don't seem to match one easy range I can put in. Any other ideas?
  •  
TorW

Messages: 769
Karma: 9
Send a private message to this user
I think there was a thread about whitelisting Yahoo and GMail's large IP ranges, but the long and short of it is that you'll just have to enter them all.
There are not too many though. As of Feb 16 2012, Google's IP ranges you should/could whitelist are:

64.233.160.0/19
66.249.80.0/20
72.14.192.0/18
66.102.0.0/20
74.125.0.0/16
64.18.0.0/20
173.194.0.0/16
207.126.144.0/20
209.85.128.0/17
216.73.93.70/31
216.73.93.72/31
216.239.32.0/19

They can easily be found by looking up the SPF records for google.com and _netblocks.google.com.


Boing:~ torw$ dig google.com txt

[...]
;; QUESTION SECTION:
;google.com.			IN	TXT

;; ANSWER SECTION:
google.com.		1033	IN	TXT	"v=spf1 include:_netblocks.google.com ip4:216.73.93.70/31 ip4:216.73.93.72/31 ~all"

------------------
Boing:~ torw$ dig _netblocks.google.com txt

[...]

;; QUESTION SECTION:
;_netblocks.google.com.		IN	TXT

;; ANSWER SECTION:
_netblocks.google.com.	3600	IN	TXT	"v=spf1 ip4:216.239.32.0/19 ip4:64.233.160.0/19 ip4:66.249.80.0/20 ip4:72.14.192.0/18 ip4:209.85.128.0/17 ip4:66.102.0.0/20 ip4:74.125.0.0/16 ip4:64.18.0.0/20 ip4:207.126.144.0/20 ip4:173.194.0.0/16 ?all"
Previous Topic: iCal (SnowLeopard) Work Around For Client Machines
Next Topic: Upgrading from 7.1.4 to 7.3.2
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Wed Nov 22 00:26:17 CET 2017

Total time taken to generate the page: 0.00368 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.