Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » KMS 6.0 & Whitelists
  •  
Bob Johnston

Messages: 44
Karma: 1
Send a private message to this user
When using the DNSBL blacklist filters in KMS 6.0, Is there a way to
whitelist an IP range, or a specific domain? I can't find the whitelist
option.
--
Bob Johnston
CJRW
501-975-8325



  •  
jshaw541

Messages: 471
Karma: 0
Send a private message to this user
One way is to add a rule for "foo.com" with a score modifier of -999 (that's minus 999).


Bob Johnston wrote on Tue, 29 June 2004 13:16

When using the DNSBL blacklist filters in KMS 6.0, Is there a way to
whitelist an IP range, or a specific domain? I can't find the whitelist
option.
--
Bob Johnston
CJRW
501-975-8325






Kerio MailServer 6.7.1 w/AD
Windows Server 2003 SP 1
Dell PowerEdge 2850 (Dual Xeon 3.2ghz and 2 GB RAM)
~1300 users
~1000+ concurrent IMAPS connections
iPhone users
Outlook 2007 KOFF users
Apple iCal 10.5/10.6 users
  •  
freakinvibe

Messages: 1552
Karma: 62
Send a private message to this user
I don't think the -999 thing works, as the IP Adresses from the external blocklists (like ORDB) are blocked during the SMTP handshaking, so the blocked message is not even coming into the KMS system.

Anti-Spam scores are generated AFTER the whole message is received and scanned by KMS. So it is not possible that the score overrules the blacklist.

At least it works like this in KMS5. I don't think this has changed in version 6. The best solution would be to have "Exception" list on the "Blacklist" tab in the KMS configuration.

Maybe an enhancement request for the Kerio gals and guys.

Regards,

Pascal

Dexion AG - The Blackberry Specialists in Switzerland
https://dexionag.ch
  •  
jshaw541

Messages: 471
Karma: 0
Send a private message to this user
Hmm perhaps I misunderstood what he was asking. I thought he was mentionining the fact that blacklists exist in KMS, and wanted to know if whitelists existed, too, so that he could "exempt" certain IP ranges from getting checked for spam.

If scenario B is the case, I would question why he's using the particular RBL that's blacklisting an IP range he needs whitelisted. And which one he's using...



freakinvibe wrote on Wed, 30 June 2004 05:42

I don't think the -999 thing works, as the IP Adresses from the external blocklists (like ORDB) are blocked during the SMTP handshaking, so the blocked message is not even coming into the KMS system.

Anti-Spam scores are generated AFTER the whole message is received and scanned by KMS. So it is not possible that the score overrules the blacklist.

At least it works like this in KMS5. I don't think this has changed in version 6. The best solution would be to have "Exception" list on the "Blacklist" tab in the KMS configuration.

Maybe an enhancement request for the Kerio gals and guys.

Regards,

Pascal


Kerio MailServer 6.7.1 w/AD
Windows Server 2003 SP 1
Dell PowerEdge 2850 (Dual Xeon 3.2ghz and 2 GB RAM)
~1300 users
~1000+ concurrent IMAPS connections
iPhone users
Outlook 2007 KOFF users
Apple iCal 10.5/10.6 users
  •  
Bob Johnston

Messages: 44
Karma: 1
Send a private message to this user
Yes, as best I can tell too, the whitelist must be an IP based list since
the DNSBL is IP based.

I don't see an exception tab in the Blacklists section. I've checked
everywhere, unless I'm overlooking it.

I'm using KMS 6.0b5.0.
--
Bob Johnston
CJRW
501-975-8325

> From: freakinvibe <pascal<at>devries.ch>
> Organization: Kerio
> Reply-To: kms<at>forum.kerio.com
> Date: Wed, 30 Jun 2004 14:42:46 +0200
> To: kms<at>forum.kerio.com
> Subject: [kms] Re: KMS 6.0 &amp; Whitelists
>
>
> I don't think the -999 thing works, as the IP Adresses from the external
> blocklists (like ORDB) are blocked during the SMTP handshaking, so the blocked
> message is not even coming into the KMS system.
>
> Anti-Spam scores are generated AFTER the whole message is received and scanned
> by KMS. So it is not possible that the score overrules the blacklist.
>
> At least it works like this in KMS5. I don't think this has changed in version
> 6. The best solution would be to have "Exception" list on the "Blacklist" tab
> in the KMS configuration.
>
> Maybe an enhancement request for the Kerio gals and guys.
>
> Regards,
>
> Pascal
>
>
>



  •  
Bob Johnston

Messages: 44
Karma: 1
Send a private message to this user
Yes, I'm using SPAMCOP and SMAPHAUS DNSBLs. Sometimes our clients get put on
these DNSBL lists and I'd like to whitelist them so we can receive email.

Some clients are banks and tourism related businesses that email newsletters
that people subscribed to first. However, sometimes the client might be
turned into SPAMCOP or SPAMHAS for spamming and thus placed on the DNSBL
list for a few hours or days.
--
Bob Johnston
CJRW
501-975-8325

> From: jshaw541 <advertj<at>sps.lane.edu>
> Organization: Kerio
> Reply-To: kms<at>forum.kerio.com
> Date: Wed, 30 Jun 2004 08:08:02 -0700
> To: kms<at>forum.kerio.com
> Subject: [kms] Re: KMS 6.0 &amp; Whitelists
>
>
> Hmm perhaps I misunderstood what he was asking. I thought he was mentionining
> the fact that blacklists exist in KMS, and wanted to know if whitelists
> existed, too, so that he could "exempt" certain IP ranges from getting checked
> for spam.
>
> If scenario B is the case, I would question why he's using the particular RBL
> that's blacklisting an IP range he needs whitelisted. And which one he's
> using...
>
>
>
> freakinvibe wrote on Wed, 30 June 2004 05:42
>> I don't think the -999 thing works, as the IP Adresses from the external
>> blocklists (like ORDB) are blocked during the SMTP handshaking, so the
>> blocked message is not even coming into the KMS system.
>>
>> Anti-Spam scores are generated AFTER the whole message is received and
>> scanned by KMS. So it is not possible that the score overrules the blacklist.
>>
>> At least it works like this in KMS5. I don't think this has changed in
>> version 6. The best solution would be to have "Exception" list on the
>> "Blacklist" tab in the KMS configuration.
>>
>> Maybe an enhancement request for the Kerio gals and guys.
>>
>> Regards,
>>
>> Pascal
>
>
>
>
>



  •  
jshaw541

Messages: 471
Karma: 0
Send a private message to this user
What the SpamAssassin software does is apply scores to a message when a message sender's IP is in a blacklist. It does not outright block it. Additionally, whitelisting of email addresses is available.

Since KMS 6.0 uses SpamAssassin, this is applicable here.

You can see the blacklist rules in:

KERIODIR\spamassassin\rules\20_dnsbl_tests.cf

You can define whitelisted email addresses in local.cf, by adding the line:

def_whitelist_from_rcvd *<at>whitelistme.com


and the scoring of the above rules in:

KERIODIR\spamassassin\rules\50_scores.cf

Whitelisted:
score USER_IN_WHITELIST -100.000


RBL'd:
score RCVD_IN_BL_SPAMCOP_NET 0 2.25 0 1.50
score RCVD_IN_BSP_OTHER 0 -0.1 0 -0.1
score RCVD_IN_BSP_TRUSTED  0 -4.3 0 -4.3
score RCVD_IN_DSBL 0 1.101 0 0.706
score RCVD_IN_DYNABLOCK 0 2.546 0 2.599
score RCVD_IN_NJABL 0 0.100 0 0.100
score RCVD_IN_NJABL_CGI 0
score RCVD_IN_NJABL_DIALUP 0 0.525 0 3.536
score RCVD_IN_NJABL_MULTI 0 0.001 0 0.001
score RCVD_IN_NJABL_PROXY 0 1.101 0 0.500
score RCVD_IN_NJABL_RELAY 0 1.314 0 0.001

...


It appears that with this, you can do what you want now:

- First, turn off all the BL blocking in the KMS Admin Console. Don't use it, use SpamAssassin's rules.
- Next, add the domains you want to whitelist to local.cf, using the line listed above.
- Restart the KMS server process.
- Watch, and adjust your blacklist score modifiers to taste, by adding 'score INSERT_BLACKLIST_RULE_NAME_HERE x.0' to local.cf. (x being an integer of your choice).

Now, messages that are whitelisted won't be blocked and messages that are on the blacklists will have a score added to them, which is much more flexible as some blacklists are better than others. If your blacklisting isn't working to your expectations, you can simply add score modifiers for the blacklist to your local.cf file.

This information is highly important, so if I am not clear anywhere, please let me know. I've rushed this email, so it's certainly possible. If there's enough interest, perhaps I'll write a more sane HOWTO on the subject.

PS: I always add 'score HABEAS_SWE 5.0' to my local.cf file when using SpamAssassin. HABEAS is a "we're not spammers, we're just bulk mailers" registration service that users identify themselves with by using special headers in the email message.

Unfortunately, since they're using just mail headers, and SpamAssassin adds a -8.0 score to the rule by default, spammers are routinely adding these headers to their email to bypass the spam filters of a victim's mail server.

In my opinion, it's a poorly-designed method, and I don't want "bulk mailers" getting through our system anyways, so I add the above rule.

If your mail server is inexplicably passing spam, it is highly likely due to the HABEAS_SWE rule.

Kerio MailServer 6.7.1 w/AD
Windows Server 2003 SP 1
Dell PowerEdge 2850 (Dual Xeon 3.2ghz and 2 GB RAM)
~1300 users
~1000+ concurrent IMAPS connections
iPhone users
Outlook 2007 KOFF users
Apple iCal 10.5/10.6 users
Previous Topic: KMS 6 & AD integration -- Hacks and fixes
Next Topic: KMS 6.0 Beta Exchange Migration
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Sun Nov 19 17:23:33 CET 2017

Total time taken to generate the page: 0.00490 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.