Global Whitelist

This forum contains features that has been archived. This section contains implemented features, duplicate requests, and requests which we have decided not to implement.
Post Reply

Do you need this feature?

Yes
39
91%
No
4
9%
 
Total votes: 43

rodolfor
Senior user
Senior user
Posts: 282
Joined: 2005-06-30 09:05
Location: Gubbio - Italy

Global Whitelist

Post by rodolfor » 2006-09-13 08:27

With the new version 4.3 we have several levels of spam checking.
- backlist
- greylist
- surbl list

it is possible to have a GLOBAL WHITELIST where I can specify domains and address wich BYPASS ALL SPAM CHECKS ?

--------------------------
4.3.238 + MSSQL
Last edited by rodolfor on 2006-11-26 13:25, edited 1 time in total.

iprat
Normal user
Normal user
Posts: 247
Joined: 2005-05-20 16:50
Location: Barcelona, EU
Contact:

Post by iprat » 2006-09-13 12:16

I don't need this as this is done by ASSP but if you decide to implement it please copy ASSP solution, wich consists in a database that is collected automatically from emails sent by local users or already whitelisted adresses.

This makes an automatically maintaned whitelist database.

Adresses in whitelist are discarded if no emails of them are received during a specified time (this is to clean database of non used whitelisting adresses).

I think it's ASSP job but if you ever plan to do this then copy the best solution.
My perfect combination:
hMailServer 5.6.1 (B2208), ASSP 1.3.3.8 (antispam), Clamav 0.98.6 (antivirus)

rodolfor
Senior user
Senior user
Posts: 282
Joined: 2005-06-30 09:05
Location: Gubbio - Italy

Post by rodolfor » 2006-09-13 19:54

No. the best solution is hmailserver alone.
Elsewhere what could be the need of its antispam functions ?

The need of a whitelist is a "natural" evolution of the increasing complexity of antispam function.

Sometime a user fall in a blacklist, it coud be graylisted (suppose its server retry only two times in 1 minute: the acceptance of this user needs too permissive graylist parameters), surbl can fail.

In this case, you can spend a lot of time to debug the problem and during this time having a whitelist could be essential.

thanks

iprat
Normal user
Normal user
Posts: 247
Joined: 2005-05-20 16:50
Location: Barcelona, EU
Contact:

Post by iprat » 2006-09-14 09:25

rodolfor wrote:No. the best solution is hmailserver alone.
Elsewhere what could be the need of its antispam functions ?

The need of a whitelist is a "natural" evolution of the increasing complexity of antispam function.

Sometime a user fall in a blacklist, it coud be graylisted (suppose its server retry only two times in 1 minute: the acceptance of this user needs too permissive graylist parameters), surbl can fail.

In this case, you can spend a lot of time to debug the problem and during this time having a whitelist could be essential.

thanks
Please don't missunderstood me. I am not saying that it is not useful rodolfor, I am just saying that if it is to be implemented then copy ASSP's behavior wich maintains automatically the whitelist while allowing the admin to add or delete specific adresses manually.
My perfect combination:
hMailServer 5.6.1 (B2208), ASSP 1.3.3.8 (antispam), Clamav 0.98.6 (antivirus)

rodolfor
Senior user
Senior user
Posts: 282
Joined: 2005-06-30 09:05
Location: Gubbio - Italy

Post by rodolfor » 2006-09-14 15:05

ok, you're rigth. my goal in administering systems is: semplicity.
The semplicity is the key of robustness of a system.

Is more simple to have a server with only hmailserver than a server with hmail+assap+php.

Hamilserver itself must have a self-completeness of its functions and I think global whitelist is essential.

An example: yesterday a customer waits for a very important message; i set up graylist for 30min; to satisfy my customer immediately I need to disable the greylisting....

thanks

^DooM^
Site Admin
Posts: 13861
Joined: 2005-07-29 16:18
Location: UK

Post by ^DooM^ » 2006-09-15 17:43

I like this idea as long as Iprat's solution is implemented.

redmn
New user
New user
Posts: 7
Joined: 2006-10-05 13:07
Location: Mantova, IT

Post by redmn » 2006-10-11 16:28

It happens frequently that some my users, phone me or send an email saying that one of their customers is not successful in sending them an email beeing blocked from one BL.
I can't easily explain them the reason and why the lack of the necessary functionality makes the solution difficult.
So the only way remaining to me is to de-activate the "offending" BL.
I think it's really difficult operate safely in this scenario.
Therefore I think that, independently from the way in which you carry out the function, it is really necessary to solve the problem to be able of immediately whitelisting the transmission IP (even manually) and that not having this it is a very heavy uneasiness.
For the last 5 Years I used Merak, which had this function since its first old times.
Pse make it anyway.

olivier
New user
New user
Posts: 12
Joined: 2006-08-12 11:24
Location: paris

Post by olivier » 2006-10-17 19:42

I have the same problem and when I used Mailmax, before hmail, the global whitelist was include too
It will be a good idea to have this possibility

westdam
Senior user
Senior user
Posts: 728
Joined: 2006-08-01 21:24
Location: Padova, Italy
Contact:

Post by westdam » 2006-10-17 22:03

i agree with iprat. i'm done it the same with ewall ( similar to assp )
i like in hmailserver too.

semmai
New user
New user
Posts: 2
Joined: 2006-10-28 15:05

Post by semmai » 2006-11-02 09:53

Is it possibile add to this whitelist some checkboxes?
I.e.: apply to blacklist; apply to greylist; apply to antivirus and so on ?
Do you tink to have only one global whitelist or a global whitelist plus one whitelist per domain ?

thanks

Florian
New user
New user
Posts: 19
Joined: 2006-08-21 15:09
Location: .de

Post by Florian » 2006-11-02 10:43

i like iprat's solution!

ikshadow
Normal user
Normal user
Posts: 75
Joined: 2006-07-19 11:17

Post by ikshadow » 2006-11-07 00:11

Iam a bit confused.

Hmailserver 4.3 have White listing under Spam Protection -> Greylisting/White Listing.

As I understood whatever IP you enter here will bypass all spam checks.
hMailServer 5.4-B1950
MySQL 5.1.73
Domains: 32, Accounts: 1000+ , Messages: 1000.000+, Data size: 200GB+
Running since 18.7.2006 (hMailServer 4.2.2 - Build 199)

User avatar
martin
Developer
Developer
Posts: 6834
Joined: 2003-11-21 01:09
Location: Sweden
Contact:

Post by martin » 2006-11-07 00:21

Really? Why do you think it's located under "Greylisting"? This white list bypasses grey listing. Not all spam checking. :)

ikshadow
Normal user
Normal user
Posts: 75
Joined: 2006-07-19 11:17

Post by ikshadow » 2006-11-07 00:56

martin wrote:Really? Why do you think it's located under "Greylisting"? This white list bypasses grey listing. Not all spam checking. :)
eh crap.

I was realy looking forward to 4.3 couse we have a big issue with "good" emails to be rejected by some spam list.

I hope you will consider it in next releases.
hMailServer 5.4-B1950
MySQL 5.1.73
Domains: 32, Accounts: 1000+ , Messages: 1000.000+, Data size: 200GB+
Running since 18.7.2006 (hMailServer 4.2.2 - Build 199)

User avatar
martin
Developer
Developer
Posts: 6834
Joined: 2003-11-21 01:09
Location: Sweden
Contact:

Post by martin » 2006-11-07 01:16

If your spam lists rejects legit email, I would not use it. A white list won't solve that problem completely, since you can't possible add all valid IP addresses to the white list.

In 4.3, you can configure hMailServer to add a header to spam messages instead of deleting them. If you know how to code, you could create your own white-list database table, and then add a script in the OnDeliverMessage which then deletes the messages with the spam header unless the sender IP matches one row in your table.

(But yes, this feature is starting to get a lot of yes-votes so it will be added in a future version)

rodolfor
Senior user
Senior user
Posts: 282
Joined: 2005-06-30 09:05
Location: Gubbio - Italy

Post by rodolfor » 2006-11-09 10:25

The purpose of this "global whitelist" is to have a simple and fast mechanism to recover the problem when a false positive occour (and is detect by a user!).

With this list I can put immediately a domain (not an IP) wich bypass all antispam tests.

After, I can deepen the problem, i.e: remove the domain from a black list, disable the black list, etc.

thanks

Tiziana
New user
New user
Posts: 14
Joined: 2006-09-28 12:05

Post by Tiziana » 2006-11-14 11:50

I had the same problem with some customers of mine.
I think that with this kind of approach we all need for a FAST solution like whitelist for email addresses.

ikshadow
Normal user
Normal user
Posts: 75
Joined: 2006-07-19 11:17

Post by ikshadow » 2006-11-15 14:38

martin wrote:If your spam lists rejects legit email, I would not use it. A white list won't solve that problem completely, since you can't possible add all valid IP addresses to the white list.
I dont need to add all, just those important ones, its just quick fix till the banned IP is removed from black list.

Curently i need to disable blocking black list, till IP is removed.
At that time we receive a lot of spam that I would like to avoid.

I just hope this feature will get enough options so it would be implemented asap.

I realy consider it a must have feature, especialy for all those that dont use any other 3rd party anti spam apps.

p.s. I hope somene will make the script you mention so we can use it till you add it in hmailserver 4.x.
hMailServer 5.4-B1950
MySQL 5.1.73
Domains: 32, Accounts: 1000+ , Messages: 1000.000+, Data size: 200GB+
Running since 18.7.2006 (hMailServer 4.2.2 - Build 199)

User avatar
martin
Developer
Developer
Posts: 6834
Joined: 2003-11-21 01:09
Location: Sweden
Contact:

Post by martin » 2006-11-27 22:34

Do you guys think it's enough to have the following options:

- Lower IP address
- Upper IP address

* If only Lower IP is specified, the Upper IP will have the same value.
* A button should be added so that you can enter a domain name and then hMailSever will add all the domains MX records to the white list.

^DooM^
Site Admin
Posts: 13861
Joined: 2005-07-29 16:18
Location: UK

Post by ^DooM^ » 2006-11-27 22:42

That would work for me yes.

bazporter
Normal user
Normal user
Posts: 98
Joined: 2005-06-03 16:14

Post by bazporter » 2006-11-27 23:53

Sounds good...

ikshadow
Normal user
Normal user
Posts: 75
Joined: 2006-07-19 11:17

Post by ikshadow » 2006-11-28 11:02

sounds very good :D
hMailServer 5.4-B1950
MySQL 5.1.73
Domains: 32, Accounts: 1000+ , Messages: 1000.000+, Data size: 200GB+
Running since 18.7.2006 (hMailServer 4.2.2 - Build 199)

lucasasdelli
New user
New user
Posts: 10
Joined: 2006-02-15 11:36

Post by lucasasdelli » 2006-11-28 20:27

martin wrote: * A button should be added so that you can enter a domain name and then hMailSever will add all the domains MX records to the white list.
Excellent, quick and effective. :-)

Ciao
Luca

Mark Spruce
Normal user
Normal user
Posts: 36
Joined: 2006-11-30 16:53
Location: Falkland Islands
Contact:

Post by Mark Spruce » 2006-11-30 16:56

I would love a white list.

Where I could enter a domain or a single E-mail address

regards

Mark

chanas
Normal user
Normal user
Posts: 57
Joined: 2006-04-08 00:27
Location: Athens/Greece
Contact:

Post by chanas » 2006-11-30 22:52

I usually lookup the MX records for the domain then add a range for it with spam protection off. Doesnt this work good enough?
Win2K3 SP2 | IIS6 | hMail 4.3 B248 | MSSQL 2K | Debian SpamAssasin on VMWare | SquirrelMail

User avatar
martin
Developer
Developer
Posts: 6834
Joined: 2003-11-21 01:09
Location: Sweden
Contact:

Post by martin » 2006-12-03 18:06

chanas, Correct, there is nothing that stops you from using IP ranges to accomplish this.

Mark Spruce
Normal user
Normal user
Posts: 36
Joined: 2006-11-30 16:53
Location: Falkland Islands
Contact:

Post by Mark Spruce » 2006-12-08 15:59

But it would also be good to be able to add individual e-mail address as well.

Well lets see what happens

User avatar
martin
Developer
Developer
Posts: 6834
Joined: 2003-11-21 01:09
Location: Sweden
Contact:

Post by martin » 2006-12-09 22:04

In hMailServer 4.4, it will be possible to white list IP addresses.

rodolfor
Senior user
Senior user
Posts: 282
Joined: 2005-06-30 09:05
Location: Gubbio - Italy

Post by rodolfor » 2006-12-10 10:51

it is difficult to whitelist domains and addresses?
thanks

User avatar
martin
Developer
Developer
Posts: 6834
Joined: 2003-11-21 01:09
Location: Sweden
Contact:

Post by martin » 2006-12-10 14:27

It will be possible to specify a wildcard as well so that you can whitelist *@mymostimportantclient.com or IAmNotASpammer@*. The whitelist needs to be manually maintained though.

So what you enter for every record is:
- Description
- Lower IP
- Upper IP
- Email address

If Lower IP is left empty, hMailServer will automatically set the range to 0.0.0.0 to 255.255.255.255
If Upper IP is left empty, it will be the same as Lower IP
If email address is left empty, it will be set to *.

hMailServer first checks whether the senders IP address matches the range of IP addresses. If it does, it checks that his email address matches the email address in the record (if one has been specified)

rodolfor
Senior user
Senior user
Posts: 282
Joined: 2005-06-30 09:05
Location: Gubbio - Italy

Post by rodolfor » 2006-12-10 18:20

wonderful!

Mark Spruce
Normal user
Normal user
Posts: 36
Joined: 2006-11-30 16:53
Location: Falkland Islands
Contact:

Post by Mark Spruce » 2006-12-12 03:10

Hello Martin,

So it will not be possible just to add in an E-mail address. You have also add in range of IP address as well.

Sorry if i am confused. So if I wanted to white list a E-mail for example for a horizon.co.fk address I would do this.


Desription eg.. Mark Spruce
Lower IP = Blank
UPPER IP = Blank
E-mail address = mark.spruce@horizon.co.fk

I am sorry if I am seeming a bit blonde here.

regards

Mark

^DooM^
Site Admin
Posts: 13861
Joined: 2005-07-29 16:18
Location: UK

Post by ^DooM^ » 2006-12-12 12:40

I think that is the general idea else a spammer could send all his spam as mark.spruce@horizon.co.fk and bypass any spam filters.

Mark Spruce
Normal user
Normal user
Posts: 36
Joined: 2006-11-30 16:53
Location: Falkland Islands
Contact:

Post by Mark Spruce » 2006-12-12 16:18

I see what you mean.

Well lets see what happens when this part is hopefully done. As I would love to be able to whitelist an E-mail address like you could in spamassasin which I used to have on my old server a few years back.

Mark
^DooM^ wrote:I think that is the general idea else a spammer could send all his spam as mark.spruce@horizon.co.fk and bypass any spam filters.

Mark Spruce
Normal user
Normal user
Posts: 36
Joined: 2006-11-30 16:53
Location: Falkland Islands
Contact:

Post by Mark Spruce » 2006-12-16 22:45

You could add in that only a range of IP address can send as

mark.spruce@horizon.co.fk

Well time for me to go off to the gym

Mark

User avatar
martin
Developer
Developer
Posts: 6834
Joined: 2003-11-21 01:09
Location: Sweden
Contact:

Post by martin » 2006-12-19 15:21

Much confusion for little. :)
In the new whitelisting functionality, you can enter a IP range if you want to. You don't have to. If you don't enter a IP range, hMailServer will default to 0.0.0.0 -> 255.255.255.255 which is the same as the entire Internet.

^DooM^
Site Admin
Posts: 13861
Joined: 2005-07-29 16:18
Location: UK

Post by ^DooM^ » 2006-12-19 19:12

Will this bypass all spam protection including virus scanning, incoming and outgoing?

User avatar
martin
Developer
Developer
Posts: 6834
Joined: 2003-11-21 01:09
Location: Sweden
Contact:

Post by martin » 2006-12-19 19:25

No, this will by pass spam protection - not virus scanning.

Mark Spruce
Normal user
Normal user
Posts: 36
Joined: 2006-11-30 16:53
Location: Falkland Islands
Contact:

Post by Mark Spruce » 2006-12-21 14:08

Hello Martin thanks for clearing that up.

Oh I just had a thought. With the whitelist. Would the E-mail address bypass message rules that you have set up as well. Or should I post this as a new subject.

Mark

User avatar
martin
Developer
Developer
Posts: 6834
Joined: 2003-11-21 01:09
Location: Sweden
Contact:

Post by martin » 2006-12-21 14:42

No, it will not bypass any message rules you have. For example, you may want to whitelist billg@microsoft.com, but you still want his email to be put in the Not-So-Important-Email IMAP folder using a Rule.

Mark Spruce
Normal user
Normal user
Posts: 36
Joined: 2006-11-30 16:53
Location: Falkland Islands
Contact:

Post by Mark Spruce » 2006-12-21 15:15

Oh right Martin I see what you mean.

Why I was asking is that I keep getting spam with the title: RE:

So I wanted to do a rule to delte those message. But some times my friends send mails with that title

Mark

Mark Spruce
Normal user
Normal user
Posts: 36
Joined: 2006-11-30 16:53
Location: Falkland Islands
Contact:

Post by Mark Spruce » 2006-12-25 06:15

What might be the time frame for the new version with the whitelist for E-mail address etc

regards

Mark

Post Reply