This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

User whitelist and greylisting?

Hello,

We have greylisting activated on our Sophos UTM appliance and it works very well but... it encounters delays to emails (which is the objective, I know it).

We created an exception rules which skips greylisting from some senders and receivers. That means we manage this as administrators.

I know that users have the possibility to manage their own whitelist and blacklist on the user portal.

My question is: if an address x@y.z is set to the user whitelist through the user portal, will greylisting still be active? Or is it skipped since user have added this email in his own whitelist?

Thank you very much.

DeltaSM



This thread was automatically locked due to age.
Parents
  • As to your specific question, I do not know, but it should be easy enough to test.

    But...

    My personal opinion is that users should not be allowed to create whitelist entries.

    Does the quarantine review site provide a user with enough information to make an intelligent whitelist decision?

    Do your users have the training and experience needed to use that information to make a correct decision?

    Does UTM provide the necessary tools to whitelist a legitimate message without also whitelisting some future fraudulent messages?

    I argue that the answer to all three questions is no.   

    Consequently, users should not be allowed to whitelist for the same reason that I am not allowed to do brain surgery.

     

  • Hello,

    In this case, the user is experienced so we we're OK to let him manage his emails.

    The UTM have several processes to fight with SPAM. We're quite satisfied of it.

    Does anybody have answer to my initial question?

    Kind Regards,

    DeltaSM

  • I think we can trust the documentation on this.   It says that the sender whitelist by passes everything except malware and unscannable content.  Presumably the unscannable content rule is only applied if the global setting is enabled to block unscannable content.

    Therefore, it should be comparable to an exception with these options configured:

     


    Malware
    ON Malware checking
    OFF Extension blocking
    OFF Sandstorm scanning

    Antispam
    OFF RBL checks
    OFF RDNS/Helo checks
    OFF Antispam checking
    OFF Expression blocking
    OFF Greylisting
    OFF BATV
    OFF SPF check

    Other
    OFF Recipient verification
    OFF MIME type checks
    OFF Email encryption
    OFF Footer additions
    OFF Data Protection custom rules
    OFF Data Protection Content Control Lists

Reply
  • I think we can trust the documentation on this.   It says that the sender whitelist by passes everything except malware and unscannable content.  Presumably the unscannable content rule is only applied if the global setting is enabled to block unscannable content.

    Therefore, it should be comparable to an exception with these options configured:

     


    Malware
    ON Malware checking
    OFF Extension blocking
    OFF Sandstorm scanning

    Antispam
    OFF RBL checks
    OFF RDNS/Helo checks
    OFF Antispam checking
    OFF Expression blocking
    OFF Greylisting
    OFF BATV
    OFF SPF check

    Other
    OFF Recipient verification
    OFF MIME type checks
    OFF Email encryption
    OFF Footer additions
    OFF Data Protection custom rules
    OFF Data Protection Content Control Lists

Children