This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Is it possible to create an exception for the "Sender blacklist" ?

Hi,

because of a recent spam attack, one of my customers faced, I blocked their own Domain with the "Sender Blacklist" option. In general this works because the smtp-proxy does not block (probably because of the allowed relay settings) mails where the senderaddress is from the customers maildomain. The result is, that only mails from unknown hosts are blocked.

But in this case, the customer gets inbound emails from two other trusted mailsystems, that should be allowed to send mails with the customers domain. Because of this, I wanted to create an exception. But it seems, that this is not possible... I thought I can use a "antispam checking" exception for bypassing the sender blacklist....

Any ideas? What´s about the expression blocking? To what part of the mail is it applied? Can I use this to match the sender address or domain?



This thread was automatically locked due to age.
Parents
  • Same problem here - I tried an exception for the sending IP address and an other one for the sending from name - nothing worked. The smtp log shows that the exception is recognized but the mail is still dropped.

    2016:01:29-22:23:09 verw-asg320-01-1 exim-in[2298]: 2016-01-29 22:23:09 SMTP connection from [192.168.200.1]:56529 (TCP/IP connection count = 1)
    2016:01:29-22:23:09 verw-asg320-01-1 exim-in[13238]: 2016-01-29 22:23:09 H=myhost.mydomain.de (myhost) [192.168.200.1]:56529 Warning: Exception matched: Skipping greylisting for this message
    2016:01:29-22:23:09 verw-asg320-01-1 exim-in[13238]: 2016-01-29 22:23:09 H=myhost.mydomain.de (myhost) [192.168.200.1]:56529 Warning: Exception matched: Skipping antispam for this message
    2016:01:29-22:23:09 verw-asg320-01-1 exim-in[13238]: 2016-01-29 22:23:09 H=myhost.mydomain.de (myhost) [192.168.200.1]:56529 Warning: mydomain.de profile excludes AV scan: Skipping SMTP inline AV scan for this message
    2016:01:29-22:23:09 verw-asg320-01-1 exim-in[13238]: 2016-01-29 22:23:09 id="1003" severity="info" sys="SecureMail" sub="smtp" name="email rejected" srcip="192.168.200.1" from="monitor@mydomain.de" to="me@mydomain.de" size="-1" reason="sender_blacklist" extra="monitor@mydomain.de blacklisted"
    2016:01:29-22:23:09 verw-asg320-01-1 exim-in[13238]: 2016-01-29 22:23:09 H=myhost.mydomain.de (myhost) [192.168.200.1]:56529 F=<monitor@mydomain.de> rejected RCPT <me@mydomain.de>: Access denied (sender blacklisted)
    2016:01:29-22:23:09 verw-asg320-01-1 exim-in[13238]: 2016-01-29 22:23:09 SMTP connection from myhost.mydomain.de (myhost) [192.168.200.1]:56529 closed by DROP in ACL

    Version is 9.317-5

    Regards
    Manfred

  • Hello Manfred,

    I think the utm recognizes the exception for the Antivirus scan only:

    "mydomain.de profile excludes AV scan: Skipping SMTP inline AV scan for this message"

    For me it seems, that this simple function is not implemented so far:
    feature.astaro.com/.../6996061-email-exceptions-to-anti-spam-sender-blacklist


    Regards
    Sebastian
  • Guys, do you have SPF configured?

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply Children
No Data