This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Is it possible to create an exception for the "Sender blacklist" ?

Hi,

because of a recent spam attack, one of my customers faced, I blocked their own Domain with the "Sender Blacklist" option. In general this works because the smtp-proxy does not block (probably because of the allowed relay settings) mails where the senderaddress is from the customers maildomain. The result is, that only mails from unknown hosts are blocked.

But in this case, the customer gets inbound emails from two other trusted mailsystems, that should be allowed to send mails with the customers domain. Because of this, I wanted to create an exception. But it seems, that this is not possible... I thought I can use a "antispam checking" exception for bypassing the sender blacklist....

Any ideas? What´s about the expression blocking? To what part of the mail is it applied? Can I use this to match the sender address or domain?



This thread was automatically locked due to age.
Parents Reply Children
  • SPF is not that hard to configure and should work for this, Manfred. I don't think using Sender Blacklist and trying to create an Exception for your mail server will consistently give the desired result, but I've not tried it.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Yes a SPF Record maybe a solution for your own domain, but there could also be disadvantages. For the implementation it´s necessary to consider all systems, that should be allowed to send email with your domain names. You even have to think about forwardings and newsletters etc.... I think it should be carefully planned.

    But for me the questions is, how the spf check is weighted the sophos spam calculation algorithm. Spammers also learned to create spf records. E.g.: If the spf record for a spammers domain is present and fits to the sending system, are all other spam checks are disabled then? Because if i activate the spf check I dont want to receive mails from spammers, that adapted the feature....

    Is there some more detailed information available regarding the spam filtering algorithm?


    Best Regards
  • There is no weighting. The algorithm is simple - apply the checks one after the other, if none fails and the mail content is not graded a spam by ctasd's lookup, it is delivered. SPF is one of the SMTP-time checks that occurs before the content is received and (educated guess) after RBLs, the Sender Blacklist and rDNS.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA