Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 7 replies
  • Answers 1 answer
  • Subscribers 3 subscribers
  • Views 10062 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Exception for Greylisting by geo location (countries)

AlexanderToenniges

Hi sophos community,

we are currently testing a SG210 mainly because of our high spam mail income. One feature, which interest us in particular, is the greylisting antispam feature.

Unfortunately we couldn't find a convenient way to add an exception for greylisting by originating countries. I saw the country blocking feature under "Network Protection" -> "Firewall" so i guess that the appliance itself or a sophos online service provide a database with IP Ranges and their originating Countries.

Is there a way to make use of the Country Blocking Lists in the "Email Protection" -> "SMTP" -> "Exceptions" Area?

Our intention is to whitelist all german ip's from greylisting. Our company mostly communicates with german organisations. Emails send to us from other countries are most likely spam and we don't want the 15 minutes delay for all our incomming mails due to greylisting.



This thread was automatically locked due to age.
Parents
  • 0

    Yep.... it's a pain. enable country blocking at your peril. Why? Lets just say you block Japan. Ok, you've got no emails going to Japan but think again.....

    certain spam filtering can be there eg trendmicro so those that use it to filter their spam might not get the email because it's blocked by Country blocking.

    You don't really have an idea of where these spam filtering solutions can be located. Even then, the backup spam filtering could be somewhere else or their load balanacing can put it somewhere else.

    What is needed is a dynamic exception that opens for a certain ammount of time and accepts an rDNS query from where you are sending to. This will allow you to send email to these countries and the spam solution to check you are legit. After a certain period of time or another criteria, the country blocking should continue.

    Obviously mail originating from that country you probably don't want or if you do, you can create an exception.

Reply
  • 0

    Yep.... it's a pain. enable country blocking at your peril. Why? Lets just say you block Japan. Ok, you've got no emails going to Japan but think again.....

    certain spam filtering can be there eg trendmicro so those that use it to filter their spam might not get the email because it's blocked by Country blocking.

    You don't really have an idea of where these spam filtering solutions can be located. Even then, the backup spam filtering could be somewhere else or their load balanacing can put it somewhere else.

    What is needed is a dynamic exception that opens for a certain ammount of time and accepts an rDNS query from where you are sending to. This will allow you to send email to these countries and the spam solution to check you are legit. After a certain period of time or another criteria, the country blocking should continue.

    Obviously mail originating from that country you probably don't want or if you do, you can create an exception.

Children
  • 0 in reply to Louis-M

    Thanks for your reply.

    Yeah, this is the reason we don't want to activate country blocking at all.. only greylisting for specific countries.

     I just read under "Email Protection" -> "SMTP" -> "AntiSpam" -> "Advanced anti-spam features" following line:

    Greylisting builds and uses a database of ’known-good’ SMTP hosts that resend messages after receiving a temporary error

     

    Maybe we don't need exceptions for greylisting. My understanding of the line is that hosts, which successfully passed a greylisting check and resend "bounced" messages are no longer "greylisted". So the appliance should not bounce messages from those hosts again.

Unfiltered HTML