Spam Filter ISP Support Forum

  New Posts New Posts RSS Feed - What order are the black/white lists applied?
  FAQ FAQ  Forum Search   Register Register  Login Login

What order are the black/white lists applied?

 Post Reply Post Reply
Author
Alan View Drop Down
Guest Group
Guest Group
Post Options Post Options   Thanks (0) Thanks(0)   Quote Alan Quote  Post ReplyReply Direct Link To This Post Topic: What order are the black/white lists applied?
    Posted: 13 May 2003 at 12:53pm
There are some odd behaviours with blacklist/whitelist filtering when more than one filter may apply for email.  For instance, an email address that is blacklisted in the TO Email list that is not supposed to quarantine is still quarantined because the email came from a blacklisted country.  So the coutry blacklist was applied first?  Was the other filter applied at all?  Or does one hit do it?  I assume whitelists are all checked first.
Back to Top
Sean View Drop Down
Groupie
Groupie
Avatar

Joined: 21 February 2005
Location: United States
Status: Offline
Points: 81
Post Options Post Options   Thanks (0) Thanks(0)   Quote Sean Quote  Post ReplyReply Direct Link To This Post Posted: 13 May 2003 at 1:37pm
I thik your asking if there is an order that the blacklist/whitelist are checked in. I wondered this myself, as well as if it is whitlisted does it ignore blacklist, I think it shoudl go in this order.
Back to Top
Alan View Drop Down
Guest Group
Guest Group
Post Options Post Options   Thanks (0) Thanks(0)   Quote Alan Quote  Post ReplyReply Direct Link To This Post Posted: 13 May 2003 at 2:21pm

Yes, I was wondering about the order or priority that the various filters are referenced.

I did have an instance where email from a sender from a whitelisted domain was quarantined because a text string in their email address coincided with an entry in my FROM Email blacklist.  (I block email addresses that have words such as "deals", "opt-in", "offers", etc.  So it appears the whitelists are not all applied first.  Probably the Unfiltered Emails though.

Back to Top
LogSat View Drop Down
Admin Group
Admin Group
Avatar

Joined: 25 January 2005
Location: United States
Status: Offline
Points: 4065
Post Options Post Options   Thanks (0) Thanks(0)   Quote LogSat Quote  Post ReplyReply Direct Link To This Post Posted: 13 May 2003 at 9:46pm

The process is as follows.

All the white lists are checked first. If a match is found, the blacklists are skipped, the email recipients are accepted, and SpamFilter is ready to accept the data command. If none of the whitelists are matched, then the blacklists are searched in the following order:

  1. Local FROM Domains Blacklist
  2. Local FROM Emails Blacklist
  3. No Reverse DNS (this is calculated at connection time)
  4. Reject Empty Mail From
  5. Reject Same To/From
  6. Recipient Count > Max RCPT TO
  7. Country Blacklisted
  8. Local Emails TO Blacklist
  9. Authorized TO Emails
  10. Allowed Domains
  11. MAPS check
  12. Keywords check

Going over the code to provide a detailed answer we just discovered that there is unexpected behavior when keywords matching the content filter are found. It seems as if only whitelisted "Unfiltered emails" and "Excluded Domains/IP" are correctly whitelisted. The other whitelists are ignored if there is a keyword match in the email. We will correct this in the next build.

Roberto Franceschetti
LogSat Software

Back to Top
Robert Shelton View Drop Down
Guest Group
Guest Group
Post Options Post Options   Thanks (0) Thanks(0)   Quote Robert Shelton Quote  Post ReplyReply Direct Link To This Post Posted: 25 June 2003 at 5:41pm

Roberto,

I am working with the following scenario: I want to block email directed to old (i.e. discontinued due to people no longer using them, or because they had attracted too much spam) email addresses on domains that I support (i.e. are on my white list for domains). If I do not block the emails at SpamFilter, they are forwarded to Exchange where that server attempts to send a non-delivery message... often to an invalid address. So I find myself flushing Exchange's queues of garbage that I'd rather block for a handfull of old email addresses on my various domains.

Admited problem: I've not yet figured out how to configure Exchange to discard email to invalid addresses without sending nd messages. If I can figure that out, then this scenario effectively becomes moot. But this seems like an issue that would arise in any situation where the email server doesn't provide sufficient controls, or the controls are difficult to implement (requiring scripts as opposed to adding names to lists).

Am I missing a better way to solve this problem? Or does this make sense as a supportable feature that would have general utility?

Tx,

Robert

Back to Top
 Post Reply Post Reply
  Share Topic   

Forum Jump Forum Permissions View Drop Down



This page was generated in 0.141 seconds.