SmarterMail Help

Blacklist / Whitelist

System Administrators are able to control the IP addresses that are blacklisted from accessing, or whitelisted for access to, mail services. Blacklisting an IP address prevents it from making inbound connections, while whitelisting an IP address adds the IP as a trusted source, allowing connections to bypass relay restrictions that may be imposed, including spam filtering, greylisting and IDS rules. Exercise caution when granting whitelist status to a server, and be sure that you know what services on that server may send mail through your own.

To manage the blacklist or whitelist, log into SmarterMail as a System Administrator and click on the Settings icon. Then click on Security in the navigation pane and select the Blacklist or Whitelist tab.

By default, both of these tabs will be empty as SmarterMail has no way of knowing the IPs or IP Ranges that need to be blocked or granted access to its various services. To create a new entry in the blacklist or whitelist, click New. When adding or editing an entry, the following options will be available:

  • IP Addresses (single, range or CIDR block) - Enter a single IP address or an IP range in dotted quad notation (e.g., 123.45.678.90, or 12.345.67.89 - 12.345.67.890). If an IP range is entered, all IP addresses within that range will be contained in the list.
  • Description - Use this field to enter optional notes for understanding the various whitelist / blacklist entries. For example, "Office LAN IPs"
  • Protocol - Enable this setting to add the protocols you wish to include in the blacklist or whitelist entry. The available options are: SMTP, POP, IMAP and XMPP.
  • SMTP Auth Bypass - Used for whitelists only, enabling this bypasses the need for SMTP authentication for whitelisted IPs.
  • SMTP Spam Bypass - Used for whitelists only, enabling this bypasses spam checks for whitelisted IPs. IMPORTANT NOTE: If SPF and DKIM spam checks are enabled, SmarterMail will run those checks on ALL emails, including those from trusted senders, whitelisted IP addresses and IP bypasses. Because anyone can write any return path that they want when sending a message, this extra check helps prevent spammers from flooding users with hundreds of messages that aren't truly from a trusted sender.

Note: SmarterMail runs a check against the IPs listed in whitelist, blacklist and authentication bypass settings. This check looks at the number of IPs listed and will display a warning if the IPs listed represent a significant number. (E.g., a range greater than a /24.) While the warning does not affect the ability to save the settings, it is an indication that the System Administrator may want to review the settings prior to adding the IP range.

SMTP Auth Bypass

Whitelisted IP addresses can bypass SMTP authentication, which is a security measure that can be very beneficial in the fight against spam and unauthorized email as it forces the sender to authenticate their username and password before an email is sent through the mail server. Unfortunately, some applications do not have support for SMTP authentication when sending mail. Most often, these are web sites that have automated mail sending mechanisms. The solution is to add the IP addresses of these servers/sites to SmarterMail's Whitelist and enable SMTP Authentication Bypass. Whitelist entries with SMTP Auth Bypass enabled will not be asked to provide an SMTP Authentication login.