Blacklist / Whitelist
System administrators are able to control the IP addresses that are blacklisted from accessing, or whitelisted for access to, mail services. Blacklisting an IP address prevents it from making inbound connections, while whitelisting an IP address adds the IP as a trusted source, allowing connections to bypass relay restrictions that may be imposed, including spam filtering, greylisting and IDS rules. Exercise caution when granting whitelist status to a server, and be sure that you know what services on that server may send mail through your own.
NOTE: Internal IP addresses are whitelisted by default. If this is a concern, system administrators can edit these whitelist entries to disable whitelisting for one or more protocols or bypasses. However, internal IP addresses cannot be deleted.
By default, both of these tabs will be empty as SmarterMail has no way of knowing the IPs or IP Ranges that need to be blocked or granted access to its various services. However, once entries are added, the following details can be seen on both tabs:
- Source - The domain name or IP address that's black/whitelisted.
- Country - The country associated with the IP address.
- Description - The friendly name giving to the Source or reason for the blacklist.
- Webmail - Whether the black/whitelist is enabled for this protocol.
- EAS - Whether the black/whitelist is enabled for this protocol.
- IMAP - Whether the black/whitelist is enabled for this protocol.
- LDAP - Whether the black/whitelist is enabled for this protocol.
- MAPI & EWS - Whether the black/whitelist is enabled for this protocol.
- POP - Whether the black/whitelist is enabled for this protocol.
- SMTP - Whether the black/whitelist is enabled for this protocol.
- WebDAV - Whether the black/whitelist is enabled for this protocol.
- XMPP - Whether the black/whitelist is enabled for this protocol.
- IP Bypass - For whitelists only, allows a system administrator to prevent spam checks and greylisting on email delivered from specific IP addresses.
- SMTP Auth Bypass - For whitelists only, whether SMTP Authentication is bypassed for the entry.
- IDS Brute Force - For whitelists only, whether the IDS Brute Force rules (including Password Brute Force by IP, Password Brute Force by Email, and Password Retrieval Brute Force) are bypassed for this entry.
- Bypass Spam Checks - For whitelists only, whether SMTP spam checks are bypassed for the entry.
- Bypass Greylisting
However, the following columns are only seen on the Whitelist tab.
Adding a new Blacklist
To create a new entry in the blacklist, click New. When adding or editing an entry, the following options will be available:
- IP Addresses (single, range or CIDR block) - When listing an IP address, enter a single IP address or an IP range in dotted quad notation. (E.g., 123.45.678.90, or 12.345.67.0/24). If an IP range is entered, all IP addresses within that range will be contained in the list.
- Description - Use this field to enter optional notes for understanding the various whitelist / blacklist entries. For example, "Office LAN IPs"
- Protocol(s) - Enable the protocol(s) you wish to include in the blacklist or whitelist entry. The available options are: SMTP, POP, IMAP and XMPP.
Be sure to click Save to add the entry.
Adding new Whitelist
To create a new entry in the blacklist or whitelist, click New. When adding or editing an entry, the following options will be available:
- Source - Whether the whitelist will be for a domain or an IP address or range.
- Domain Name - When Domain Name is the Source, this is the domain name to whitelist.
- IP Addresses (single, range or CIDR block) - When listing an IP address, enter a single IP address or an IP range in dotted quad notation. (E.g., 123.45.678.90, or 12.345.67.0/24). If an IP range is entered, all IP addresses within that range will be contained in the list.
- Description - Use this field to enter optional notes for understanding the various whitelist / blacklist entries. For example, "Office LAN IPs"
- Bypass IP for Spam Checks - When using a gateway, this will bypass spam checks for messages passed through the gateway.
- Bypass SMTP Authentication - Used for whitelists only, enabling this bypasses the need for SMTP authentication for whitelisted IPs or domains.
- Bypass IDS Brute Force - Used for whitelists only, enabling this bypasses IDS Brute Force checks for whitelisted IPs.
- Bypass Spam Checks - IMPORTANT NOTE: If SPF and DKIM spam checks are enabled, SmarterMail will run those checks on ALL emails, including those from trusted senders, whitelisted IP addresses and IP bypasses. Because anyone can write any return path that they want when sending a message, this extra check helps prevent spammers from flooding users with hundreds of messages that aren't truly from a trusted sender.
- Bypass Greylisting - Used for whitelists only, enabling this bypasses greylisting for whitelisted IPs.
- Protocol(s) - Enable the protocol(s) you wish to include in the blacklist or whitelist entry. The available options are: SMTP, POP, IMAP and XMPP.
Note: SmarterMail runs a check against the IPs listed in whitelist, blacklist and authentication bypass settings. This check looks at the number of IPs listed and will display a warning if the IPs listed represent a significant number. (E.g., a range greater than a /24.) While the warning does not affect the ability to save the settings, it is an indication that the system administrator may want to review the settings prior to adding the IP range.
SMTP Auth Bypass
Whitelisted IP addresses can bypass SMTP authentication, which is a security measure that can be very beneficial in the fight against spam and unauthorized email as it forces the sender to authenticate their username and password before an email is sent through the mail server. Unfortunately, some applications do not have support for SMTP authentication when sending mail. Most often, these are websites that have automated mail sending mechanisms. The solution is to add the IP addresses of these servers/sites to SmarterMail's Whitelist and enable SMTP Authentication Bypass. Whitelist entries with SMTP Auth Bypass enabled will not be asked to provide an SMTP Authentication login.
Importing/Exporting Settings
One of the primary reasons SmarterMail is so popular is that it's very easy for a system administrator to manage. Not only is SmarterMail's administration all web-based, many of the functions available for administrators can be exported from one machine and imported into another SmarterMail installation. This makes it easy for administrators to have a consistent set of security settings, antispam settings and more across all of the SmarterMail servers in use.
To import or export settings, simply click the Actions (⋮) button and select either option. When exporting, the settings are saved as a JSON file to the location specified in File Explorer. When importing files, a modal window opens and the corresponding JSON file can be dragged-and-dropped right in the modal or the file can be selected using File Explorer.