Blacklist / Whitelist
System administrators are able to control the IP addresses that are blacklisted from accessing, or whitelisted for access to, mail services. Blacklisting an IP address prevents it from making inbound connections, while whitelisting an IP address adds the IP as a trusted source, allowing connections to bypass relay restrictions that may be imposed, including spam filtering, greylisting and IDS rules. Exercise caution when granting whitelist status to a server, and be sure that you know what services on that server may send mail through your own.
NOTE: Internal IP addresses are whitelisted by default. If this is a concern, system administrators can edit these whitelist entries to disable whitelisting for one or more protocols or bypasses. However, internal IP addresses cannot be deleted.
By default, both of these tabs will be empty as SmarterMail has no way of knowing the IPs or IP Ranges that need to be blocked or granted access to its various services. However, once entries are added, the following details can be seen for each:
- Source - The domain name or IP address that's black/whitelisted.
- Country - The country associated with the IP address.
- Changed - The date/time the entry was last updated.
- SMTP - Whether the black/whitelist is enabled for this protocol.
- POP - Whether the black/whitelist is enabled for this protocol.
- IMAP - Whether the black/whitelist is enabled for this protocol.
- XMPP - Whether the black/whitelist is enabled for this protocol.
- Brute Force - For whitelists only, whether the IDS Brute Force rules (including Password Brute Force by IP, Password Brute Force by Email, and Password Retrieval Brute Force) are bypassed for this entry.
- SMTP Auth Bypass - For whitelists only, whether SMTP Authentication is bypassed for the entry.
- SMTP Spam Bypass - For whitelists only, whether SMTP spam checks are bypassed for the entry.
- Description - The description given for the entry.
Adding New Entries
To create a new entry in the blacklist or whitelist, click New. When adding or editing an entry, the following options will be available:
- Source - Whether you'll be whitelisting an IP address or domain name.
- IP Addresses (single, range or CIDR block) - When listing an IP address, enter a single IP address or an IP range in dotted quad notation. (E.g., 123.45.678.90, or 12.345.67.0/24). If an IP range is entered, all IP addresses within that range will be contained in the list.
- Domain Name - When listing a domain name, enter the domain name and extension. (E.g., example.com)
- Description - Use this field to enter optional notes for understanding the various whitelist / blacklist entries. For example, "Office LAN IPs"
- Protocol - Enable the protocols you wish to include in the blacklist or whitelist entry. The available options are: SMTP, POP, IMAP and XMPP.
- SMTP Auth Bypass - Used for whitelists only, enabling this bypasses the need for SMTP authentication for whitelisted IPs.
- SMTP Spam Bypass - Used for whitelists only, enabling this bypasses spam checks for whitelisted IPs. IMPORTANT NOTE: If SPF and DKIM spam checks are enabled, SmarterMail will run those checks on ALL emails, including those from trusted senders, whitelisted IP addresses and IP bypasses. Because anyone can write any return path that they want when sending a message, this extra check helps prevent spammers from flooding users with hundreds of messages that aren't truly from a trusted sender.
Note: SmarterMail runs a check against the IPs listed in whitelist, blacklist and authentication bypass settings. This check looks at the number of IPs listed and will display a warning if the IPs listed represent a significant number. (E.g., a range greater than a /24.) While the warning does not affect the ability to save the settings, it is an indication that the system administrator may want to review the settings prior to adding the IP range.
SMTP Auth Bypass
Whitelisted IP addresses can bypass SMTP authentication, which is a security measure that can be very beneficial in the fight against spam and unauthorized email as it forces the sender to authenticate their username and password before an email is sent through the mail server. Unfortunately, some applications do not have support for SMTP authentication when sending mail. Most often, these are web sites that have automated mail sending mechanisms. The solution is to add the IP addresses of these servers/sites to SmarterMail's Whitelist and enable SMTP Authentication Bypass. Whitelist entries with SMTP Auth Bypass enabled will not be asked to provide an SMTP Authentication login.
One of the primary reasons SmarterMail is so popular is that it's very easy for a system administrator to manage. Not only is SmarterMail's administration all web-based, many of the functions available for administrators can be exported from one machine and imported into another SmarterMail installation. This makes it easy for administrators to have a consistent set of security settings, antispam settings and more across all of the SmarterMail servers in use.
To import or export settings, simply click the Actions (⋮) button and select either option. When exporting, the settings are saved as a JSON file to the location specified in File Explorer. When importing files, a modal window opens and the corresponding JSON file can be dragged-and-dropped right in the modal or the file can be selected using File Explorer.
Copyright © SmarterTools Inc. All rights reserved.