HOW TO: Block all incoming email except a selected whitelist of senders

This section contains user-submitted tutorials.
Post Reply
User avatar
jimimaseye
Moderator
Moderator
Posts: 8859
Joined: 2011-09-08 17:48

HOW TO: Block all incoming email except a selected whitelist of senders

Post by jimimaseye » 2017-06-12 18:29

You may have a requirement to have a mailserver that is visible on the internet but wish to only allow a selected list of external addresses/senders. An example of this would be that you have an organisation that allow only a certain list of customers/contacts to deal with you (a 'whitelist' of customers) and reject all other emails from the internet that are not allowed.

There are 2 ways to achieve this:

One method (not being provided by me here) would be to use a script. First, a 'distribution list' could be set up as a whitelist holder (where all allowed senders are maintained). A script can cycle through the recipients, check them against the whitelist, and accept or reject them accordingly. The limitation is that the distribution list (the "whitelist") is being held in individual DOMAINS and so multi-domain systems would need to maintain multiple domains - each with their own allow list of addresses. An example of this using a Distribution list as an 'allowed' list method can be found here: viewtopic.php?f=20&t=28045

A simpler way (not requiring scripting) that would apply a single list to all incoming emails irrespective of the intended destination domain:

1, Add a DNSBL to your Antispam settings:

"Whitelist"
address: zz.countries.nerd.dk
resultcode: 127.*
score: 10 (or a high score of your choice)

This particular DNSBL returns a country specific code for every ip address checked. Catching and testing "127.*" will always match whatever is being returned.

2, Set your antispam settings to delete/reject with a score of 10 (or matching your chosen score above)

This should then return a true match for every email received and therefore they will always get rejected with code 554 (as every email originates from somewhere).

3, Use the normal Hmailserver WHITELIST settings to whitelist your chosen sender addresses. (more info: https://www.hmailserver.com/documentati ... itelisting)

This will allow you to exempt antispam testing, and therefore exempt the rejection of emails, by using the whitelist.

NOTE: Remember, though, if you whitelist an address....your are whitelisting an address from ALL antispam checks.
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

Post Reply