Working with private whitelists for SMTP connections
Use Domino® private whitelist filters to specify exceptions to blacklist filters. Prior to the introduction of private whitelist filters, to exclude a host from blacklist filter processing, you had to either define the client's mail server as a relay exception -- which creates a security risk, or disable the DNS blacklists filters. Now you can use private whitelist filters to specify the hosts and/or domains to exclude from blacklist processing. Hosts that are specified in private whitelists are exempt from blacklist checks. Whitelisted hosts bypass blacklist filter checks but there are other controls which may prevent the message from being accepted. Members of the private whitelist are still subjected to connection, relay, sender, and recipient controls.
Before you begin
About this task
Whitelists can be used independently of blacklists.
When private whitelists are enabled, the SMTP listener task compares hosts that may be subject to relay enforcement against the defined private whitelist. If there is a match, the private blacklist, DNS whitelists, and DNS blacklists are skipped. Otherwise, processing continues beginning with the private blacklist.
Using private whitelist filters
Procedure
- From the Domino® Administrator, click the Configuration tab and expand the Messaging section.
- Click Configurations.
- Select the Configuration Settings document for the server on which you are enabling private whitelist filters.
- Click .
- Complete these fields in the Private Whitelist
Filters section and then click Save and Close.
Table 1. Private Whitelist Filters Field
Action
Private Whitelist Filters
Note: Private whitelist filtering applies only to hosts subject to inbound relay enforcement.Choose Enabled to allow the SMTP listener task to determine if connecting hosts have been whitelisted, that is, to determine whether they have been entered in the field Whitelist the following hosts.
By default this setting is disabled.
Whitelist the following hosts
Enter IP addresses or host names of the systems to add to the whitelist.
IP ranges and masks are supported. Wildcards can be used except within ranges.
Desired action when a connecting host is found in the private whitelist
Choose one of these:
- Silently skip blacklist filters -- All actions skip blacklist filter checks. No logging occurs and all actions skip blacklist filters. This is the default setting.
- Log only -- Records the host name and IP address of the connecting server found in the private whitelist.
- Log and tag message -- Logging occurs in the same manner as in
the Log only option. Tags the message by adding the Note item,
$DNSWLSite
, to messages accepted from whitelisted hosts. The value of$DNSWLSite
will bePrivateWhitelist
.
Viewing private whitelist statistics
About this task
The SMTP listener task maintains a statistic to keep a cumulative count of the number of connections accepted from whitelisted hosts. The statistic, SMTP.PrivateWL.TotalHits, can be viewed using the Domino® Administrator client, or by issuing this command from the server console:
show stat SMTP