Print Page | Close Window

What order are the black/white lists applied?

Printed From: LogSat Software
Category: Spam Filter ISP
Forum Name: Spam Filter ISP Support
Forum Description: General support for Spam Filter ISP
URL: https://www.logsat.com/spamfilter/forums/forum_posts.asp?TID=515
Printed Date: 05 February 2025 at 9:07am


Topic: What order are the black/white lists applied?
Posted By: Guests
Subject: What order are the black/white lists applied?
Date Posted: 13 May 2003 at 12:53pm
There are some odd behaviours with blacklist/whitelist filtering when more than one filter may apply for email.  For instance, an email address that is blacklisted in the TO Email list that is not supposed to quarantine is still quarantined because the email came from a blacklisted country.  So the coutry blacklist was applied first?  Was the other filter applied at all?  Or does one hit do it?  I assume whitelists are all checked first.


Replies:
Posted By: Sean
Date Posted: 13 May 2003 at 1:37pm
I thik your asking if there is an order that the blacklist/whitelist are checked in. I wondered this myself, as well as if it is whitlisted does it ignore blacklist, I think it shoudl go in this order.

Posted By: Guests
Date Posted: 13 May 2003 at 2:21pm

Yes, I was wondering about the order or priority that the various filters are referenced.

I did have an instance where email from a sender from a whitelisted domain was quarantined because a text string in their email address coincided with an entry in my FROM Email blacklist.  (I block email addresses that have words such as "deals", "opt-in", "offers", etc.  So it appears the whitelists are not all applied first.  Probably the Unfiltered Emails though.

Posted By: LogSat
Date Posted: 13 May 2003 at 9:46pm

The process is as follows.

All the white lists are checked first. If a match is found, the blacklists are skipped, the email recipients are accepted, and SpamFilter is ready to accept the data command. If none of the whitelists are matched, then the blacklists are searched in the following order:

  1. Local FROM Domains Blacklist
  2. Local FROM Emails Blacklist
  3. No Reverse DNS (this is calculated at connection time)
  4. Reject Empty Mail From
  5. Reject Same To/From
  6. Recipient Count > Max RCPT TO
  7. Country Blacklisted
  8. Local Emails TO Blacklist
  9. Authorized TO Emails
  10. Allowed Domains
  11. MAPS check
  12. Keywords check

Going over the code to provide a detailed answer we just discovered that there is unexpected behavior when keywords matching the content filter are found. It seems as if only whitelisted "Unfiltered emails" and "Excluded Domains/IP" are correctly whitelisted. The other whitelists are ignored if there is a keyword match in the email. We will correct this in the next build.

Roberto Franceschetti
LogSat Software

Posted By: Guests
Date Posted: 25 June 2003 at 5:41pm

Roberto,

I am working with the following scenario: I want to block email directed to old (i.e. discontinued due to people no longer using them, or because they had attracted too much spam) email addresses on domains that I support (i.e. are on my white list for domains). If I do not block the emails at SpamFilter, they are forwarded to Exchange where that server attempts to send a non-delivery message... often to an invalid address. So I find myself flushing Exchange's queues of garbage that I'd rather block for a handfull of old email addresses on my various domains.

Admited problem: I've not yet figured out how to configure Exchange to discard email to invalid addresses without sending nd messages. If I can figure that out, then this scenario effectively becomes moot. But this seems like an issue that would arise in any situation where the email server doesn't provide sufficient controls, or the controls are difficult to implement (requiring scripts as opposed to adding names to lists).

Am I missing a better way to solve this problem? Or does this make sense as a supportable feature that would have general utility?

Tx,

Robert


Print Page | Close Window