Scan emails from intermediate hosts / intranet - ORF Forums

Scan emails from intermediate hosts / intranet RSS Back to forum

1

Some of our inbound email is generated by our own servers in the DMZ where users fill in web-based forms. The web server then sends the mail directly to the ORF server.

We would like to run selected tests to scan the content of the emails for spam, but ORF automatically whitelists any email from IP's on private networks - with no exceptions.

Is it possible to have ORF scan these emails?

ORF 6.6.1

by aeleus 1 year ago
2

@aeleus: Hello aeleus,

I am afraid that is not possible. By desing, ORF excludes intranet and outbound emails from filtering automatically. There is no way to overwrite this policy.

by Daniel Novak (Vamsoft) 1 year ago
(in reply to this post)

3

The inability of ORF to scan emails from hosts in private IP ranges is limiting ORF's usefulness and forcing our organization to consider alternative solutions.

I understand that ORF doesn't currently support it, but to say it's "not possible" is absurd. If I can add an IP address to the list of intermediate hosts, I can remove it. Simply let admins determine what is "intermediate" and edit the *entire* list.

This one change would dramatically increase ORF's usefulness and the number of scenarios where it could apply.

by aeleus 1 year ago
4

@aeleus: The Intermediate Hosts List (IHL) specifies where your (extended) network ends and where the Internet (i.e. the outside world) begins. This information, together with the trace route in the message header, is needed to determine the correct sender IP address of the email. You may learn more about this process here: https://vamsoft.com/support/docs/orf-help/6.7/headeranalysis

The IPv4 / IPv6 localhost and intranet IP ranges are hardcoded into ORF and cannot be removed from the IHL. Emails sent by intranet hosts are automatically excluded from filtering, by design, to avoid the accidental blacklisting of internal and outbound messages. Therefore, it is currently not possible to force ORF to filter intranet emails.

We will probably never allow the removal of hard-coded IP ranges from the IHL list, because the accidental editing of that list, or misunderstanding its use, could cause absolute havoc within an organization. However, we will consider your feature request to allow you to specify tests and/or filter expressions that should be allowed to blacklist intranet and outbound emails as well.

I hope this clarifies things, but let me know if you have further questions.

by Daniel Novak (Vamsoft) 1 year ago
(in reply to this post)

5

@Daniel Novak (Vamsoft): Thank you for the reply, Daniel.

I understand the purpose of the IHL. I also understand that many (perhaps most?) of your customers do not. Hard-coding the IHL may save them from misconfigurations and your support team a lot of headaches.

For those of us who have more complex networks and scenarios, it means ORF's usefulness is diminished.

I hope you and your team will consider enabling us to edit the IHL as an "advanced" feature.

Regards

by aeleus 1 year ago
(in reply to this post)

6

interesting information

by Essier12 1 year ago
7

There are non-RFC 1918 networks that can also be used in DMZs.
See: https://www.rfc-editor.org/rfc/rfc5737
3. Documentation Address Blocks
The blocks 192.0.2.0/24 (TEST-NET-1), 198.51.100.0/24 (TEST-NET-2), and 203.0.113.0/24 (TEST-NET-3) are provided for use in documentation.

by rg305mia 10 months ago

New comment

Fill in the form below to add a new comment. All fields are required. If you are a registered user on our site, please sign in first.

It will not be published.
hnp1 | hnp2