New function "always blacklist" or "conditional Whitelist" RSS Back to forum
@uwe.kortkamp:
Hello Uwe,
Thank you for sharing your feature requests. We appreciate your input and and will definitely consider adding them in future updates. Just to clarify, nothing you mentioned is impossible, but integrating these rules and tests into the current flow would require significant (re)designing and thus time to implement.
Since you are already aware of the program's current limitations, let me offer a few suggestions that could help you achieve the desired results:
1) If you need to blacklist an email that's already whitelisted, it may be a good indication that your filtering rules could use some optimization: Consider removing the problematic whitelist entries and adding them to the sender/IP exception list of the blacklist tests that led you to whitelist the recipient address in the first place. In general, there should be no need to whitelist an email unless it is absolutely necessary. For example, if emails of a recipient keep getting delayed by the Greylisting test, add the recipient email address to the Greylisting test's "Recipient Exceptions" list. This way, you can still check the incoming email against other blacklist tests.
2) If you need to quickly apply a custom ruleset to block certain emails, you can connect your "homemade" filter/script to ORF as an "External Agent" and have it check the incoming emails before most of the whitelist tests. More on this at:
-> https://vamsoft.com/support/docs/orf-help/6.8.3/adm-whitelisttestexceptions
-> https://vamsoft.com/support/docs/orf-help/6.8.3/adm-agents
If implementing this is beyond your expertise, feel free to reach out to us at , and we will see if we can help you setup the External Agent.
I hope the above proves helpful to you, but if you have any questions or need further help, just let me know.
Hello Daniel,
thanks for the feedback.
Unfortunately, with the whitelist entries mentioned, it's not that easy.
We have (over the last few years) created hundreds of manual HELO / reverse DNS / IP blacklist entries. We are in the fortunate position of dealing exclusively with (larger) corporate clients - none of whom definitely have an @yahoo / @gmx / @gmail etc. address.
Therefore, sometimes even these "big" providers are completely blocked. For daily work, this also works wonderfully - the term SPAM is almost unknown to our employees.
Of course, the situation is completely different (for example) with incoming applications. Here it is rather the rule that such incoming mails come from these large providers - and that is exactly why these addresses are listed as recipient whitelist entries.
But a real applicant, who then also sends to the publicly listed application address, would never use such terms as "Your account has been hacked..." / "Your Paypal account needs to be verified" and so on.
What I've already done in the meantime is to add the "Attachment Filtering Test" to the Whitelist Exception - so at least the "Bitcoin/Trader/Dollar" attachments stay out.
I had also looked at External Agents - but so far I haven't found anything that would address "my problem".
Therefore my wish / suggestion...
@uwe.kortkamp: I understand, Uwe. What I meant to say is that if you provide us with the description of the External Agent, along with the filtering rules and requirements (send it to ), we could probably create the script for you and assist you in setting it up with ORF as an External Agent.
Hello Daniel,
thank you very much for the offer.
I have now taken a different route:
ORF works (as a gateway service) on "the front" and forwards the mails to a "GFI Mailessentials" system. We had used this exclusively as an anti-virus gateway until now (and GFI forwards to our Exchange => 3 server)
I have now also activated content filtering at GFI level and will search there again for the phrases in question. GFI only receives (SPAM) mails that were allowed through ORF due to those Recipient-whitelist-entrys.
it would be nicer and in sum clearer to be able to create "Conditional Whitelist" entries at some point - but so it works for now, as desired
Kind regards
Uwe
@uwe.kortkamp:
Your feedback is very important in helping us improve our program. So, a big thank you for being a part of this!
We are definitely considering adding custom whitelist/blacklist rulesets to ORF in future versions.
For one of the next versions I would like to see a function "always blacklist". Sender/subject or similar, which are on THIS list always blacklist - even if they would actually be overridden by another whitelist entry.
We operate at a very strict AntiSpam policy via ORF - but also have some Recipient whitelist entries, as something could be sent to these recipients "from the wildest" senders (for example to application@... or sales@...).
Nevertheless, there are of course a few subjects here that I would like to block (e.g. "Your account has been hacked..." with malicious code attached).
Alternatively, one possibility would be to create conditional whitelist entries: RCPT Whitelist ONLY if not the following subject / no attachment containing the following string (e.g. *Bitcoin*)
Regards
Uwe