Enable DNS blacklist test for whitelisted domains. - ORF Forums

Enable DNS blacklist test for whitelisted domains. RSS Back to forum

1

I am using ORF 4.2 registeded version and we have many customer domains in whitelist database, as some times we had issues in receiving mails from these customers. Now in recent times we are experiencing many spammers spoofing the sender id as one of the whitlisted domains and sending lot of spams, and due to whitelisting ORF is not scanning these emails. Is there any way we can configure ORF to enable some basic tests like DNS balcklist for whitlisted domains as well?

by Nagaraj 8 years ago
2

@Nagaraj: Unfortunately, it is not possible to configure ORF for DNS Blacklists to override any of the whitelists. In general, whitelists enjoy precedence over blacklists - otherwise, they could not really fulfill their role.

There are a couple of options to choose from.

1) Remove the sender in question from the Sender Whitelist. Very often spammers pick large and well-known domains to spam in the name of them, thus whitelisting these domains like gmail.com might not be the best option. If allowed by your network setup, the Auto Sender Whitelist could help here when configured to Per User mode. In this mode, the Auto Sender Whitelist will whitelist emails only if there was a history of conversation between the sender and recipient.

2) Enable the SPF Test and make sure it is configured as a Whitelist Test Exception (both option can be configured under Configuration / Tests / Tests in the ORF Administration Tool). In this mode, the SPF Test will take precedence over most of the whitelists and will check if the sender is forged, before the Sender Whitelist would be triggered. The sender domain in question has to have an SPF policy published.

Please let me know if any of the above helped.

by Peter Karsai (ORF Team) 8 years ago
(in reply to this post)

New comment

Fill in the form below to add a new comment. All fields are required. If you are a registered user on our site, please sign in first.

It will not be published.
hnp1 | hnp2