SpamWall Operations Manual

System Blacklist

The System Blacklist screen is where the SpamWall admin can configure the system to reject email from any given email address, domain or IP address.

Email from a "blacklisted" email address, domain or IP address will always be considered as being either Spam or otherwise undesirable for acceptance and will be rejected by the system immediately on connection by the sending email server.

To configure your SpamWall system to blacklist an email address, domain or IP address simply add the entries in the box provided in the System Blacklist screen, one entry per line as shown in the following illustration and select the "Add Entries" button.


SpamWall System Blacklist

The blacklisted email addresses, domains or IP addresses will appear on the screen below where they can be deleted if necessary by selecting the check box next to the entry you wish to delete and then hitting the "Delete" button. There is also a search function which will allow you to search for entries in the System Blacklist either by specifying a full or partial email address, domain or IP address.

The "Mail Server Response" section is for specifying a URL, email address or message which the blacklisted sender will receive as a response if their email address, domain or IP address is contained in the local blacklist and therefore rejected by your SpamWall system.

The default response is "Blocked - See http://spamwall.yourname.com/bl_remove.htm" which will refer the blacklisted sender to a web page hosted on your SpamWall system. This page will explain to the user that their email address, domain or IP address may be contained in the local blacklist on your SpamWall system and they can choose to contact you to have this removed from the blacklist at your discretion. The address to which these blacklist removal notifications will be sent is the "Admin Email Address" which is specified in the System Settings screen of your SpamWall system.

Alternatively, you can choose to send another message of your choice to the blacklisted senders, which can either be something like "You are blacklisted - contact us at name@yourdomain.com for removal" or "Blacklisted, access denied" or something of this nature. You can also choose to leave this section entirely blank if you do not wish to send any particular message to blacklisted senders and the SpamWall system will output a default "Sender rejected" response with no additional message. You can choose to make whatever response you like the default response for future System Blacklist additions by checking the "Make default" check box next to the Mail Server Response field when adding an entry.

It is also possible to specify IP address "ranges" for blacklisting purposes. for instance, if you wanted to blacklist the entire "192.168.173.xxx" and 172.31.200.xxx IP address ranges, these being entire "Class C" networks, you would enter these in the field provided as in the following illustration:

SpamWall System Blacklist 2


An important thing to note is that email address and domain blacklisting (and whitelisting) on systems such as the SpamWall is based on what is known as the "envelope sender" which would be the real sender address or domain and this can be different from the "Reply to" or "From" sender seen in an actual email message. This would be because anyone can use or "forge" any email address or domain in the "Reply to" or "From" field in their email client, which can in many email clients be specified as anything genuine or not, but it is more difficult for Spammers to forge the email address associated with the envelope sender.

The envelope sender is usually easy to find in the email header by looking for the "envelope-from" reference.

This would be an example:

Return-Path: <name@domain.com>
Received: from example.com (example.com [192.168.173.200])
by example.com (8.14.5/8.13.4) with ESMTP id p6SFs52o080567
for <username@example.com>; Thu, 29 Mar 2012 15:54:11 GMT
(envelope-from name@domain.com) <<---------- THIS IS THE ENVELOPE SENDER ADDRESS


It's important to be careful when blacklisting entire IP address ranges as this can potentially cut your system off from receiving legitimate email from mail servers located on these networks.

 

next topic RBL Blacklists