ESET Online Help

Search English
Select the topic

Filtering and verification

You can configure Approved, Blocked and Ignored lists by specifying criteria , including IP address or range and domain name. To add, modify or remove criteria, click Edit for the list you want to manage.


note

IP addresses or Domains included in the Ignored lists will not be tested against RBL or DNSBL, but other antispam protection techniques will be applied.

Ignored lists should contain all internal infrastructure IP addresses/domain names. You can also include IP addresses/domain names of your ISPs or external sending mail servers that are currently blacklisted by one of the RBL or DNSBL (ESET's Blackhole List or third-party Blackhole List). This allows you to receive emails from sources in the ignored lists, even though they are blacklisted. These incoming emails are received, and other antispam protection techniques further inspect their content.

Approved IP list

Automatically whitelists emails originating from specified IP addresses. Email content will not be checked.

Blocked IP list

Automatically blocks emails originating from specified IP addresses.

Ignored IP list

List of IP addresses that will be ignored during classification. Email content will be checked.

Blocked Body Domain list

Blocks email messages that contain a specified domain in the message body. Only domains with real TLD (top-level domain) are accepted.

Ignored Body Domain list

Specified domains in the message body will be ignored during classification. Only domains with real TLD (top-level domain) are accepted.

Blocked Body IP list

Blocks email messages that contain a specified IP address in the message body.

Ignored Body IP list

Specified IP addresses in the message body will be ignored during classification.

Approved Senders list

Whitelists emails originating from a specified sender. Only one sender address or a whole domain is used for verification based on the following priority:

1.SMTP 'MAIL FROM' address

2."Return-Path:" email header field

3."X-Env-Sender:" email header field

4."From:" email header field

5."Sender:" email header field

6."X-Apparently-From:" email header field

Blocked Senders list

Blocks emails originating from a specified sender. All identified sender addresses or whole domains are used for verification:

SMTP 'MAIL FROM' address

"Return-Path:" email header field

"X-Env-Sender:" email header field

"From:" email header field

"Sender:" email header field

"X-Apparently-From:" email header field

Approved Domain to IP list

Whitelists emails originating from IP addresses that are resolved from specified domains in this list. SPF (Sender Policy Framework) records are recognized when resolving IP addresses.

Blocked Domain to IP list

Blocks emails originating from IP addresses that are resolved from specified domains in this list. SPF records are recognized when resolving IP addresses.

Ignored Domain to IP list

List of domains that resolves to IP addresses which will not be checked during classification. SPF records are recognized when resolving IP addresses.

Blocked countries list

Blocks emails from specified countries. Blocking is based on GeoIP. If a spam message is sent from mail server with an IP address listed in a geolocation database for a country you have selected in Blocked countries, it will automatically be marked as spam and an action will be taken according to the Action to take on spam messages setting under Mail transport protection.

If you want to add mulitple entries at one time, click Enter multiple values in the Add window and choose what separator should be used, it can be Newline, Comma or Semicolon.


example

Objective: Exclude your infrastructure's local IP addresses from antispam protection by adding them to the Ignore IP list

Select Advanced setup (F5) > Server > Antispam protection > Filtering and verification.

Click Edit next to Ignored IP list.

Click Add and specify the IP address range of your network infrastructure (IP address range format 1.1.1.1-1.1.1.255). If required, you can keep adding more ranges (or single IP addresses) to the list.

Use the slider bar Is part of internal infrastructure.

Greylisting and SPF

Specify a Domain to IP whitelist or IP whitelist to automatically bypass Greylisting and SPF. You can see Log files in the SMTP protection log. To use these options, you must enable Greylisting or SPF or both. With SPF, you need to enable the Automatically reject messages if SPF check fails and/or Automatically bypass Greylisting if SPF check passes setting.

Use antispam lists to automatically bypass Greylisting and SPF

When enabled, Approved and Ignored IP lists will be used together with IP whitelists to automatically bypass Greylisting and SPF.

IP whitelist

You can add IP addresses, IP addresses with mask and IP ranges. You can modify the list by clicking Add, Edit or Delete. Alternatively, you can Import or Export files. Use the browse button ... to select a location on your computer to open or save the configuration file.

Domain to IP whitelist

This option allows you to specify domains (domainname.local). To manage the list, use Add, Remove or Remove all. If you want to import your custom list from a file instead of adding entires manually, right-click in the middle of the window and select Import from the context menu, then browse for your file (.xml or .txt) that contains entries you want to add. Likewise, select Export from the context menu if you need to export your existing list.


note

Greylisting and SPF is evaluated by Mail transport protection and allows you to use IP and Domain to IP whitelists, and the Approved and Ignored IP list. However, if you are using SPF rules, none of these whitelists are considered for rules.