ESET Online Help

Search English
Select the topic

Filtering and verification

You can configure Approved, Blocked and Ignored lists by specifying criteria such as IP address or range, domain name, etc. To add, modify or remove criteria, click Edit for to the list you want to manage.


note

IP addresses or Domains included in the Ignored lists will not be further tested by Antispam filtering, but other Antispam protection techniques will be applied.

Ignored lists should contain all internal infrastructure IP addresses / domain names. You can also include IP addresses / domain names of your ISP's or external sending mail servers that are currently blacklisted by one of the RBL or DNSBL (cloud blacklist – ESET's Blackhole List or third-party Blackhole List).

This allows you to receive emails from sources included in the ignored lists, even though their IP addresses are on the cloud blacklist. Such incoming emails are received and their content is further inspected by other Antispam protection techniques.

Approved IP list

Automatically whitelists emails originating from specified IP addresses. Email content will not be checked.

Blocked IP list

Automatically blocks emails originating from specified IP addresses.

Ignored IP list

List of IP addresses which will be ignored during classification. Email content will be checked. Use Is part of internal infrastructure slider bar if you are whitelisting your network's local IP addresses, see example below.

Blocked Body Domain list

Blocks email messages that contain specified domain in the message body. Only domains with real TLD (top-level domain) are accepted.

Ignored Body Domain list

Specified domains in the message body will be ignored during classification. Only domains with real TLD (top-level domain) are accepted.

Blocked Body IP list

Blocks email messages that contain specified IP address in the message body.

Ignored Body IP list

Specified IP addresses in the message body will be ignored during classification.

Approved Senders list

Whitelists emails originating from a specified sender. Only one sender address or a whole domain is used for verification based on the following priority:

1.SMTP 'MAIL FROM' address

2."Return-Path:" email header field

3."X-Env-Sender:" email header field

4."From:" email header field

5."Sender:" email header field

6."X-Apparently-From:" email header field

When adding a new item to the Approved Senders list, you can insert a top-level domain, second-level domain, or email address. Accepted formats:

.ext

domain.ext

user@domain.ext

Blocked Senders list

Blocks emails originating from a specified sender or domain. All identified sender addresses or whole domains are used for verification:

SMTP 'MAIL FROM' address

"Return-Path:" email header field

"X-Env-Sender:" email header field

"From:" email header field

"Sender:" email header field

"X-Apparently-From:" email header field

When adding a new item to the Blocked Senders list, you can insert a top-level domain, second-level domain, or email address. Accepted formats:

.ext

domain.ext

user@domain.ext

Approved Domain to IP list

Whitelists emails originating from IP addresses that are resolved from specified domains in this list. SPF (Sender Policy Framework) records are being recognized when resolving IP addresses.

Blocked Domain to IP list

Blocks emails originating from IP addresses that are resolved from specified domains in this list. SPF records are being recognized when resolving IP addresses.

Ignored Domain to IP list

List of domains that resolves to IP addresses which in turn will not be checked during classification. SPF records are being recognized when resolving IP addresses.

Blocked countries list

Blocks emails from specified countries. Blocking is based on GeoIP. If a spam message is sent from mail server with IP address listed in geolocation database for a country you have selected in the Blocked countries, it will automatically be marked as spam and an action will be taken according to Action to take on spam messages setting under Mail transport protection.


note

Body Domain lists accept domains with real TLD (top-level domain) only, according to the official Root Zone Database of TLDs.

If you want to add more entries, click Enter multiple values in the Add window and choose what separator should be used. It can be Newline, Comma or Semicolon.


example

Objective: Exclude your infrastructure's local IP addresses from Antispam protection by adding them into the Ignore IP list

Navigate to Advanced setup (F5) > Server > Antispam protection > Filtering and verification.

Click Edit next to Ignored IP list.

Click Add and specify IP address range of your network infrastructure (IP address range format 1.1.1.1-1.1.1.255). You can keep adding more ranges (or single IP addresses) to the list, if required.

Use the slider bar Is part of internal infrastructure.

Greylisting and SPF

Specify Domain to IP whitelist or IP whitelist to automatically bypass Greylisting and SPF. You can see Log files in the SMTP protection log. To use these options, you need to enable either Greylisting or SPF. In the case of the SPF, you need to enable Automatically reject messages if SPF check fails and/or Automatically bypass Greylisting if SPF check passes the setting.

Use antispam lists to automatically bypass Greylisting and SPF

When enabled, Approved and Ignored IP list will be used together with IP and Domain to IP whitelists to automatically bypass Greylisting and SPF.

IP whitelist

You can add IP address, IP address with mask, IP range. You can modify the list by clicking Add, Edit or Delete. Alternatively, you can import your custom list from a file instead of adding every single entry manually, click Import and browse for your file that contains entries you want to add to the list. Likewise, if you need to export your existing list to a file, select Export from the context menu.


note

Whitelists take precedence over blacklists, i.e., if an email contains both whitelisted and blacklisted address, it is whitelisted. Only the last sender address and up to the Maximum number of verified addresses from Received: headers are checked against whitelists. All addresses are checked against local blacklists.

Domain to IP whitelist

This option allows you to specify domains (e.g. domainname.local). To manage the list, use Add, Remove or Remove all. If you want to import your custom list from a file instead of adding every single entry manually, click Import and browse for your file that contains entries you want to add to the list. Likewise, if you need to export your existing list to a file, select Export from the context menu.


note

Greylisting and SPF is evaluated by Mail transport protection and allows you to use IP and Domain to IP whitelists, as well as Approved and Ignored IP list. However, if you are using SPF rules, none of these whitelists are taken into account for rules.