1 Topic by pappastech

  • pappastech
  • Member
  • Offline
  • Registered: 2013-09-17
  • Posts: 18

Topic: AWL Forever

==== Required information ====
- iRedMail version (check /etc/iredmail-release): 0.8.7
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL
- Web server (Apache or Nginx): Apache
- Linux/BSD distribution name and version: CentOS
- Related log if you're reporting an issue:
====

Is it possible to auto whitelist any e-mail address to which my users send an e-mail? I have a very irate user that's been communicating with a potential customer for weeks, and suddenly an incoming e-mail from that potential customer was quarantined. If my users send an e-mail to abc@xyz.com, abc@xyz.com should be added to the global whitelist forever. How can I make this happen?

Tom

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by 7t3chguy

  • 7t3chguy
  • 7t3chguy
  • Forum Moderator
  • Offline
  • From: United Kingdom
  • Registered: 2015-01-08
  • Posts: 713

Re: AWL Forever

From addresses can be spoofed, this idea is an invitation to get spammed

7t3chguy's Website

3 Reply by pappastech

  • pappastech
  • Member
  • Offline
  • Registered: 2013-09-17
  • Posts: 18

Re: AWL Forever

7t3chguy wrote:

From addresses can be spoofed, this idea is an invitation to get spammed

Except that the server requires authentication to send e-mail anyway. So if the user has a valid username and password, the To e-mail address should get whitelisted. This isn't an option, I'm just asking how to do it.

Tom

4 Reply by 7t3chguy

  • 7t3chguy
  • 7t3chguy
  • Forum Moderator
  • Offline
  • From: United Kingdom
  • Registered: 2015-01-08
  • Posts: 713

Re: AWL Forever

I mean From, on incoming e-mails. So a whitelist on a From address can be mis-used to allow any piece of spam in, which claims that it is from that e-mail address.

7t3chguy's Website

5 Reply by pappastech

  • pappastech
  • Member
  • Offline
  • Registered: 2013-09-17
  • Posts: 18

Re: AWL Forever

7t3chguy wrote:

I mean From, on incoming e-mails. So a whitelist on a From address can be mis-used to allow any piece of spam in, which claims that it is from that e-mail address.

Well sure, but I'm wanting to whitelist the To address in e-mails that my users send. Something like this...

After user is authenticated...
Grab e-mail addresses from the 'To' field and whitelist all.
Continue with scanning and sending of e-mail to destination.

I don't want to whitelist based on the From field.

Tom

6 Reply by 7t3chguy

  • 7t3chguy
  • 7t3chguy
  • Forum Moderator
  • Offline
  • From: United Kingdom
  • Registered: 2015-01-08
  • Posts: 713

Re: AWL Forever

Yes, but the To field of your Users, is the From field of foreign accounts. That From field can be forged too, by Spammers especially.

You send an email to example@foo.bar,
someone spoofs example@foo.bar and it bypasses your whitelist

7t3chguy's Website

7 Reply by pappastech

  • pappastech
  • Member
  • Offline
  • Registered: 2013-09-17
  • Posts: 18

Re: AWL Forever

7t3chguy wrote:

Yes, but the To field of your Users, is the From field of foreign accounts. That From field can be forged too, by Spammers especially.

You send an email to example@foo.bar,
someone spoofs example@foo.bar and it bypasses your whitelist

Yes it would...now how do I implement this? The user doesn't care about false negatives as much as false positives when $100k contracts are in the mix.

Tom