1 (edited by frank.daeuble 2016-02-17 22:00:01)

Topic: Why Greylisting whitelist_domains

==== Required information ====
- iRedMail version (check /etc/iredmail-release): v0.9.4
- Linux/BSD distribution name and version: Debian 6
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL
- Web server (Apache or Nginx): Apache
- Manage mail accounts with iRedAdmin-Pro? v2.3.1 (MySQL)
- Related log if you're reporting an issue:
====

If I want to whiltelist a domain I could do it in two ways:

add the domain to the first field (whitelist_domains), what would end in adding IP Address in second field
or
add @domain to the second field (whitelists)

What is the benefit of having the IP vs the sender-domain in the list?

By the way: how can I suggest better translating?

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: Why Greylisting whitelist_domains

If you want to whitelist a mail domain for greylisting service, the first field is the best. iRedMail has a cron job to query the SPF or MX (if SPF is not available) records of mail domain, then store the IP addresses/networks specified in SPF/MX as whitelisted senders (for greylisting service).

frank.daeuble wrote:

By the way: how can I suggest better translating?

You can post in forum, or mail me directly. You can also help translate/fix the whole translation file if you have some time.

We have a short tutorial for you:
http://www.iredmail.org/docs/translate.iredadmin.html

3

Re: Why Greylisting whitelist_domains

Thanks for the explanation. I am sorry, but I still not understand, why using the IP is better, than matching the sender-domain.

If the IP address/network is whitelisted, than all senders which uses this mailserver would get whitelisted. Why should I trust a sender(domain), only because he is using the same server?

On the other hand, if I add the domain in the second field, than all senders from this domain are whitelisted - no matter which server they came from.


Also Thanks for the translation tutorial - I will send you the related file.

4

Re: Why Greylisting whitelist_domains

frank.daeuble wrote:

why using the IP is better, than matching the sender-domain.

If the IP address/network is whitelisted, than all senders which uses this mailserver would get whitelisted. Why should I trust a sender(domain), only because he is using the same server?

On the other hand, if I add the domain in the second field, than all senders from this domain are whitelisted - no matter which server they came from.

Think about this: which one is easier to fake? The sender domain (or email address) in email, or the sender IP address?
I understand your concern, but i think whitelisting IP address/network for greylisting service is better.

Note: we're talking about whitelisting sender for greylisting service, iRedMail still performs spam/virus scanning and other checks before/after the email enters mail queue.

5

Re: Why Greylisting whitelist_domains

Ok now I got it - good point about fake the sender domain.
Thanks for your explanation and the great piece of software!