cancel
Showing results for 
Search instead for 
Did you mean: 

Blacklisting/Whitelisting problems (54419 and now 55215)

Community Gaffer
Community Gaffer
Posts: 12,799
Thanks: 630
Fixes: 62
Registered: 04-04-2007

Blacklisting/Whitelisting problems (54419 and now 55215)

Morning all,
Heads up that I've just posted this to Service Status as it would appear that whitelisting and blacklisting is broken Sad
Quote from: Service
We are currently investigating a problem with the blacklisting and whitelisting of email addresses using the Manage My Mail tool in the Member Centre.
Blacklisting or whitelisting a domain is not working correctly and some customers are reporting that they are still receiving email to blacklisted domains (or alternatively are receiving email identified as spam to whitelisted domains).
Blacklisting individual email addresses is still believed to be working however whitelisting individual email addresses also appears to be broken.
Our network engineers are investigating and further details will be provided as they become available.
Please accept our apologies for the inconvenience.

Moderator's Note: Added additional problem number to title as per reply #28. David (spraxyt)

Bob Pullen
Plusnet Products Team
If I've been helpful then please give thanks ⤵

33 REPLIES
freebird
Newbie
Posts: 9
Registered: 16-04-2008

Re: Blacklisting/Whitelisting problems (54419)

Hi Bob
Has there been any progress on this yet?  It's been over a month now and I'm still getting whitelisted domains trapped as spam  Embarrassed
Regards
Nigel
Moderator
Moderator
Posts: 17,191
Thanks: 883
Fixes: 101
Registered: 11-01-2008

Re: Blacklisting/Whitelisting problems (54419)

Still not resolved see http://usertools.plus.net/status/archive/1231255384.htm
Will Moderate For Thanks
Community Gaffer
Community Gaffer
Posts: 12,799
Thanks: 630
Fixes: 62
Registered: 04-04-2007

Re: Blacklisting/Whitelisting problems (54419)

OK, IronPort have been doing some tweaking and we believe that we might have made a bit of progress. Our internal testing shows that email sent to specific mailboxes from whitelisted domains/addresses is being marked clean (x-pn-pstn: Spam 0). This can be seen from he following headers in the received email:
X-SLBL-Result: SAFE-LISTED
X-pn-pstn: Spam 0

Mail from blacklisted email addresses is being rejected and mail from blacklisted domains is being deleted.
The problem lies with the safe/block lists on catch-all addresses which aren't working at all. This would work if we were still rewriting the 'To' address of emails as they enter the system, but we're not. We had to turn that functionality off due to this problem. This means that the 'To' address on a catch-all is now random which removes any form of key the IronPorts can use to look up which safe/block list to use.
In May IronPort are due to release a new build that allows address matching via LDAP - This might allow us to fix the whitelist and blacklisting for catch-all users. In the meantime though, I'm sorry to say that we might have hit a bit of a brick wall.
I'd appreciate it if people can do their own testing on the bits that should be working and report back. If your findings are the same as ours then I'll update the Service Status thread.

Bob Pullen
Plusnet Products Team
If I've been helpful then please give thanks ⤵

Marilia
Newbie
Posts: 1
Registered: 14-01-2009

Re: Blacklisting/Whitelisting problems (54419)

Hi,
I am new to this forum, so please forgive me if I am complaining about some ongoing or well known problem, but...  Embarrassed
Since beginning of December we are not receiving any of the tremendous amount of spam that we used to - what is great of course - but I am not receiving a newsletter that I used to subscribe and whose domain and email address I added to the whitelist of our email account.
It is also strange that only our catch all account receives one or two spam every other day and not the other accounts’ spam folders. My concern is if any other genuine message is being rejected by the Ironport.
Thanks for any feedback.
Marilia
pierre_pierre
Grafter
Posts: 19,757
Registered: 30-07-2007

Re: Blacklisting/Whitelisting problems (54419)

Welcome aboard
ChrisL
Grafter
Posts: 733
Thanks: 2
Registered: 13-12-2007

Re: Blacklisting/Whitelisting problems (54419)

@Marilia
Yes, good to hear from you!
I find 'catch-all' useful, but it has its drawbacks.  Random email addresses attract spam that specific mailboxes tend to avoid; and, as explained earlier in this thread, the Ironport safe- and block-lists are not working properly where 'catch-all' is used.
If you can manage without it, I would recommend you turn off 'catch-all' using the Manage My Mail tool in the Members' Centre.  You can set up as many specific mailboxes as you're likely to need, or use aliases, etc.
Chris
Community Gaffer
Community Gaffer
Posts: 12,799
Thanks: 630
Fixes: 62
Registered: 04-04-2007

Re: Blacklisting/Whitelisting problems (54419)

Quote from: Marilia
Since beginning of December we are not receiving any of the tremendous amount of spam that we used to - what is great of course - but I am not receiving a newsletter that I used to subscribe and whose domain and email address I added to the whitelist of our email account.

The solution to this will depend on why the email is getting rejected. It's likely to be for one of two reasons -

  • You have Edge Protection enabled and the email is getting deleted as blatant spam. If this is the case then the solution would be to either whitelist the address (see my comments on this below) or turn the feature off.
  • The IP address of the sending MTA is failing IronPort's Senderbase lookup. If this is happening then whitelisting won't make any difference and the only immediate solution would be to disable anti-spam filtering.

.
If you can provide the headers from one of these emails when they were getting through then I can probably warrant a guess at which of the above is occurring.
Regarding the Whitelisting, this does not work for catch-all addresses and it's unlikely to until IronPort release a new build of their software. I'll make an effort today to update the Service Status thread to this effect. You can get around this by creating aliases to your catch-all address - whitelisting works for aliases.
Quote
It is also strange that only our catch all account receives one or two spam every other day and not the other accounts’ spam folders. My concern is if any other genuine message is being rejected by the Ironport.

If you let me know what mailboxes you're not receiving spam to then I can send a spam email message to you to make sure things are working as they should?

Bob Pullen
Plusnet Products Team
If I've been helpful then please give thanks ⤵

ChrisL
Grafter
Posts: 733
Thanks: 2
Registered: 13-12-2007

Re: Blacklisting/Whitelisting problems (54419)

Quote from: Bob
Regarding the Whitelisting, this does not work for catch-all addresses and it's unlikely to until IronPort release a new build of their software. I'll make an effort today to update the Service Status thread to this effect.

The FAQ sticky on this forum could also do with an update?
Community Veteran
Posts: 38,208
Thanks: 898
Fixes: 54
Registered: 15-06-2007

Re: Blacklisting/Whitelisting problems (54419)

Just received an email from a blacklisted domain to my main email address.
One possibility is that the from address is "feedback@info.directfoto.co.uk" whereas I have blacklisted "directfoto.co.uk"  because they change the "info" part sometimes
Should I blacklist  "info.directfoto.co.uk" and any other "###.directfoto.co.uk" unless wild cards are permitted
Superuser
Superuser
Posts: 8,874
Thanks: 407
Fixes: 36
Registered: 06-04-2007

Re: Blacklisting/Whitelisting problems (54419)

The IronPort quarantine help page says the following formats are acceptable

  • user@domain.com

  • server.domain.com

  • domain.com

which could imply that domain.com would also block the sub-domain server.domain.com.
However later it says
You cannot allow or block a range of sub-domains using the following syntax: .domain.com. However, you can explicitly block a specific domain using the following syntax: server.domain.com.
Surely if leaving off the initial dot would achieve what is required the help page would say so; hence I think one has to conclude that only complete domains (everything after the @) will be acted upon.
There is no mention of wild-card characters being allowed. Sad
David
David
freebird
Newbie
Posts: 9
Registered: 16-04-2008

Re: Blacklisting/Whitelisting problems (54419)

Hi Bob
The IronPort changeover seems to be yet another un-tested PN upgrade.  Has anyone at PN heard of "change management" and the need to test ALL functionality of a software/hardware upgrade?  I work for a corporate IT dept as a level 3 sysadmin / developer and if I rolled out changes like this, I would be no longer.  Test, test and test again before inflicting changes on your users  Cry  Whitelisting is a somewhat *important* email function that must be reliable ... either that or don't offer it in the first place.
Regards
Nigel
ChrisL
Grafter
Posts: 733
Thanks: 2
Registered: 13-12-2007

Re: Blacklisting/Whitelisting problems (54419)

[deleted by poster. unhelpful]
Community Veteran
Posts: 19,090
Thanks: 428
Fixes: 21
Registered: 31-08-2007

Re: Blacklisting/Whitelisting problems (54419)

@spraxyt
Hi David, we could obviously do with a definitive answer to this asap.
@Bob
I've read your updated service status, and I'm sorry but I think it's misleading. Most non-techie people will give up reading about half way down (or before) IMHO, ie before they get to
Quote
Unfortunately this blacklisting and whitelisting is only working for emails that are addressed to specific mailboxes, aliases and redirects.
If you have a 'catch-all' email address then emails to this address will bypass the blacklist and whitelist checks.
It is unlikely that we will be able to introduce blacklisting and whitelisting without our email security vendor releasing a new build of their software.

The opening statement
Quote
Email addresses and domains added to customers' approved and blocked sender lists are now being accepted/refused as per design.
is not right, to which the words "for specific mailboxes, their aliases and redirects." need to be added.
This would make the first sentence in the first above referred quote redundant and the 2nd sentence could be amended to read "If you have a 'catch-all' email address then emails to this address, it's aliases and redirects, will bypass the blacklist and whitelist checks".
The 3rd of those sentences could be amended to read "It is unlikely that we will be able to introduce full blacklisting and whitelisting without our email security vendor releasing a new build of their software."
This is all of course, on the assumption that I have correctly understood how things are ACTUALLY working.
Community Veteran
Posts: 19,090
Thanks: 428
Fixes: 21
Registered: 31-08-2007

Re: Blacklisting/Whitelisting problems (54419)

Right, I don't think I have correctly understood how things are ACTUALLY working. Having re-read the FAQ sticky in the forum, I'm now thinking ANY alias whether for a catch-all or specific mailbox will get checked against the whitelist (and blacklist? or is that different?). Is it EXACTLY the same for redirects?
The only thing that seems clear is that mail to specific mailboxes and aliases or redirects to these mailboxes get checked against the white and black lists.
I think we need specific 'one-line' statements about EACH of the other situations.
@Bob
So can we please have some clarification.