WinDeveloper IMF Tune

WinDeveloper IMF Tune
WinDeveloper IMF Tune
  • Home
  • Anti-Spam
  • Sender and Recipient Filtering Don't Care of IP Accept Lists

Sender and Recipient Filtering Don't Care of IP Accept Lists

Alexander Zammit

Alexander Zammit Photo

Software Development Consultant. Involved in the development of various Enterprise software solutions. Today focused on Blockchain and DLT technologies.

  • Published: Apr 05, 2006
  • Category: Anti-Spam
  • Votes: 5.0 out of 5 - 2 Votes
Cast your Vote
Poor Excellent

Exchange 2003 provides a fair mix of anti-spam technologies. Taking most features one by one, the configuration is intuitive and straight forward. Nevertheless once we move a step further from the basic configuration scenarios some unexpected surprises await unwary administrators.

When looking at the Exchange 2003 Sender, Recipient and Connection Filtering it is true to say that the configuration is fairly straight forward. Let's leave aside the Connection Filtering RBLs, which do give rise to some configuration difficulties. The rest is mostly a bunch of lists for blocking/allowing emails based on email addresses and the originating host IP.

Today I want to highlight the fact that operating these lists together may give rise to some unexpected results. I already dedicated an article to some weird behaviour involving IP Accept lists. Here we saw how IMF may still scan emails originating from IPs in this list. Today we discuss a similar problem, this time involving Sender and Recipient Filtering.

The job of Sender and Recipient Filtering is obviously that to identify and block senders and recipients. Similarly IP Deny/Accept lists are meant to block and allow emails based on the originating host IP. I will not delve into how to configure these. For more details refer to the articles discussing IP Accept lists and recipient filtering.

Now let's get straight to the point. Consider a case where the IP Accept list is configured together with sender and/or recipient filtering. What happens if an email matches both the IP accept list and one of the sender/recipient filtering entries? You already know where this is leading! The email is still rejected.

This type of situation is not uncommon. Consider the case where a mailbox is not allowed to receive external emails. Entering the mailbox address at the recipient filtering list does the job. All incoming emails are promptly rejected.

The same organization also has an internal application that may legitimately send emails to this mailbox. Emails are submitted via SMTP, triggering recipient filtering. At first the IP Accept list sounds like the right solution. After all this is also used to bypass IMF processing.

Indeed, in general white listing is expected to take precedence over black listing. This is standard practice in anti-spam solutions. Nevertheless recipient filtering is not as smart as IMF and the IP Accept list is ignored.

Solving this specific problem is possible. Here we could use the same solution suggested in the article Connection Filtering IP Accept List in Exchange SP2 where a similar problem was discussed.

This is done with the help of a new SMTP Virtual server. Recipient/Sender filtering enablement is done per virtual server. Thus all we need is to redirect internal applications to the new server and to keep filtering disabled. Internet email is not redirected, retaining filtering in place.

Setting up virtual servers is easy. You will just need a unique IP/port pair. These are only exposed internally, thus avoiding security sensitive network boundaries.

Clearly here I just gave one example to illustrate a scenario where the problem may crop up. Other scenarios exist where this solution is not appropriate and other workarounds might be available.

Copyright © 2005 - 2024 All rights reserved. ExchangeInbox.com is not affiliated with Microsoft Corporation