Whitelist a domain

Similar Messages

• How to "whitelist" email domain

  I recently got a HP 8500A with ePrint capablities. I want to limit the people that can send to the printer by email using the email filtering.
  Is there any way to add an email domain? Is there a wildcard character to use to allow all users in a domain to send to the printer (eg *.business.net or ?.business.net)? I want to avoid having to add all the different email addresses independently and then try to keep it updated as the users on the domain change.

  Hey Amnestic!
  At this time, no. Currently the only way to add people to the authorized user list is per email address. I don't know whether this will change in the future but if it does, the information will more than likely be posted here on these forums. One thing I can tell you is that our spam filter is quite strict so if you'd like to set it to 'Everyone' you shouldn't receive any spam.
  Hope this helps!
  If I have solved your issue, please feel free to provide kudos and make sure you mark this thread as solution provided!
  Although I work for HP, my posts and replies are my own opinion and not those of HP.

• Whitelist for domain names (send and receive)

  We have this constant issue where our mail server gets loaded up with emails to and from domains that our in no way connected with ours.
  Our external firewall prevents these from going out, but they still remain in the Mail Queue. Is there any way to make a white list so that our domain names need to be included in either the sender OR the receiver and then just delete any other SMTP attempts?
  Thanks!
  Bonus Question. Is there a program I can install on the server that can tell me what IP addresses are sending those emails?

  You're potentially running an open relay, and (if that's the case) you'll want to address that.
  The open relay can arise via misconfigured mail server, or via a web vulnerability in some web services thing (content management system, etc) you're running.
  It's also possible that the server is correctly configured, and that there's an infected client box operating behind your mail server within your domain, or that's external but authorized to use your mail server.
  And the unauthorized variation: being a breached password.
  You'll want to secure the mail server first and foremost; filtering the outbound domain in the messages won't be particularly reliable, as these folks will just send from your domain and leave you to a: get your mail server blacklisted and b: deal with the backscatter.
  nb: [This question is cross-posted|http://discussions.apple.com/message.jspa?messageID=11693934]

• Cisco ISE 1.3 Email Domain WhiteList

  In ISE version 1.2.x, you were able to whitelist all of the domains you wanted to be able to send email messages to, from the ISE:
  In 1.3, I do not see this capability:
  Here's what I'm trying to do.  When a guest user wants to use our guest wireless network, I want them to use self-registration.  When they choose our guest SSID, it'll intercept the traffic, and redirect them to our guest portal.  This works just fine.  At the bottom of the page, there's a link that says, "Don't have an account?".   They click on that link, which brings them to the self-registration form.  They fill out the information, and click on Submit.  I want an email to be sent to the email address of the person that they're visiting.  In the self-registration form, there's a field "Person You're visiting (email address)".  I do not want them to be able to send an email to themselves.  In 1.2, it was possible to do this simply by whitelisting our domain, as the only email domain you could send a message to.  In 1.3, that capability isn't there.  Also, in order to send an email to the person that they're visiting, it requires approval from that person.  If you don't have that option selected, and email doesn't go to the "Person being visited". 
  If anyone has any thoughts, it would be very much appreciated.  Thanks!

  Refer the link :
  http://www.cisco.com/c/en/us/td/docs/security/ise/1-3/admin_guide/b_ise_admin_guide_13/b_ise_admin_guide_sample_chapter_011100.html#reference_9D8AECAB38164664B5A1CFCAA99CC97C

• Whitelist a whole domain in IronPort C370?

  Hi!
  I have a customer that can't send emails to us cause of bad reputation.  Not sure how am going to whitelist their domain.
  Their domain is: domainABC.com
  Their SMTP servers is A.domainXYZ.com, B.domainXYZ.com, C.domainXYZ.com.
  What should i put in the HAT - Whitelist?
  domainABC.com? domainXYZ.com? A, B, C.domainXYZ.com? The IPs of the SMTP-servers?
  Thanks for the help!

  To whitelist or blocklist any domain including subdomains use .domainABC.com, the "." in front of domainABC.com instructs any sub domain as well. Now you have to understand if domainABC.com is sending from their own servers. If they are using a hosted system that is shared by others it could create issues. Generally it would be advisable to get the IP address of the servers with the bad reputation and put them in a temporary allow list. I say allow because if you use the default whitelist please understand it by default does not do spam scanning.
  Tom

• OS X 10.9 Server Mail Domain Whitelisting

  I just cannot understand why this isn't working.
  I've added gmail, googlemail, mac, me, icloud to the whitelist, but emails from those domains still get greylisted:
  $ sudo serveradmin settings Mail | grep whitelist
  Mail:postfix:add_whitelist_domain:_array_index:5 = "gmail.com"
  Mail:postfix:add_whitelist_domain:_array_index:6 = "googlemail.com"
  Mail:postfix:add_whitelist_domain:_array_index:7 = "mac.com"
  Mail:postfix:add_whitelist_domain:_array_index:8 = "me.com"
  Mail:postfix:add_whitelist_domain:_array_index:9 = "icloud.com"
  Mail:postfix:domain_whitelist:_array_index:5 = "gmail.com"
  Mail:postfix:domain_whitelist:_array_index:6 = "googlemail.com"
  Mail:postfix:domain_whitelist:_array_index:7 = "mac.com"
  Mail:postfix:domain_whitelist:_array_index:8 = "me.com"
  Mail:postfix:domain_whitelist:_array_index:9 = "icloud.com"
  I tried:
  $ sudo serveradmin settings Mail:postfix:whitelist_enabled = yes
  2014-05-02 02:56:37.103 serveradmin[2894:507] Error: servermgr_mail: postconf read error: /usr/sbin/postconf: warning: whitelist_enabled: unknown parameter
  2014-05-02 02:56:37.104 serveradmin[2894:507] unable to save key: whitelist_enabled (unknown parameter)
  I've tried restarting the mail service and restarting the computer.
  Has anyone been successful in whitelisting a domain on 10.9 Server?
  May  2 02:37:47 example.com postfix/smtpd[1398]: connect from mail-oa0-f48.google.com[209.85.219.48]
  May  2 02:37:47 example /usr/libexec/postfix/greylist.pl[1403]: Temporary message rejection to: <[email protected]> from: <[email protected]> sent from: [209.85.219.48] for: 60 seconds due to greylisting
  May  2 02:37:48 example.com postfix/smtpd[1398]: NOQUEUE: reject: RCPT from mail-oa0-f48.google.com[209.85.219.48]: 450 4.7.1 <[email protected]>: Recipient address rejected: Service is unavailable; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<mail-oa0-f48.google.com>
  May  2 02:37:48 example.com postfix/smtpd[1398]: disconnect from mail-oa0-f48.google.com[209.85.219.48]

  #!/usr/bin/perl
  use DB_File;
  use Fcntl;
  use Sys::Syslog qw(:DEFAULT setlogsock);
  # Usage: greylist.pl [-v]
  # Demo delegated Postfix SMTPD policy server. This server implements
  # greylisting. State is kept in a Berkeley DB database.  Logging is
  # sent to syslogd.
  # How it works: each time a Postfix SMTP server process is started
  # it connects to the policy service socket, and Postfix runs one
  # instance of this PERL script.  By default, a Postfix SMTP server
  # process terminates after 100 seconds of idle time, or after serving
  # 100 clients. Thus, the cost of starting this PERL script is smoothed
  # out over time.
  # To run this from /etc/postfix/master.cf:
  #    policy  unix  -       n       n       -       -       spawn
  #      user=nobody argv=/usr/bin/perl /usr/libexec/postfix/greylist.pl
  # To use this from Postfix SMTPD, use in /etc/postfix/main.cf:
  #    smtpd_recipient_restrictions =
  #          reject_unauth_destination
  #          check_policy_service unix:private/policy
  # NOTE: specify check_policy_service AFTER reject_unauth_destination
  # or else your system can become an open relay.
  # To test this script by hand, execute:
  #    % perl greylist.pl
  # Each query is a bunch of attributes. Order does not matter, and
  # the demo script uses only a few of all the attributes shown below:
  #    request=smtpd_access_policy
  #    protocol_state=RCPT
  #    protocol_name=SMTP
  #    helo_name=some.domain.tld
  #    queue_id=8045F2AB23
  #    [email protected]
  #    [email protected]
  #    client_address=1.2.3.4
  #    client_name=another.domain.tld
  #    instance=123.456.7
  #    sasl_method=plain
  #    sasl_username=you
  #    sasl_sender=
  #    size=12345
  #    [empty line]
  # The policy server script will answer in the same style, with an
  # attribute list followed by a empty line:
  #    action=dunno
  #    [empty line]
  # greylist status database and greylist time interval. DO NOT create the
  # greylist status database in a world-writable directory such as /tmp
  # or /var/tmp. DO NOT create the greylist database in a file system
  # that can run out of space.
  # In case of database corruption, this script saves the database as
  # $database_name.time(), so that the mail system does not get stuck.
  $database_name="/Library/Server/Mail/Data/gldb/greylist.db";
  $whitelist_host_file="/Library/Server/Mail/Data/gldb/whitelist_host";
  $whitelist_domain_file="/Library/Server/Mail/Data/gldb/whitelist_domain";
  $whitelist_db_name="/Library/Server/Mail/Data/gldb/whitelist.db";
  $greylist_delay=60;
  # Auto-whitelist threshold. Specify 0 to disable, or the number of
  # successful "come backs" after which a client is no longer subject
  # to greylisting.
  $auto_whitelist_threshold = 10;
  # Syslogging options for verbose mode and for fatal errors.
  # NOTE: comment out the $syslog_socktype line if syslogging does not
  # work on your system.
  $syslog_socktype = 'unix'; # inet, unix, stream, console
  $syslog_facility="mail";
  $syslog_options="pid";
  $syslog_priority="info";
  sub add_whitelist {
            # check for null host name
            my ($_host_name) = $attr{"host_name"};
            if ($_host_name eq "") {
                      syslog $syslog_priority, "Warning: missing whitelist host name attribute";
                      return 0;
            # Open the database on the fly.
            open_whitelist_db() unless $whitelist_db_obj;
            # Is host already in white list
            $value = read_whitelist_db($attr{"host_name"});
            # Add host if not in database
            if ($value == 0) {
                      syslog $syslog_priority, "adding host: %s to whitelist host", $attr{"host_name"} if $verbose;
                      update_whitelist_db($attr{"host_name"}, 1);
                      open WHITELIST_FILE, ">> $whitelist_host_file" or
                                syslog $syslog_priority, "Error: unable to open whitelist host file: %s", $whitelist_host_file;
                      print WHITELIST_FILE "$attr{\"host_name\"}\n";
                      close WHITELIST_FILE;
  sub add_whitelist_domain {
            # check for null host name
            my ($_domain_name) = $attr{"domain_name"};
            if ($_domain_name eq "") {
                      syslog $syslog_priority, "Warning: missing whitelist domain name attribute";
                      return 0;
            # Open the database on the fly.
            open_whitelist_db() unless $whitelist_db_obj;
            # Is domain already in white list
            $value = read_whitelist_db($attr{"domain_name"});
            # Add domain if not in database
            if ($value == 0) {
                      syslog $syslog_priority, "adding domain: %s to whitelist doman", $attr{"domain_name"} if $verbose;
                      update_whitelist_db($attr{"domain_name"}, 1);
                      open WHITELIST_FILE, ">> $whitelist_domain_file" or
                                syslog $syslog_priority, "Error: unable to open whitelist domain file: %s", $whitelist_domain_file;
                      print WHITELIST_FILE "$attr{\"domain_name\"}\n";
                      close WHITELIST_FILE;
  # Demo SMTPD access policy routine. The result is an action just like
  # it would be specified on the right-hand side of a Postfix access
  # table.  Request attributes are available via the %attr hash.
  sub smtpd_access_policy {
      my($key, $time_stamp, $now, $count, $domain);
      # Open the database on the fly.
      open_database() unless $database_obj;
      # Open the whitelist database on the fly.
      open_whitelist_db() unless $whitelist_db_obj;
      # Check if domain is whitelisted
            $domain = get_domain_name($attr{"client_name"});
            $count = read_whitelist_db($domain);
            if ($count > 0) {
                      syslog $syslog_priority, "domain: %s is whitelisted", $domain if $verbose;
                return "dunno";
      # Check if host is whitelisted
            $count = read_whitelist_db($attr{"client_name"});
            if ($count > 0) {
                      syslog $syslog_priority, "host: %s is whitelisted", $attr{"client_name"} if $verbose;
                return "dunno";
      # Search the auto-whitelist.
      if ($auto_whitelist_threshold > 0) {
          $count = read_database($attr{"client_address"});
          if ($count > $auto_whitelist_threshold) {
                return "dunno";
      # Lookup the time stamp for this client/sender/recipient.
      $key =
            lc $attr{"client_address"}."/".$attr{"sender"}."/".$attr{"recipient"};
      $time_stamp = read_database($key);
      $now = time();
      # If this is a new request add this client/sender/recipient to the database.
      if ($time_stamp == 0) {
            $time_stamp = $now;
            update_database($key, $time_stamp);
      # The result can be any action that is allowed in a Postfix access(5) map.
      # To label mail, return ``PREPEND'' headername: headertext
      # In case of success, return ``DUNNO'' instead of ``OK'' so that the
      # check_policy_service restriction can be followed by other restrictions.
      # In case of failure, specify ``DEFER_IF_PERMIT optional text...''
      # so that mail can still be blocked by other access restrictions.
      syslog $syslog_priority, "request age %d", $now - $time_stamp if $verbose;
      if ($now - $time_stamp > $greylist_delay) {
            # Update the auto-whitelist.
            if ($auto_whitelist_threshold > 0) {
                update_database($attr{"client_address"}, $count + 1);
            return "dunno";
      } else {
            # Apple
            syslog $syslog_priority, "Temporary message rejection to: <$attr{\"recipient\"}> from: <$attr{\"sender\"}> sent from: [$attr{\"client_address\"}] for: $greylist_delay seconds due to greylisting";
            return "defer_if_permit Service is unavailable";
  # You should not have to make changes below this point.
  sub LOCK_SH { 1 };          # Shared lock (used for reading).
  sub LOCK_EX { 2 };          # Exclusive lock (used for writing).
  sub LOCK_NB { 4 };          # Don't block (for testing).
  sub LOCK_UN { 8 };          # Release lock.
  # Log an error and abort.
  sub fatal_exit {
      my($first) = shift(@_);
      syslog "err", "fatal: $first", @_;
      exit 1;
  # Open hash database.
  sub open_database {
      my($database_fd);
      # Use tied database to make complex manipulations easier to express.
      $database_obj = tie(%db_hash, 'DB_File', $database_name,
                                          O_CREAT|O_RDWR, 0644, $DB_BTREE);
            if ( !$database_obj ) {
                      # don't prevent mail deliveries due to corrupt database
                      my $db_backup = $database_name . "." . time();
                      syslog $syslog_priority, "Warning: open failed for: %s : backing up to: %s",
                                                                                            $database_name, $db_backup;
                      rename $database_name, $db_backup ||
                                fatal_exit "Can't save %s as %s: $!", $database_name, $db_backup;
                      # try again
                      $database_obj = tie(%db_hash, 'DB_File', $database_name,
                                                    O_CREAT|O_RDWR, 0644, $DB_BTREE) ||
                                                    fatal_exit "Cannot open database %s: $!", $database_name;
      $database_fd = $database_obj->fd;
      open DATABASE_HANDLE, "+<&=$database_fd" ||
            fatal_exit "Cannot fdopen database %s: $!", $database_name;
      syslog $syslog_priority, "open %s", $database_name if $verbose;
  # Open hash whitelist database.
  sub open_whitelist_db {
      my($whitelist_db_fd);
      # Use tied database to make complex manipulations easier to express.
            $whitelist_db_obj = tie(%db_hash, 'DB_File', $whitelist_db_name,
                                          O_CREAT|O_RDWR, 0644, $DB_BTREE);
            if ( !$whitelist_db_obj ) {
                      # don't prevent mail deliveries due to corrupt database
                      my $db_backup = $whitelist_db_name . "." . time();
                      syslog $syslog_priority, "Warning: open failed for: %s : backing up to: %s",
                                                                                            $whitelist_db_name, $db_backup;
                      rename $whitelist_db_name, $db_backup ||
                                fatal_exit "Can't save %s as %s: $!", $whitelist_db_name, $db_backup;
                      # try again
                      $whitelist_db_obj = tie(%db_hash, 'DB_File', $whitelist_db_name,
                                                    O_CREAT|O_RDWR, 0644, $DB_BTREE) ||
                                                    fatal_exit "Cannot open database %s: $!", $whitelist_db_name;
      $whitelist_db_fd = $whitelist_db_obj->fd;
      open WHITELIST_DB_HANDLE, "+<&=$whitelist_db_fd" ||
            fatal_exit "Cannot fdopen database %s: $!", $whitelist_db_name;
      syslog $syslog_priority, "open %s", $whitelist_db_name if $verbose;
  # Read database. Use a shared lock to avoid reading the database
  # while it is being changed. XXX There should be a way to synchronize
  # our cache from the on-file database before looking up the key.
  sub read_database {
      my($key) = @_;
      my($value);
      flock DATABASE_HANDLE, LOCK_SH ||
            fatal_exit "Can't get shared lock on %s: $!", $database_name;
      # XXX Synchronize our cache from the on-disk copy before lookup.
      $value = $db_hash{$key};
      syslog $syslog_priority, "lookup %s: %s", $key, $value if $verbose;
      flock DATABASE_HANDLE, LOCK_UN ||
            fatal_exit "Can't unlock %s: $!", $database_name;
      return $value;
  # Read database. Use a shared lock to avoid reading the database
  # while it is being changed. XXX There should be a way to synchronize
  # our cache from the on-file database before looking up the key.
  sub read_whitelist_db {
      my($key) = @_;
      my($value);
      flock WHITELIST_DB_HANDLE, LOCK_SH ||
            fatal_exit "Can't get shared lock on %s: $!", $whitelist_db_name;
      # XXX Synchronize our cache from the on-disk copy before lookup.
      $value = $db_hash{$key};
      syslog $syslog_priority, "whitelist lookup %s: %s", $key, $value if $verbose;
      flock WHITELIST_DB_HANDLE, LOCK_UN ||
            fatal_exit "Can't unlock %s: $!", $whitelist_db_name;
      return $value;
  # Update database. Use an exclusive lock to avoid collisions with
  # other updaters, and to avoid surprises in database readers. XXX
  # There should be a way to synchronize our cache from the on-file
  # database before updating the database.
  sub update_database {
      my($key, $value) = @_;
      syslog $syslog_priority, "store %s: %s", $key, $value if $verbose;
      flock DATABASE_HANDLE, LOCK_EX ||
            fatal_exit "Can't exclusively lock %s: $!", $database_name;
      # XXX Synchronize our cache from the on-disk copy before update.
      $db_hash{$key} = $value;
      $database_obj->sync() &&
            fatal_exit "Can't update %s: $!", $database_name;
      flock DATABASE_HANDLE, LOCK_UN ||
            fatal_exit "Can't unlock %s: $!", $database_name;
  # Update database. Use an exclusive lock to avoid collisions with
  # other updaters, and to avoid surprises in database readers. XXX
  # There should be a way to synchronize our cache from the on-file
  # database before updating the database.
  sub update_whitelist_db {
      my($key, $value) = @_;
      syslog $syslog_priority, "store whitelist host %s: %s", $key, $value if $verbose;
      flock WHITELIST_DB_HANDLE, LOCK_EX ||
            fatal_exit "Can't exclusively lock %s: $!", $whitelist_db_name;
      # XXX Synchronize our cache from the on-disk copy before update.
      $db_hash{$key} = $value;
      $whitelist_db_obj->sync() &&
            fatal_exit "Can't update %s: $!", $whitelist_db_name;
      flock WHITELIST_DB_HANDLE, LOCK_UN ||
            fatal_exit "Can't unlock %s: $!", $whitelist_db_name;
  # Parse hostname to obtain domain name
  sub get_domain_name {
      my($in_host_name) = @_;
      my($value);
            my($count) = 0;
            @tokens = split(/\./, $in_host_name);
            $count = $#tokens;
            $value=$tokens[$count-1] . "." . $tokens[$count];
            return $value;
  # Signal 11 means that we have some kind of database corruption (yes
  # Berkeley DB should handle this better).  Move the corrupted database
  # out of the way, and start with a new database.
  sub sigsegv_handler {
      my $backup = $database_name . "." . time();
      rename $database_name, $backup ||
            fatal_exit "Can't save %s as %s: $!", $database_name, $backup;
      fatal_exit "Caught signal 11; the corrupted database is saved as $backup";
      my $wl_backup = $whitelist_db_name . "." . time();
      rename $whitelist_db_name, $wl_backup ||
            fatal_exit "Can't save %s as %s: $!", $whitelist_db_name, $wl_backup;
      fatal_exit "Caught signal 11; the corrupted database is saved as $wl_backup";
  $SIG{'SEGV'} = 'sigsegv_handler';
  # This process runs as a daemon, so it can't log to a terminal. Use
  # syslog so that people can actually see our messages.
  setlogsock $syslog_socktype;
  openlog $0, $syslog_options, $syslog_facility;
  # We don't need getopt() for now.
  while ($option = shift(@ARGV)) {
      if ($option eq "-v") {
            $verbose = 1;
      } else {
            syslog $syslog_priority, "Invalid option: %s. Usage: %s [-v]",
                      $option, $0;
            exit 1;
  # Unbuffer standard output.
  select((select(STDOUT), $| = 1)[0]);
  # Receive a bunch of attributes, evaluate the policy, send the result.
  while (<STDIN>) {
      if (/([^=]+)=(.*)\n/) {
            $attr{substr($1, 0, 512)} = substr($2, 0, 512);
      } elsif ($_ eq "\n") {
            if ($verbose) {
                for (keys %attr) {
                      syslog $syslog_priority, "Attribute: %s=%s", $_, $attr{$_};
                      if ( $attr{"request"} eq "smtpd_access_policy" ) {
                                $action = smtpd_access_policy();
                      } elsif ( $attr{"request"} eq "whitelist" ) {
                                $action = add_whitelist();
                      } elsif ( $attr{"request"} eq "whitelist_domain" ) {
                                $action = add_whitelist_domain();
                      } else {
                                fatal_exit "unrecognized request type: '%s'", $attr{request};
                      syslog $syslog_priority, "Action: %s", $action if $verbose;
                      print STDOUT "action=$action\n\n";
                      %attr = ();
      } else {
            chop;
            syslog $syslog_priority, "warning: ignoring garbage: %.100s", $_;

• Ironport Whitelist and related questions

  Hi all,
  I have recently started at a new position for a company that is utilising ironport as the email spam filtering/virus checking appliance.
  Almost immediately after starting in my position issues were being discussed, where the senderbase reputation scoring was marking a sister companies mail as spam - obviously due to a bad reputation.
  It was important that these mails were delivered and the obvious answer seemed to be to whitelist the domains, which was implemented by another support person. After the whitelist setting was applied though the mails were still be rejected due to being suspected spam - there is no quarantine setup.
  Today I logged into the boxes to see if I could syslog the mail logs to a seperate linux server and suddenly got wrapped up in this problem. I had a look and could see the domains in the whitelist section within the HAT, after doing some reading I can confirm the whitelist section was ordered as being number 1 in the list and by looking further it looks like the whitelist domains were via the 'add to sender group' button within the monitoring overview screens (this is assumed as both .sistercompany.com and sistercompany.com were appended to the whitelist).
  After a few hours of reading up I couldn't understand why the whitelist wasn't working, I even did a lookup of the domain in the monitoring overview search section for mail recieved by sistercompany.com and could see that it belonged in the whitelist group. I got further confused when reading the help and support guide - it had screenshots that looked very similar to our setup [within the HAT overview and Mail Policies], however it had an sbrs for the whitelist set between 6 and 10, where as that was blank on our system, nowhere in the document would it describe why this sbrs value was set. Bearing in mind I have only had a few hours of experience with this product, so these maybe silly questions but:
  Why would you add an sbrs value to the whitelist - I would have thought whitelists would ignore any score presented.
  If number 1 has nothing to do with why these domains were still being flagged as spam, has anyone got any suggestions as to what the issue maybe?
  For a small bit of information we have the C660 appliances installed.
  Any help would be much appreciated

  I'm taking a wild guess here since there are a lot of missing details. Forgive me if I'm covering ground you've already trod.
  Remember that the HAT controls how incoming SMTP connections are handled, so entries in the HAT must correspond to the remote SMTP servers that are connecting to you. You don't put the "domain" part of "user@domain" in the HAT ("sistercompany.com" in your case), you put in the the domain names of the actual remote SMTP servers or a wildcard that matches them all. In your case, this might be ".sistercompay.com" (note the leading "." indicating that this will match any domain name ending with ".sistercompany.com"), but only if their SMTP servers have host names in that domain.
  Whitlisting by domain name requires that the IP addresses of those remote SMTP servers have correct rDNS. If they don't, you'll have to list them in the HAT by IP address. FYI, we never put anything in the HAT by IP address unless it is unavoidable. Using domain names and requiring correct rDNS forces good DNS hygiene, and also provides a layer of abstraction. The server's address can change, but so long as the DNS is kept up to date we don't have to change our HAT entries.
  You can see from the mail logs what sender group is being applied on each SMTP connection. Find one of the rejected messages in the log and see what sender group its connection landed in. If it didn't land in the whitelist (which will almost certainly be the case, given that the message was not in fact whitelisted), then you know the HAT entry is wrong. You can also use the log to determine the actual domain name of the remote server, assuming the rDNS for its IP address is correct.
  The example screenshot in the manual showing SBRS between 6 and 10 being whitelisted is demonstrating that you can whitelist by SBRS as well as by explicit listing in the sender group. Your whitelist simply isn't doing this, which is fine. In this age of rampant spamming from stolen accounts on reputable servers, whitelisting by SBRS can let spam in. We raised the lower limit from 6 to 8 several years ago after getting hit in this exact way.
  ++Don

• Z10 faulty code BUG - emails may not be sent/released if you have a hosted domain with email accounts

  let me preface this by saying I have been a loyal blackberry user, screaming from my soapbox about blackberry for many many years and that I am not a techie and really wish blackberry all the best.
  however, today my blackberry faith has been completely crushed and i don't want anyone to go through this pain.
  I just confirmed  that the z10 in it's current OS and the way in which email is formatted does not meet certain code requirements CRLF RFC ??  As such any emails routed through to a hosting provider will likely be blocked from leaving their servers. It has to do with headers, date stamps and formatting of the emails as read by spam blockers as they apprear from the blackberry OS
  what happened to me is that emails showed as sent, and then i was wondering why i never head back from clients. Bingo. they never got it. 
  After extensive phone calls, testing accounts with BB, hosting domain and Rogers, it became clear this was a z10 issue.
  So any small business owners that use large hosting providers that have strict spam and code requirements BEWARE. In all liklihood you will experience great difficulties in emailing anyone (read they won't get them).
  Gmail and hotmail work fine.
  Before you mention them...STMP and SSL and ports do not make a difference in my case. This has been confirmed. Trust me.
  Is it a nice device? Yes.  Does it have potential? yes.  Does it meet my  most basic email needs? NO
  to top it all off, i just extended my contract to get this phone. If I'm lucky, from the sounds of it, it might work after two future OS updates.
  I am flabbergasted by this huge oversight and really do wish blackberry well, but if this doesn't get fixed when they get U.S. customers...I think they are going to be TORN apart.
  Blackberry are you listening?
  Feel free to send me some sort of love or compensation for my previous years of devout loyalty, my being trapped in a contract in your name and for bringing this issue to your attention.
  signed
  heart broken with a shiny new useless z10 which apparently can't return now. 

  Hi there, so when I was speaking with bb I was told that this fix would not make it into the update.  I have no reason to believe that this issue is resolved as the update rolled out shortly after my lengthy discussion so by then I assume the update was already with the carriers for review.
  Perhaps you can raise this issue with them again and give them a test account to see what they can do. I know how much this sucks and this needs to be escalated continuously to make it into the next updates. 
  Also see if your hosting provider can help by whitelisting your domain and turn off spam blockers.
  Wish you well 

• Mms.cfg whitelist for localstorage

  As of now, we use mms.cfg to block all local storage of shared objects.  Our developers have requested that we open up storage for one of their flash projects.  I don't want to allow ALL sites the ability to create and store shared objects, just from our domain.  Is there anyway, through mms.cfg, that I can create a whitelist of domains that are allowed to create shared objects and block all other sites?

  I read that guide before posting the question, but couldn't find what I was looking for.  It may be in there, but I couldn't find it... as of now, my mms.cfg file includes the following lines:
  LocalStorageLimit=1
  ThirdPartyStorage=0
  This effectively prohibits shared objects from being created and stored locally (at least it seems it does) from any domain.  What specifically would I need to include so that write access is blocked for all sites except for any domain that I have listed?  As far as I can see, it appears to be an all or nothing type of thing.

• Email bounce backs and delivery failures

  Over the past few months my client has started having trouble sending emails to a few domains (worked fine for multiple years).  The timing of these failures seems to match the new anti-spam software ISP are using.
  Our internal exchange server shuttles pop3 mail to our local ISP via popcon (program).  Not sure is the information in the message headers is the issue, how to change it, or what to do next.
  One feedback:
  "I also dealt with a similar issue a few days where an Exchange 2013 server which had been happily running for over a year, with the exact same settings as
  it used for 3 years previous on Exchange 2010 suddenly and mysteriously stopped sending to certain recipients but randomly, with the same error message as we see here. We suspected later that perhaps some mail servers on the internet were tightening things
  up when it comes to dealing with Spam etc."  The issue was in the Exchange servers FQDN. (Fully Qualified Domain Name)
  So far I have:
  1) restarted the ‘Transport Service’
  2) Updated send connector EHLO or HELO to bcbuildingtrades.org
  Here is a message header from a failed email:
  Diagnostic information for administrators:
  Generating server: bcyt.local
  [email protected]
  #550 4.4.7 QUEUE.Expired; message expired ##
  Original message headers:
  Received: from FILESERVER.bcyt.local ([fe80::f44a:5231:60f1:4519]) by
  FILESERVER.bcyt.local ([fe80::f44a:5231:60f1:4519%14]) with mapi id
  14.01.0218.012; Tue, 2 Sep 2014 11:26:01 -0700
  From: BC Building Trades <[email protected]>
  To: BC Building Trades <[email protected]>, BC Building Trades
          <[email protected]>
  Subject: RE: John MacTavish BCBCBTU Constitution Meeting: Wednesday,
  September 3, 2014
  Thread-Topic: John MacTavish BCBCBTU Constitution Meeting: Wednesday,
  September 3, 2014
  Thread-Index: Ac/DEBF+4GZ9fh2STdipo6AwiH8sMQDyotzw
  Date: Tue, 2 Sep 2014 18:26:00 +0000
  Message-ID: <[email protected]>
  Accept-Language: en-US, en-CA
  Content-Language: en-US
  X-MS-Has-Attach:
  X-MS-TNEF-Correlator:
  x-originating-ip: [fd7b:c71e:611b:0:69a3:67a5:2baf:593a]
  Content-Type: multipart/alternative;
          boundary="_000_B050148A9707274AA84DC8B1B93386997920417BFILESERVERbcytl_"
  MIME-Version: 1.0

  Hi
  Can you not ask your ISP to whitelist those domains you sending to? Also just verify that your domain is not listed at all, you can do so on MXToolbox.com
  Hope this helps. Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

• Intermittent bounce backs and non receiving of emails

  Lately I has discovered that some people in various parts of the world have been sending me emails and I never get the emails. So other friends have been get bounce back emails when they send to my .mac. I have been having so many problems with .mac mail and I can not take it anymore. I no so many with similar problems however it seems Apple will not address these issues. And yes my junk mail setting is off. Is gmail the only reliable email solution??

  Hi
  Can you not ask your ISP to whitelist those domains you sending to? Also just verify that your domain is not listed at all, you can do so on MXToolbox.com
  Hope this helps. Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

• 550 5.7.1 Command not allowed

  We are having issues with several things at the moment in Exchange 2013.  
  One particular outside email address is returning the following code when replying to an email from within the organization:
  <<< 550 5.7.1 Command not allowed 554 5.0.0 Service unavailable
  The second issue is related as it pulls a similar code.  When one particular user sends an email from her account, or an attached account to a third specific account, she gets the following message:
  Diagnostic code = SubmissionProhibited; Reason code = TransferFailed; Status code = 571
              < #5.7.1 smtp;550 5.7.1 Command not allowed>
  No other user has issues sending to that account.
  The third message happened once today, and is sporadic.  When another user emails a specific group, she gets returned with: Your message can't be delivered because delivery to this address
  is restricted.
  We've had some SMTP issues in the past where it would intermittently not send a message, but I don't know if its related, or how to fix it.  Any suggestions?

  Hello,
  If all these users are trying to send to a specific smtp, you need to contact their administrator to whitelist your domain/users. Some times, they need to add permission to receive external emails to their mailbox, distribution list etc.
  Regards from ExchangeOnline.in|Windows Administrator Area | Skype:[email protected]

• Newest Firefox will not allow my Lotus Notes to fully load

  Previous Firefox allowed me to easily access my work Lotus Notes at home.
  Installed newest Firefox: Lotus Notes partially loads (I get all of the tool bars, etc) but none of my email content loads (the portion of LN that shows emails is empty).
  Error window says:
  A Domino Web Access script error has occurred that might result in missing data within the current page. If your current operation did not complete, click OK, and then refresh your browser display.
  Show details
  But when I do OK/refresh nothing new happens.
  Help!

  I personally verified ant it is really working. It is sufficient to install the '''Remote XUL manager''' in a very simple way:
  1) Install the addon: [https://addons.mozilla.org/en-US/firefox/addon/remote-xul-manager/]
  2) Open the config dialog of the addon and insert the name of the domain that you want to allow (for example in my case it was the first part of the web adress of my job, where I am forced to use Lotusnotes)
  Then everything works fine as before with Firefox 3.6.
  I am not an expert but I understand that Firefox doesn't want to support anymore XUL because of safety concerns, this is the reason why you are supposed to make a whitelist of domains allowed.

• Browser for low-end laptop

  Hi,
  my girlfriends laptop is running arch linux (I installed it for her a year ago...). The problem is that it's not a high performance machine but rather low-end instead. It's an "Acer Extensa 5635Z" (Intel Pentium Dual Core T4200, Intel GMA, 2 gig ram, some kind of slow laptop hdd...). All she does on this machine is browsing the web (facebook, last.fm, simfy.de) and listening to music. Occasionally she may rip some audio cds and stuff... The only process that literally kills the machine is firefox and/or flash. She tends to open around 30 - 90 tabs with all kinds of facebook stuff where it seems to be the case that everyone is posting stupid youtube "links" all the time. She needs that many tabs for all the stuff she plans to review. This means she treats "tabs" as some kind of "to read" shelf. I have tried to get here to use bookmarks but this feels to "clumsy" for her and she says she would "forget" about stuff when its not "opened".
  This situation will not get better. So I'm desperately in search of a very light browser that may enable her to handle the load she produces. Can't use chromium because it has no "search bar" and I'm not getting here to put search terms into the location bar. We tried midori but it died a segfault death soon after...
  The desktop environment we're using is xfce at the moment. I could go as low as fluxbox but I fear that won't improve much. Any ideas?

  I have a much low end computer (4 years old computer 1.2 Gb RAM Celeron M 1.6 Ghz processor). Your laptop is powerful to run the browser of your choice (choosing a different one would not make a real difference). I now prefer google chrome (I use the open source version chromium): it seems more responsive than Firefox (you can search in the address bar, I do not see the problem). The performance problems most probably comes from flash animations and javascript. If you use Firefox, I suggest to install flasblock (block all flash animation unless clicked, possibility to whitelist some domain). For javascript, some sites may be a processor hog. Install the yesscript extension: it enable javascript by default but allow to stop it by clicking on an icon. I suggest you to install a CPU monitor, so you can easily identify which tabs pose problems and block javascript/flash inside them.
  Now 30-90 tabs is a lot. It might still work by making sure javascript/Flash are blocked in all but one tab. But maybe it would be better to proceed differently. Putting bookmarks on the bookmark bar seems a good idea. It seems that it make little difference for the user: you see the sites in the bookmark bar instead of the tab bar. Only one tab is open at once anyway.
  Last edited by olive (2011-07-19 20:15:38)

• ICloud falsely marks some mail as junk

  iCloud Mail has started classifying all email I receive from Second Life as junk. Those email are marked as junk and move to the iCloud Junk folder.
  I would rather filter my email on my iMac.
  I have tried "training" iCloud Mail by logging into the web interface and manually clicking Not Junk. I read that this would stop marking email from that address as junk. However, the return addresses are 'tokenized' ([email protected]im.agni.lindenl ab.com) so the next message from that person will have a different address.
  I don't see any setting to whitelist the domain (@im.agni.lindenlab.com) or to disable junk mail filtering altogether in iCloud.

  Try the following first.
  Go to Mail > Preferences > Junk Mail and deselect "Enable junk mail filtering".
  Quit and re-launch the Mail.app.
  Go to Mail > Preferences > Junk Mail and reselect "Enable junk mail filtering".
  FYI - the Junk Filter learns in the same way regardless if set to Training or Automatic and continues to learn when set to Automatic if working properly.
  I would also switch Junk Mail from Training to Automatic and after doing so, go to Mail > Preferences > Accounts and under the Mailbox Behaviors tab for the account preferences (for each account), there is an "Erase messages in the junk mailbox when:" selection.
  Setting Junk Mail to Automatic will provide a Junk folder in the mailboxes drawer below the Trash folder. An account named Junk mailbox under Junk will be created automatically by Mail for each account that has previously received a message that was automatically or manually marked as junk.
  When set to Automatic, any message that is automatically marked as junk when received will be automatically transferred to the account's Junk mailbox getting this garbage out of the account's Inbox mailbox. You can set each account's Junk mailbox to be automatically deleted after one day or one week as desired to give you adequate time to check the Junk mailbox for any valid messages that were incorrectly marked as junk when received marking any valid messages as not junk and moving such a message back to the account's Inbox mailbox.
  Keep in mind that purging each account's Junk mailbox after a reasonable period of time aids in the Junk Mail "learning" process.