Raggedstaff Internet
The friendly ISP
 

Block and pass lists



What are block and pass lists?

Block lists and pass lists, often known as black lists and white lists, provide a way to override the actions of content filters and envelope filters for mail from specific sources. Two types of block/pass list are used by Raggedstaff Internet. Sender lists block or allow mail based on the email address of the sender. Client lists block or allow mail based on the internet (IP) address of the server delivering the mail to us.

You can apply block and pass lists to each email address individually, or to a whole domain. You can apply different lists to different addresses. Tests are carried out on the basis of the address the mail enters our servers addressed to. If you use mail redirection, tests are carried out on the basis of the address the mail arrived at our servers for, not the address to which it is redirected.

Sender block and pass lists

Sender block and pass lists can override both content and envelope filters. They work on the sender's email address. This is the address given as a return address if the mail is undeliverable, and may be different from the address in the From: header of the mail.

Sender block and pass lists should be used with caution as it is very easy to forge the sender address of an email and thus get round the block and pass lists.

Address format

When specifying a sender address for blocking or permitting, use the following format:

user@domain.com
Applies to one specific email address only
@domain.com
Applies to all email addresses in the domain.com domain
@.domain.com
Applies to all email addresses in the domain.com domain and in any subdomains of that domain, eg this will apply to sid@sids-subdomain.domain.com

More specific address specifications take precedence over less specific ones.

Client block and pass lists

Client block and pass lists override envelope filters. They do not apply to content filters. Client block and pass lists are applied to the IP address of the server that delivers the mail to us.

Address format

When specifying client block and pass lists you may use either a single IP address, eg 192.196.55.33, or a network specified in CIDR format, eg 192.168.55.0/24.

More specific network specifications take precedence over less specific ones. That is, the higher the network suffix, the higher the precedence, with a single IP address having an effective network suffix of 32.

Order of precedence

When there are a number of different rules around that could apply to a particular message it is not always obvious which one will be used. Here's a brief explanation of the precedence of filters and block/pass lists:

  • Block/pass list rules always take precedence over envelope or content filter rules.
  • Rules defined for a more specific recipient address always take precedence over those for a less specific recipient, even if the rule for the less specific recipient is otherwise more important. For example, a rule for me@mydomain.com takes precedence over all default rules for mydomain.com.
  • Client block/pass list rules take precedence over sender block/pass list rules, because of the ease with which sender addresses can be forged. One consequence of this is that you cannot block a network and then allow certain senders from that network.
  • Block/pass list rules that are more specific take precedence over those which are less specific. For example, a pass rule for goodguy@baddomain.name wins over a block rule for @baddomain.name. A block rule for 192.168.55.44 wins over a pass rule for 192.168.55.0/24.