Knowledge Base » Documentation MailCleaner »
Full Whitelist
MailCleaner Support
Added over 3 years ago
Full Whitelist¶
The full whitelist feature allows mails to bypass all forms of filtering. Unlike other whitelists, this includes all filters in the SMTP phase such as virus filtering and attachment policies.
Configuration¶
Mails will be fully whitelisted if it meets 2 criteria:
- The sending mail server host has to be in the file : > /var/mailcleaner/spool/mailcleaner/full_whitelisted_hosts.list
Shorthands and CIDR notation are allowed according to the same conditions as other hostlist boxes as discussed here
- The sending mail address has to be in the file : > /var/mailcleaner/spool/mailcleaner/full_whitelisted_senders.list
Wildcard addresses can be allowed with '*'. For example you can whitelist a domain with:
*@domain.com
Legacy Support¶
Until recently a beta version of this feature used this pre-existing field for the host list:
Configuration-> AntiSpam -> Trusted IPs/Networks
This configuration is still supported if the 'full_whitelisted_hosts.list' file does not exist. It is recommended that you migrate to the dedicated file if you have been using the "Trusted IPs/Networks" field.
This legacy method is discouraged because adding the hosts to that field necessarily means that all other mail from those hosts will skip basic spam filtering also. For example, if you add Office365 to the host list so that you can fully whitelist a single address who use that service, you would also be skipping SpamC, PreRBL, UriRBL, etc. for all other email originating from those IPs. Using the dedicated file does not result in this problem.
Technical details¶
This feature functions by being the highest priority router in the Incoming MTA configuration. The top priority ensures that all SMTP access controls are not evaluated. Instead of forwarding to the Filtering MTA, this router will forward directly to the Outgoing MTA meaning that there won't even be an opportunity for the messages to be flagged. This is unlike regular whitelists which will still hit the Filtering MTA, but which ignore the spam flag if detected.