I've posed this to the MailEnable team as a private inquiry but thought that I might be able to save them some time and get it publically documented for others:
What are the rules of precedence for whitelisting?
I know that whitelists take precedence over blacklists such that a whitelisted mail server will never be blocked because of appearing on a blacklist.
Does whitelisting override SPF? Suppose 68.101.50.19 appears in the whitelist. A server connects from that IP and tries to deliver a message purporting to be from bob@somedomain.tld. But an SPF check of somedomain.tld would reveal that 68.101.50.19 is not a valid sender IP for that somedomain.tld. So, does the message get accepted because the sender IP is whitelisted or does it get rejected because the SPF check shows the sending server to be invalid for the sender address?
Does whitelisting override the option of requiring a PTR record? Again, suppose 68.101.50.19 appears in the whitelist but it has no PTR record (no reverse DNS). Does a message sent from that IP get through because the IP is whitelisted or does it get rejected because there is no PTR for that IP address?
If the answer to this is RTF{something}, please try to give me a hint as to which manual, help system section, knowledgebase document, etc. to read.
Blacklisting/whitelisting/SPF/PTR/etc. rules of precedence.
I can at least give you an answer for the "white-list vs ptr" issue from my own experience.
I wanted to use ptr lookups and white listing with one of my on-line merchant systems (2checkout). I setup my system to require and ptr record for delivery, well 2checkout does not have or at least at the time a ptr record making callbacks impossible. So I thought I could solve it with whitlisting... No go! But then again it could have very well been something I did on my end in the config but I dont really think so.
But the end result was requiring a ptr record out weighed white-listing, at least in my case. So I now just use Spamhaus and MEFilter and forgo the ptr requirement.
Not sure if that helps you solve the riddle but it is the only info I can give.
I wanted to use ptr lookups and white listing with one of my on-line merchant systems (2checkout). I setup my system to require and ptr record for delivery, well 2checkout does not have or at least at the time a ptr record making callbacks impossible. So I thought I could solve it with whitlisting... No go! But then again it could have very well been something I did on my end in the config but I dont really think so.
But the end result was requiring a ptr record out weighed white-listing, at least in my case. So I now just use Spamhaus and MEFilter and forgo the ptr requirement.
Not sure if that helps you solve the riddle but it is the only info I can give.
Thanks! That's a great help -- and disappointing news. I agree with you that whitelisting should overrule the PTR requirement. I have a similar situation in that I've been asked by a postmaster to waive the PTR for his domain because he has no control over the PTR record (because his IP block is involved in some kind of inter-ISP dispute).Mother wrote:I can at least give you an answer for the "white-list vs ptr" issue from my own experience.
...
But the end result was requiring a ptr record out weighed white-listing, at least in my case.
Yes definitely disappointing,
Although you may want to consider the option of dropping the ptr requirement to satisfiy your customers needs and create your own reverse black list. It would require more work but with a combination of the tools that are currently available you may be able to combat the spam to an acceptable level.
Plus having control of your own RBL may not be such a bad thing.
I know with the features I have in place I've been able to slow the spam significantly with some due diligence.
Not that I think its possible to ever really win against those jerks
Although you may want to consider the option of dropping the ptr requirement to satisfiy your customers needs and create your own reverse black list. It would require more work but with a combination of the tools that are currently available you may be able to combat the spam to an acceptable level.
Plus having control of your own RBL may not be such a bad thing.
I know with the features I have in place I've been able to slow the spam significantly with some due diligence.
Not that I think its possible to ever really win against those jerks
