Connection Checks

How to get here

Connection Checks has the capability for the following two types of validation checks once enabled, Realtime Domain Blacklists and Verification Checks. The Administrator also controls whether the message should be deleted, dropped or only add an X-Header.

The action "Only Add X-Header" allows Administrators to test and review messages that have matches from the Realtime Domain Blacklists or failed Verification Checks that were set. An X-Header is inserted in the message for every match made to a realtime domain blacklist or failed verification check. The e-mail is then passed on to content filtering for further examination. The message is delivered if no other rules processing takes place.

For the action "Reject Connection" and "Delete Message" each spam database listed in the Realtime Domain Blacklist that identifies the sender as spam counts as a match and each validation check failure counts as a match. The Administrator must decide at what point the total match count necessitates action to be taken. See Examples.

Note. Realtime Domain Blacklists are not enabled by default.

Important. Realtime Domain Blacklists can only be added after the Realtime Blacklist at the system level is setup.

Caution. A match made for a Trusted blacklist will immediately either delete or reject the message (includes action Only Add X-Header) depending on the Verification Checks setting for Blacklists.

Domain: Shows the current selected domain. From the drop down you can pick any of the domains available to this administrative user account.

Realtime Domain Blacklist

• Blacklists. Name that the IMail Administrator assigns for his/her own identification. This column displays all existing blacklists for the current domain. Click a blacklist to modify the blacklist options.
• Type. This column displays the type of lookup that the blacklist performs.
• Server. This column displays the domain name or IP address of the DNS server to contact for the corresponding blacklist's queries.

  Tip: Leave the Server setting as an "*" unless otherwise specified by the blacklist instructions.

• Query Domain. This column displays the domain that is queried for the corresponding blacklist.
• Trusted. (By default no set) This check box will enable the selected blacklist to be handled as Trusted.

  Note: Matches made to connections for a Trusted Blacklist are automatically rejected or deleted depending on the Verification Check setting for Untrusted Blacklists.

• Add. Click Add to create a new blacklist for the current domain. For more information, see Adding a Realtime Blacklist.
• Delete. To delete a blacklist, select its corresponding check box, then click the Delete button.

Verification Checks:

Select any of the following verification tests to perform on incoming e-mail messages. If Only Add X-header is selected for action and a message fails for any of the checks, an X-Header is inserted into the message (Message will be deleted for trusted blacklists).

Note: These options are resource intensive and may slow down mail processing.

• Verify MAIL FROM Address. Select this check box to have the "From" address of the connecting server verified for each message to ensure that the user is a valid user on the mail server. If the user or server does not exist, the message is identified as spam.

  Note: Be aware that the MAIL FROM verification check may blacklist your domain by certain mail servers (Yahoo and Hotmail), for possible phishing of e-mail addresses.

• Perform Reverse DNS Lookup for Connecting Server. Select this check box to create a test in which the IP address of the connecting server is used to perform a reverse DNS lookup to determine the domain name. If a domain has a valid PTR record, the message is accepted. If a reverse lookup fails, it means there is no reverse record for that IP address and the message is marked as spam. An IP address with no PTR record is usually either from a dial-up connection or spoofed message, both of which are indicators of spam. However, keep in mind that a significant number of legitimate mail servers do not have a reverse DNS entry. This may cause legitimate mail to be marked as spam (false positive Many blacklists used for connection filtering return hits for domains such as yahoo.com, hotmail.com, and msn.com, among others. If you use these blacklists, non-spam e-mail from these domains may be identified as spam and processed according to the specified spam action.).
• Verify HELO / EHLO domain. Select this check box to create a test in which the domain passed during the HELO/EHLO is used to perform a DNS query to verify that the domain specified has an A record or an MX record. If this test fails, an X-Header is inserted into the message.

  Important: The SMTPD service does not accept mail from clients that do not begin the SMTP conversation with "HELO" or "EHLO".

Settings for Verification Checks and Blacklists

• Action on Match
  • Reject Connection. Upon reaching the matched count the connection will be rejected with a 550 error returned to the email server.

    Note: Administrators should be aware that the connection will not be rejected during the connecting IP or EHLO/HELO conversation. Connection will be rejected after the MAIL FROM, to avoid authenticating clients from receiving errors while sending mail.

    Tip: This may cause delays in the SMTP conversation.

  • Delete Message. Upon reaching the matched count the message will be deleted.
  • Only Add X-Header. Selecting this option will add an X-Header for each Untrusted Blacklist match, and for each failed Verification Check that is selected.

    Important: Selecting the Only Add X-Header action, and a match is made for a Trusted Blacklist the message will be deleted.

• Perform action after this many matches. (Default is 1) This option works only with the Reject Connection and Delete Message. Only Add X-Header ignores this setting. The action will occur immediately after X number of matches. (Blacklist matches plus failed verification check options.)

  Tip: Be sure the value entered is not greater than the total number of blacklists plus the number of verification check options selected.

• Prefix Subject with. Select this option to work with Only Add X-Header to create a test in which, if selected, the subject of a message identified as spam by connection filtering is modified by inserting the text box.

  Prefix Subject With will still apply for Reject Connection and Delete Message if a match has been made for a blacklist and/or verification check that is below the match criteria set for the action.

  Note For Archiving Customers: Deleted Messages are archived, but Rejected Connections are not archived.

Save. Click to save your settings.

Related Topics

About Connection Checks

Adding to BlackList

Server Level Anti-spam Options (Blacklists)

Understanding Realtime Blacklists

How Blacklists Work

Setting Realtime Blacklists Options

Setting White List Administration Options

IMail SMTP Settings - Control Access