Restricting Received Messages with Mail From Whitelisting

 

Applies to HMS Version: 2.1+

 

 It is often useful to separate different types of outbound messages between multiple accounts on a Hurricane MTA Server. One of the primary benefits of this practice is the ability to customize and optimize delivery options and performance for each account separately, as the needs of each mail stream will undoubtedly vary. Another major benefit is that each account has its own security settings through the use of SMTP Authentication and/or IP Whitelisting. Mail From Whitelisting complements these authentication methods by rejecting messages that contain any MAIL FROM address not matching the whitelist.

CONSIDERATIONS

The following should be considered before using this feature:

  • Messages rejected by Mail From Whitelisting are rejected during the initial SMTP protocol exchange, so the messages are not even received by the HMS before being rejected.
  • MAIL FROM addresses are not authenticated, and thus can be easily spoofed.

Do not rely on Mail From Whitelisting as the sole method of restricting access to any MTA account!

CONFIGURATION

This feature is enabled and configured by adding a single line to the [RESTRICTIONS] section of the GENERAL.CONFIG file found in an individual account's config directory. Please remember to reload the target account's configuration after making these changes in order for those changes to take effect.

  • FIELD: AllowedFromList
  • DESCRIPTION: A comma delimited list of email addresses. If set to anything other than an empty string this account will only accept email with a MAIL FROM address that is on this list. The comparison is a case insensitive string in string, allowing matches against substrings and domains.
  • EXAMPLE: The following example shows how to create a Mail From Whitelist.
AllowedFromList=@example.com,someone@example.org

Using the above configuration, only messages that identify themselves as being from any address at @example.com or someone@example.org in the MAIL FROM component of the SMTP protocol are accepted by the MTA.

RELATED ARTICLES

For more information about writing regular expressions, we recommend
third-party resources such as the following:

The following Knowledge Base articles may also be of interest:

Restricting Delivered Messages with Recipient Whitelisting