Understanding Local List Antispam Filtering

When creating your own local whitelist and blacklist for antispam filtering, you can filter against domain names, e-mail addresses, and/or IP addresses. Pattern matching works a bit differently depending upon the type of matching in question. For example, pattern matching for domain names uses a longest suffix match algorithm. If the sender e-mail address has a domain name of aaa.bbb.ccc, the device tries to match "aaa.bbb.ccc" in the list. If no match is found, it tries to match "bbb.ccc", and then "ccc". IP address matching, however, does not allow for partial matches.

Antispam filtering uses local lists for matching in the following manner:

Sender IP: The sender IP is checked against the local whitelist, then the local blacklist, and then the SBL IP-based server (if enabled).
Sender Domain: The domain name is checked against the local whitelist and then against the local blacklist.
Sender E-mail Address: The sender e-mail address is checked against the local whitelist and then against the local blacklist.

By default, the device first checks incoming e-mail against the local whitelist and blacklist. If the sender is not found on either list, the device proceeds to query the SBL server over the Internet. When both server-based antispam filtering and local list antispam filtering are enabled, checks are done in the following order:

The local whitelist is checked. If there is a match, no further checking is done. If there is no match...
The local blacklist is checked. If there is a match, no further checking is done. If there is no match...
The SBL server list is checked.

Note: Local black and whitelist matching continues after the antispam license key is expired.

Understanding Local List Antispam Filtering

Related Topics