Highlighted
Knowledge Partner
Knowledge Partner
1123 views

Can an IP address be whitelisted?

I have a small GroupWise server.

The server uses blacklists.

Outgoing email from my iPhone is sent to my GWIA on port 25.

Many of my cellphone provider's dynamically assigned IP addresses are
blacklisted. <whoops!>

I can't send email from my own cellphone to/via my own GroupWise server.

I want to continue using blacklists but I'm willing to make an
exception for a couple of IP addresses and Secure Messaging Gateway is
not a solution in this case.

I actually spoke with my cellphone provider to see if they could remove
their IP addresses from the RBL servers. They didn't have a clue what I
was talking about and suggested I had a problem with my own server
because they don't blacklist IP addresses. Once I explained how
blacklists worked and they began to appreciate the magnitude of the
problem, they just laughed! I can't say I blame them! 😞

--
Kevin Boyle - Knowledge Partner
If you find this post helpful and are logged into the web interface,
please show your appreciation and click on the star below this post.
Thank you.
_____
Kevin Boyle - Knowledge Partner - Calgary, Alberta, Canada
Who are the Knowledge Partners?
If you appreciate my comments, please click the Like button.
If I have resolved your issue, please click the Accept as Solution button.
Labels (1)
0 Likes
9 Replies
Highlighted
Micro Focus Expert
Micro Focus Expert

Re: Can an IP address be whitelisted?

Hi Kevin,

Perhaps "overriding a blacklist" is what you are looking for: https://www.novell.com/documentation/groupwise18/gw18_guide_admin/data/adm_gwia_internet_access.html#ak7rzdi

Cheers,
Laura Buckley

Views/comments expressed here are entirely my own.
If you find this post helpful, please show your appreciation and click on "Like" below...
0 Likes
Highlighted
Knowledge Partner
Knowledge Partner

Re: Can an IP address be whitelisted?

On 31.10.2018 03:21, Kevin Boyle wrote:
> I have a small GroupWise server.
>
> The server uses blacklists.
>
> Outgoing email from my iPhone is sent to my GWIA on port 25.
>
> Many of my cellphone provider's dynamically assigned IP addresses are
> blacklisted. <whoops!>
>
> I can't send email from my own cellphone to/via my own GroupWise server.


Well, not using SMTP, but that's what GMS is there for.


If you use GWIA RBLs, there's nothing you can do, they prime everything
else.

CU,
--
Massimo Rosen
Micro Focus Knowledge Partner
No emails please!
http://www.cfc-it.de
CU,
--
Massimo Rosen
Micro Focus Knowledge Partner
No emails please!
http://www.cfc-it.de
0 Likes
Highlighted
Knowledge Partner
Knowledge Partner

Re: Can an IP address be whitelisted?

On 31.10.2018 08:34, laurabuckley wrote:
>
> Hi Kevin,
>
> Perhaps "overriding a blacklist" is what you are looking for:
> https://www.novell.com/documentation/groupwise18/gw18_guide_admin/data/adm_gwia_internet_access.html#ak7rzdi


I just checked and indeed that same sentence is in the groupwise docs
back to Groupwise 7. I'm 99,999% sure that's incorrect. GWIA never ever
checks the class of service or anything else on a blacklist hit.

CU,
--
Massimo Rosen
Micro Focus Knowledge Partner
No emails please!
http://www.cfc-it.de
CU,
--
Massimo Rosen
Micro Focus Knowledge Partner
No emails please!
http://www.cfc-it.de
0 Likes
Highlighted
Micro Focus Expert
Micro Focus Expert

Re: Can an IP address be whitelisted?

Hi Massimo,

Maybe Kevin can confirm that for us.....

Cheers,
Laura Buckley

Views/comments expressed here are entirely my own.
If you find this post helpful, please show your appreciation and click on "Like" below...
0 Likes
Highlighted
Knowledge Partner
Knowledge Partner

Re: Can an IP address be whitelisted?

Massimo Rosen wrote:

> If you use GWIA RBLs, there's nothing you can do, they prime
> everything else.


That's what I concluded.

--
Kevin Boyle - Knowledge Partner
If you find this post helpful and are logged into the web interface,
please show your appreciation and click on the star below this post.
Thank you.
_____
Kevin Boyle - Knowledge Partner - Calgary, Alberta, Canada
Who are the Knowledge Partners?
If you appreciate my comments, please click the Like button.
If I have resolved your issue, please click the Accept as Solution button.
0 Likes
Highlighted
Knowledge Partner
Knowledge Partner

Re: Can an IP address be whitelisted?

laurabuckley wrote:

>
> Hi Kevin,
>
> Perhaps "overriding a blacklist" is what you are looking for:
>

https://www.novell.com/documentation/groupwise18/gw18_guide_admin/data/adm_gwia_internet_access.html#ak7rzdi
>
> Cheers,


Hi Laura,

Your link states this:
> You can use the SMTP Incoming Exceptions list on a class of service
> to override a blacklist. For information about editing or creating a
> class of service, see Creating a Class of Service.



The GWIA "help" says:
/gwadmin-console/help/en/gwia.html#gwia_ac_blacklists

> If a blacklist is blocking a specific SMTP host that you want to
> receive messages from, you can allow a specific SMTP host as an
> exception to the blacklist. On the Default Class of Service, use SMTP
> Incoming tab > Allow incoming messages to override the blacklisted
> host. For example, if goodhost.com has been added to a blacklist but
> you still want to receive messages from that host, you could edit the
> default class of service to add goodhost.com to the list of allowed
> hosts.


The Class of Service description states:

> If you've chosen to prevent incoming Internet messages but you want
> to allow messages from specific Internet sites, add the sites to the
> Allow Messages From list.
>
> Allow Messages From List: Lists the only Internet sites from which
> members of the class of service can receive messages.
>
> You can use the Allow Message From list to override blacklists
> (Access Control tab > Blacklists page). For example, if goodhost.com
> has been added to a blacklist but you still want to receive messages
> from that host, you could add the host to the Allow Messages From
> list.


From what I can see, the documentation is wrong or, at best, very
misleading.

When I look at the Default Class of Service or when I create a new
Class of service and select "Allow incoming messages", the exceptions
will "Prevent messages from:"

When I create a new Class of service and select "Prevent incoming
messages", the exceptions will "Allow messages from:"

Neither of these options appear to allow me to override blacklisted IP
addresses while still accepting email from anyone.

The only way I can see to override a blacklisted IP address is to
create a new Class of service, select "Prevent incoming messages", then
as exceptions list every possible incoming IP address I might receive
email from and include any blacklist IP addresses I want to override.
This is obviously impractical nor can I be sure it will actually
override the blacklist. 😞


--
Kevin Boyle - Knowledge Partner
If you find this post helpful and are logged into the web interface,
please show your appreciation and click on the star below this post.
Thank you.
_____
Kevin Boyle - Knowledge Partner - Calgary, Alberta, Canada
Who are the Knowledge Partners?
If you appreciate my comments, please click the Like button.
If I have resolved your issue, please click the Accept as Solution button.
0 Likes
Highlighted
Knowledge Partner
Knowledge Partner

Re: Can an IP address be whitelisted?

In article <1l8CD.1339$C62.1273@novprvlin0914.provo.novell.com>, Kevin
Boyle wrote:
> I actually spoke with my cellphone provider to see if they could remove
> their IP addresses from the RBL servers. They didn't have a clue what I
> was talking about and suggested I had a problem with my own server
> because they don't blacklist IP addresses. Once I explained how
> blacklists worked and they began to appreciate the magnitude of the
> problem, they just laughed! I can't say I blame them! 😞


That is why the generally rule of don't let end devices send SMTP on port
25 anymore. Many ISPs block port 25 totally such that I haven't even
tried sending from a mobile device.


Andy of
http://KonecnyConsulting.ca in Toronto
Knowledge Partner
https://forums.novell.com/member.php/75037-konecnya
If you find a post helpful and are logged in the Web interface, please
show your appreciation by clicking on the star below. Thanks!

___
“i’ve sworn an oath of solitude til the blight is purged from these lands”
Andy of Konecny Consulting in Toronto
Knowledge Partner Profile
If you find a post helpful, click the Like button below. Thanks!
0 Likes
Highlighted
Knowledge Partner
Knowledge Partner

Re: Can an IP address be whitelisted?

Andy Konecny wrote:

> In article <1l8CD.1339$C62.1273@novprvlin0914.provo.novell.com>,
> Kevin Boyle wrote:
> > I actually spoke with my cellphone provider to see if they could
> > remove their IP addresses from the RBL servers. They didn't have a
> > clue what I was talking about and suggested I had a problem with my
> > own server because they don't blacklist IP addresses. Once I
> > explained how blacklists worked and they began to appreciate the
> > magnitude of the problem, they just laughed! I can't say I blame
> > them! 😞

>
> That is why the generally rule of don't let end devices send SMTP on
> port 25 anymore. Many ISPs block port 25 totally such that I haven't
> even tried sending from a mobile device.
>


It's got nothing to do with port 25. Even if I used a custom high port
and used port forwarding, the GWIA would still do an RBL check and
refuse to accept email from a blacklisted IP address.

I have created an Idea in the Ideas Portal. If you think it would be
useful, please vote for it.

Create exceptions for IP addresses on blacklists
https://ideas.microfocus.com/MFI/mf-gw/Idea/Detail/14436

> Blacklists are a popular way to block spam. It is easy to add them to
> the GWIA configuration and they can be very effective but there are
> situations where it is necessary to accept email form certain IP
> addresses that may have been blacklisted. Currently, there is no way
> to override a blacklisted IP address.
>
> It's true that products like Secure Messaging Gateway can address
> issues like these but that is a rather large expense for a small
> GroupWise system especially when the same could be accomplished
> within the GWIA by creating a small exception list.




--
Kevin Boyle - Knowledge Partner
If you find this post helpful and are logged into the web interface,
please show your appreciation and click on the star below this post.
Thank you.
_____
Kevin Boyle - Knowledge Partner - Calgary, Alberta, Canada
Who are the Knowledge Partners?
If you appreciate my comments, please click the Like button.
If I have resolved your issue, please click the Accept as Solution button.
0 Likes
Highlighted
Knowledge Partner
Knowledge Partner

Re: Can an IP address be whitelisted?

In article <4onED.1464$C62.195@novprvlin0914.provo.novell.com>, Kevin
Boyle wrote:
> It's got nothing to do with port 25. Even if I used a custom high port
> and used port forwarding, the GWIA would still do an RBL check and
> refuse to accept email from a blacklisted IP address.


Oh I get that the actual port it is coming in to GWIA has nothing to do
with it, more that by an ISP blocking port 25 outbound across the board
their DHCP range, then their IPs generally don't get black listed in the
first place. This is why all the fuss to allow GWIA to also send SMTP
on the submittal ports(officially 587, some used 465 but we should move
away from that one) rather than only port 25, for the ISPs that go the
other extream.

>
> I have created an Idea in the Ideas Portal. If you think it would be
> useful, please vote for it.
>
> Create exceptions for IP addresses on blacklists
> https://ideas.microfocus.com/MFI/mf-gw/Idea/Detail/14436

every vote counts, mine has been added.


Andy of
http://KonecnyConsulting.ca in Toronto
Knowledge Partner
https://forums.novell.com/member.php/75037-konecnya
If you find a post helpful and are logged in the Web interface, please
show your appreciation by clicking on the star below. Thanks!

___
“i’ve sworn an oath of solitude til the blight is purged from these lands”
Andy of Konecny Consulting in Toronto
Knowledge Partner Profile
If you find a post helpful, click the Like button below. Thanks!
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.