How can we help?
  1. atmail help centre
  2. atmail 7 on-premises
  3. Anti-Spam/Anti-Virus

Follow

Whitelisting/Blacklisting BATV and VERP addresses

Dominic -

PROBLEM
How can I Whitelist or Blacklist BATV and/or VERP addresses?

ENVIRONMENT

  • on-premises mail server Installations: Version 7.7.1+

CAUSE
In an attempt to mitigate backscatter, mass-mailing applications like MailChimp, SendGrid and Mailgun may use Bounce Address Tag Validation (BATV) to determine the validity of a specified bounce address within an email. Within the <local-part> of the Mail From: field, BATV denotes the use of a tagging scheme that allows bounced mail to be assessed for validity and dropped accordingly. An example of an address using BATV may appear as follows:

  • Mail From: <bounces+22456-c23af-user=domain.com@domain.com>

While BATV validates bounces, Variable Envelope Return Path (VERP) is implemented by mailing lists to automate recognition and removal of in-valid recipients.

The combination of these mass-mailing techniques can ultimately effect the approach towards implementing Whitelists and Blacklists to govern what mail reaches your INBOX.

 

RESOLUTION

User Level Management

Target the <domain-part> of the email address by adding it to either your Whitelist senders or Blacklist senders, available from: Settings -> Anti-Spam Settings.

For example, to Whitelist:

  • <bounces+22456-c23af-user=gooddomain.com@gooddomain.com>
  • <bounces+27776-h2345a-user=greatdomain.com@greatdomain.com>
  • <bounces+49733-m345s-user=best.domain.com@best.domain.com>

    while Blacklisting:

  • <bounces+92686-l266b-user=baddomain.com@baddomain.com>
  • <bounces+10636-k4473-user=evildomain.com@evildomain.com>

    Please find the following example:

 

Screenshot_from_2017-03-01_16-14-38.png

Remember to click Save Settings to push your new changes to your profile on our cloud.

 

Administrative Network Management

Mass-Mailing services may also send from a specific subnet. These networks can be conveniently trusted to bypass SpamAssassin by adding them to trusted_networks in /usr/local/atmail/spamassassin/etc/mail/spamassassin/local.cf

Multiple networks can be added and should be separated by white space in the configuration. In the following example, we have added 205.201.128.0/20 to our list of trusted_networks.

#<SA_TRUSTED>
# The IP's which are trusted
trusted_networks 192.168/16 205.201.128.0/20
#</SA_TRUSTED>

Restart atmailserver allowing SpamAssassin to re-read its configuration.

# /etc/init.d/atmailserver restart

Our SpamAssassin will now automatically trust all mail deriving from the 205.201.128.0/20 subnet.

Comments

Contact our support team

+61 (7) 5357 6605       support@atmail.com


atmail

© Copyright 2020 atmail pty ltd | All Rights Reserved