According to the Cloudflare’s 2023 phishing threat report, A staggering 90% of successful cyberattacks originate from email phishing schemes. A notorious ‘phishing-as-a-service’ (PaaS) platform known as ‘16shop’ has been shut down in a global investigation coordinated by INTERPOL. The estimated cost of known victims is more that $50 billion. So now you can understand the intensity of this topic.
As technology is evolving, the characteristics of threats are also changing. Many security experts define and categorizes email-based cyberattacks differently. According to Barracuda, there are 13 well known email borne threats. They are:
- Spam
- Malware
- Data Exfiltration
- URL phishing
- Scamming
- Spear phishing
- Domain Impersonation
- Brand Impersonation
- Extortion
- Business Email Compromise
- Conversation Hijacking
- Lateral Phishing
- Account Takeover
Besides these threats, there is another emerging cyber security threat is lurking around you. That is Ransomware. Just look at this graph from Statista to understand the severity of ransomware over the recent years.
To enhance your email security and keep your users safe from any email fraud your first line of defense is external and internal security appliances and policies. By external, I meant Email Security Gateways and by internal, I meant email servers AV (Antivirus), AS (Anti-Spam) and content filtering policies. But practically, it is not possible to prevent getting malicious email at all by any means.
Therefore, besides user level awareness, system admin often needs to manually Blacklist or Whitelist email addresses and domains.
Let’s see how a system administrator can Blacklist and Whitelist addresses/domains in different levels:
Blacklisting/Whitelisting Method-1
To Blacklist: (Account Level)
zextras@mail:~$ carbonio prov ma user1@zextras.xyz +amavisBlacklistSender spammer@spam.com
zextras@mail:~$ carbonio prov ma user1@zextras.xyz +amavisBlacklistSender spam.com
zextras@mail:~$ zmamavisdctl restartTo Blacklist: (Domain Level)
zextras@mail:~$ carbonio prov md zextras.xyz +amavisBlacklistSender spammer@spam.com
zextras@mail:~$ carbonio prov md zextras.xyz +amavisBlacklistSender spam.com
zextras@mail:~$ zmamavisdctl restartTo check status:
zextras@mail:~$ carbonio prov gd zextras.xyz | egrep "amavisBlacklistSender"
amavisBlacklistSender: spammer@spam.com
zextras@mail:~$
zextras@mail:~$ carbonio prov ga zextras@zextras.xyz | egrep "amavisBlacklistSender"
amavisBlacklistSender: spammer@spam.com
zextras@mail:~$To Whitelist: (Account Level)
zextras@mail:~$ carbonio prov ma user1@zextras.xyz +amavisWhitelistSender user1@validsender.com
zextras@mail:~$ carbonio prov ma user1@zextras.xyz +amavisWhitelistSender user1@validsender.com
zextras@mail:~$ zmamavisdctl restartTo Whitelist: (Domain Level)
zextras@mail:~$ carbonio prov md zextras.xyz +amavisWhitelistSender user1@validsender.com
zextras@mail:~$ carbonio prov md zextras.xyz +amavisWhitelistSender user1@validsender.com
zextras@mail:~$ zmamavisdctl restartTo Check Status:
zextras@mail:~$ carbonio prov gd zextras.xyz | egrep "amavisWhitelistSender"
amavisWhitelistSender: user1@validsender.com
zextras@mail:~$
zextras@mail:~$ carbonio prov ga user1@zextras.xyz | egrep "amavisWhitelistSender"
amavisWhitelistSender: user1@validsender.com
zextras@mail:~$Blacklisting/Whitelisting Method-2
Create a file sauser.cf under /opt/zextras/data/spamassassin/localrules/
zextras@mail:~$ cat /opt/zextras/data/spamassassin/localrules/sauser.cf
whitelist_from user@valid.com
whitelist_from *@valid.org
blacklist_from spammer@spam.com
blacklist_from *@spam.org
zextras@mail:~$Now, restart the amavis service.
zextras@mail:~$ zmamavisdctl restart
Stopping amavisd... done.
Stopping amavisd-mc... done.
Starting amavisd-mc...done.
Starting amavisd...done.
zextras@mail:~$Blacklisting/Whitelisting Method-3
To Blacklist:
zextras@mail:~$ vi /opt/zextras/conf/zmconfigd/smtpd_recipient_restrictions.cf
#Add the following line at the top of the file:
check_sender_access lmdb:/opt/zextras/conf/postfix_blacklistNow add the blacklisted addresses into /opt/zextras/conf/postfix_blacklist file.
zextras@mail:~$ cat /opt/zextras/conf/postfix_blacklist
user@spam.com REJECT
*@spam.org REJECTPostmap the file to create the database and restart the MTA service.
zextras@mail:~$ postmap /opt/zimbra/conf/postfix_blacklist
zextras@mail:~$ zmmtactl restartTo Whitelist:
zextras@mail:~$ vi /opt/zextras/conf/zmconfigd/smtpd_recipient_restrictions.cf
#Add the following line at the top of the file:
check_sender_access lmdb:/opt/zextras/conf/postfix_whitelistNow add the blacklisted addresses into /opt/zextras/conf/postfix_whitelist file.
zextras@mail:~$ cat /opt/zextras/conf/postfix_blacklist
user1@valid.com OK
*@authentic.org OKPostmap the file to create the database and restart the MTA service.
zextras@mail:~$ postmap /opt/zextras/conf/postfix_whitelist
zextras@mail:~$ zmmtactl restartRemarks: If you set whitelist and blacklist using this method then the whitelist gets the first preference than the blacklist.
Besides securing your server access, implementing effective blacklist and whitelist strategies is essential for maintaining robust email security on Carbonio Community Edition Email Servers. By mastering these techniques, you can significantly reduce the risk of email-borne threats like phishing, malware, and ransomware, which have been increasingly sophisticated and costly in recent years. Stay vigilant and proactive with your email security practices, ensuring that your organization is well-protected against the ever-evolving landscape of cyberattacks. Prioritizing these measures will safeguard your communication channels and enhance overall cybersecurity resilience.