Essential Blacklist and Whitelist Tips for Carbonio Community Edition Email Servers | Carbonio CE

According to the Cloudflare’s 2023 phishing threat report, A staggering 90% of successful cyberattacks originate from email phishing schemes. A notorious ‘phishing-as-a-service’ (PaaS) platform known as ‘16shop’ has been shut down in a global investigation coordinated by INTERPOL. The estimated cost of known victims is more that $50 billion. So now you can understand the intensity of this topic.

As technology is evolving, the characteristics of threats are also changing. Many security experts define and categorizes email-based cyberattacks differently. According to Barracuda, there are 13 well known email borne threats. They are:

  • Spam
  • Malware
  • Data Exfiltration
  • URL phishing
  • Scamming
  • Spear phishing
  • Domain Impersonation
  • Brand Impersonation
  • Extortion
  • Business Email Compromise
  • Conversation Hijacking
  • Lateral Phishing
  • Account Takeover

Besides these threats, there is another emerging cyber security threat is lurking around you. That is Ransomware. Just look at this graph from Statista to understand the severity of ransomware over the recent years.

To enhance your email security and keep your users safe from any email fraud your first line of defense is external and internal security appliances and policies. By external, I meant Email Security Gateways and by internal, I meant email servers AV (Antivirus), AS (Anti-Spam) and content filtering policies. But practically, it is not possible to prevent getting malicious email at all by any means.

Therefore, besides user level awareness, system admin often needs to manually Blacklist or Whitelist email addresses and domains.

Blacklist and Whitelist Threat Email Addresses and Domains in Carbonio CE

Let’s see how a system administrator can Blacklist and Whitelist addresses/domains in different levels:

zextras@mail:~$ carbonio prov ma user1@zextras.xyz +amavisBlacklistSender spammer@spam.com
zextras@mail:~$ carbonio prov ma user1@zextras.xyz +amavisBlacklistSender spam.com
zextras@mail:~$ zmamavisdctl restart
zextras@mail:~$ carbonio prov md zextras.xyz +amavisBlacklistSender spammer@spam.com
zextras@mail:~$ carbonio prov md zextras.xyz +amavisBlacklistSender spam.com
zextras@mail:~$ zmamavisdctl restart
zextras@mail:~$ carbonio prov gd zextras.xyz | egrep "amavisBlacklistSender"
amavisBlacklistSender: spammer@spam.com
zextras@mail:~$
zextras@mail:~$ carbonio prov ga zextras@zextras.xyz | egrep "amavisBlacklistSender"
amavisBlacklistSender: spammer@spam.com
zextras@mail:~$
zextras@mail:~$ carbonio prov ma user1@zextras.xyz +amavisWhitelistSender user1@validsender.com
zextras@mail:~$ carbonio prov ma user1@zextras.xyz +amavisWhitelistSender user1@validsender.com
zextras@mail:~$ zmamavisdctl restart
zextras@mail:~$ carbonio prov md zextras.xyz +amavisWhitelistSender user1@validsender.com
zextras@mail:~$ carbonio prov md zextras.xyz +amavisWhitelistSender user1@validsender.com
zextras@mail:~$ zmamavisdctl restart
zextras@mail:~$ carbonio prov gd zextras.xyz | egrep "amavisWhitelistSender"
amavisWhitelistSender: user1@validsender.com
zextras@mail:~$
zextras@mail:~$ carbonio prov ga user1@zextras.xyz | egrep "amavisWhitelistSender"
amavisWhitelistSender: user1@validsender.com
zextras@mail:~$

Create a file sauser.cf under /opt/zextras/data/spamassassin/localrules/

zextras@mail:~$ cat /opt/zextras/data/spamassassin/localrules/sauser.cf
whitelist_from user@valid.com
whitelist_from *@valid.org

blacklist_from spammer@spam.com
blacklist_from *@spam.org

zextras@mail:~$

Now, restart the amavis service.

zextras@mail:~$ zmamavisdctl restart
Stopping amavisd... done.
Stopping amavisd-mc... done.
Starting amavisd-mc...done.
Starting amavisd...done.
zextras@mail:~$
zextras@mail:~$ vi /opt/zextras/conf/zmconfigd/smtpd_recipient_restrictions.cf

#Add the following line at the top of the file:
check_sender_access lmdb:/opt/zextras/conf/postfix_blacklist

Now add the blacklisted addresses into /opt/zextras/conf/postfix_blacklist file.

zextras@mail:~$ cat /opt/zextras/conf/postfix_blacklist
user@spam.com REJECT
*@spam.org REJECT

Postmap the file to create the database and restart the MTA service.

zextras@mail:~$ postmap /opt/zimbra/conf/postfix_blacklist
zextras@mail:~$ zmmtactl restart
zextras@mail:~$ vi /opt/zextras/conf/zmconfigd/smtpd_recipient_restrictions.cf

#Add the following line at the top of the file:
check_sender_access lmdb:/opt/zextras/conf/postfix_whitelist

Now add the blacklisted addresses into /opt/zextras/conf/postfix_whitelist file.

zextras@mail:~$ cat /opt/zextras/conf/postfix_blacklist
user1@valid.com OK
*@authentic.org OK

Postmap the file to create the database and restart the MTA service.

zextras@mail:~$ postmap /opt/zextras/conf/postfix_whitelist
zextras@mail:~$ zmmtactl restart

Remarks: If you set whitelist and blacklist using this method then the whitelist gets the first preference than the blacklist.

Besides securing your server access, implementing effective blacklist and whitelist strategies is essential for maintaining robust email security on Carbonio Community Edition Email Servers. By mastering these techniques, you can significantly reduce the risk of email-borne threats like phishing, malware, and ransomware, which have been increasingly sophisticated and costly in recent years. Stay vigilant and proactive with your email security practices, ensuring that your organization is well-protected against the ever-evolving landscape of cyberattacks. Prioritizing these measures will safeguard your communication channels and enhance overall cybersecurity resilience.

Post your comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Setting Up Email Interception in Carbonio Community Edition | Carbonio CE
Restrict Carbonio Community Edition Users to Send Emails Locally Or Externally | Carbonio CE