About PureMessage Default Lists

This section provides descriptions of the lists that ship with PureMessage. It describes their use in the PureMessage policy, and it describes the Match type that is set for the list, which determines the form in which you can set non-specific entries. For more information, see "Match Types".

PureMessage ships with the following default lists:

  • Anti-Spam Opt-Outs: This list is used to exempt mail addressed to specific users from spam checks. Mail addressed to members of this list is immediately delivered to the recipients and does not undergo a spam check, or any tests and actions included in the Policy Rules. Spam-checking rules can also be configured to ignore mail destined for users defined in this list. Match type: Email Globs.
  • Blacklisted Hosts: Blacklisted Hosts are relays known to distribute spam or viruses. Policy tests and actions can be configured, for example, to reject or quarantine messages originating from relays in this list. By default, this list is shared to other hosts in multi-server deployment as part of the Policy publication. Match type: Hostnames and IP Masks.
  • Blacklisted Senders: Blacklisted senders are addresses known to distribute spam or viruses. Policy tests and actions can be configured, for example, to reject or quarantine messages originating from addresses in this list. By default, this list is shared as part of the Policy publication. Match type: Email Globs.
  • End Users: Lists the addresses of the users who can access the End User Web Interface (EUWI). The default value grants all PureMessage end users permission to use the EUWI. Match type: Email Globs.
  • IP Blocking Exceptions List: This list is used to define IP addresses and fully qualified hostnames that should be explicitly allowed by the IP Blocker Service (see "Enabling or Disabling MTA IP Blocking") and the PureMessage policy. Entries in this list override blacklisted IP addresses in the data package from SophosLabs. Match type: Hostnames and IP Masks.
  • IP Blocking Inclusions List: This list contains the IP addresses and fully qualified hostnames that should be blocked by the IP Blocker Service (see "Enabling or Disabling MTA IP Blocking") and the PureMessage policy. Entries in this list override whitelisted IP addresses and hostnames in the SophosLabs data. This list must be added to a publication before it can be shared with other hosts in a multi-server deployment. Match type: Hostnames and IP Masks.
  • Internal Hosts: Domain names or IP addresses configured in this list are assumed to be internal. This list can be used to exempt specific hosts from policy rules. By default, "127.0.0.1" (localhost) is added to this list. By default, this list is shared as part of the Policy publication. Match type: Hostnames and IP Masks.
  • Offensive Words: A list of "restricted" words. The Offensive Words List can be used in a policy rule that quarantines messages if one of the words is found. This list must be added to a publication before it can be shared with other hosts in a multi-server deployment. Match type: Regular Expressions.
  • Quarantine Digest Users: This list is used to identify users who will receive Quarantine Digests. Only users with messages in the quarantine receive digests. Match type: Email Globs.

    Note
    You can also create multiple Quarantine Digest Users lists, for example, if you want to send out the Quarantine Digests at different times for recipients in different time zones or if you want to send out digests of different quarantine reasons for different groups of end users. For instructions on how to do this, see "Creating Customized Quarantine Digest Users Lists" in the Administrator's Reference.
  • RPC Hosts: Lists the IP addresses of other PureMessage servers. Scheduled jobs that are set up during installation allow the central PureMessage server to push content to the other PureMessage servers. Listing PureMessage IP addresses shares pre-configured lists (such as 'Blacklisted Senders' and 'End Users'). This list must be added to a publication before it can be shared with other hosts in a multi-server deployment. Match type: Hostnames and IP Masks.
  • Suspect Attachment Names: The policy script can be configured to perform actions based on the attachment names specified in this list. If you include the Message contains suspicious attachments test in a policy script, PureMessage searches the filename for the attachments defined as suspicious. This list must be added to a publication before it can be shared with other hosts in a multi-server deployment. Match type: Globs.
  • Suspect Attachment Type: The Message contains suspicious attachments test also searches the Content-Type and Content-Disposition headers for media types specified in the Suspect Attachment Type list. This list must be added to a publication before it can be shared with other hosts in a multi-server deployment. Match type: Globs.
  • Trusted Relay IPs: Trusted relays are mail-filtering hosts that are known to be safe. PureMessage uses a Trusted Relay IPs list to differentiate between unknown relays and "internal" relays (or trusted external relays). Relays with IP addresses within the 127.*.*.*, 192.168.*.* and 10.*.*.* blocks are always treated as internal relays. By default, the IP address of the first "external" relay is tested against the RELAY_IN_* group of anti-spam rules. All other external relays are tested against the RCVD_IN_* group of anti-spam rules.

    All IP addresses of relays that are known to be safe, but are not included in the IP address blocks described above, should be added to the Trusted Relay IPs list. For example, if an ISP provides message-relay services for your organization, the IP address of the ISP's mail server should be included in the Trusted Relay IPs list.

    Once the Trusted Relay IPs list is populated, configure the Disable non-relay checks? option on the Policy: Anti-Spam Options page.

    Note
    Match type: Hostnames and IP Masks, but only IP addresses (not domain names) can be entered in this list.
  • Whitelisted Hosts: Whitelisted Hosts are relays that are known to be safe. Policy tests and actions can be configured, for example, to exempt messages originating from relays in this list from spam checking. By default, this list is shared to other hosts in multi-server deployment as part of the Policy publication. Match type: Hostnames and IP Masks.
  • Whitelisted Senders: Whitelisted senders are addresses that are known to be safe. Policy tests and actions can be configured, for example, to exempt messages originating from addresses in this list from spam checking. By default, this list is shared to other hosts in multi-server deployment as part of the Policy publication. Match type: Email Globs. IP addresses can also be entered if (and only if) they are obtained from a message's "envelope-from" part.
  • Log Reasons: This list allows you to control which reasons appear in the Reason drop-down list that is used for building log search queries in the Groups Web Interface. If you want to be able to search for a reason that is not included by default, you must add it to this list. See "Adding and Deleting Custom Log Search Reasons" in the Administrative Groups section of the Administrator's Reference for more information. This list must be added to a publication before it can be shared with other hosts in a multi-server deployment.