IP Address filtering
From GWAVA4
Contents |
Introduction
Blocking messages based upon the IP address is a standard method of blocking unwanted messages. We recommend you use this methodology in conjunction with the Antispam heuristic system and the Source/Destination filtering system to maximize effectiveness.
The IP address may be identified or the sender of a message may be identified in multiple ways. Choose whatever is convenient for you.
- your firewall logs
- your GWIA logs
- the GWAVA logs
- the Quarantine Management System (QMS)
Expand the folder for the server you want to configure, expand Manage scanners, select the appropriate scanner, choose Scanning configuration, then click on IP address.
To turn on IP address filtering, check the Enable IP address event box.
- NOTE: As you make changes to your configuration, the disk icon
in the upper right corner of the page will become active and the words SAVE CHANGES will appear. Do not forget to click the icon to save your changes before moving to another page, or your changes will be lost. Some searching and filtering options will also warn you that you must SAVE your CHANGES or lose them.
- NOTE: GWAVA 4 uses different methodologies to identify the IP Address of the sender depending on the type of interface, and the availability of IP addresses to it such as message header and TCP connection information.
Adding New Filters
To add a new IP address to the list, enter the IP address in the Add new address field. The wild card character * can be used, so to block all IP addresses beginning with 209.21.168, you would enter 209.21.168.*. See Data Input Types for a complete description of your input options (regular expressions are particularly useful for ranges of IP Address blocks).
Next, select the services that you would like to apply to this new filter by checking the box under the appropriate service icon.
- TIP: Move your mouse pointer over the icon to display the name (Block messages, Notify the sender, etc).
Finally, click the green plus sign (
)to add the new type.
Removing Entries
You can remove an entry by clicking the red X (
) next to the appropriate entry.
Editing Existing Entries
To edit an entry, click on the entry and change the text. You may also toggle any of the services, edit any of the notes, and adjust any of the addresses or exceptions.
Pagination
If more than 50 entries exist, you may use the VCR-style controls (
) to move between pages.
Switching between Services, Notes, Addresses, and Exceptions
You switch between viewing the associated services, notes, etc. for the entry by clicking on the scroll arrows (
or 
).
Services
A service will be triggered when a message is received that originates from the specified IP address range.
Block Messages - blocks the message.
Notify Sender - sends a notification message to the sender.
Notify Recipient - sends a notification message to the recipient.
Notify Administrator - sends a notification message to the administrator.
Notify Defined Address(es) - sends a notification message to the address(es) defined in the Address section (see "Addresses" below).
Quarantine Messages - store the message in the Quarantine Management System (QMS). This is useful for future examination by the administrator or end users, and for releasing the message in the QMS system or in Digests. Quarantining a message does not necessarily imply the message is blocked.
- NOTE: Multistate services are disabled by default. Choose the
Preferences button on the upper right to enable or disable Multistate services.
Notes
You may enter notes associated with each entry for your own purposes by selecting Notes with the scroll arrows ( or ).
These notes have no effect on the processing of the entry; they are for your private use.
Defined Addresses
If you want to send a notification message to a specific group of individuals each time this entry triggers an event, you must do two things:
- Turn on the Notify Defined Address(es) service
.
- Specify the address list in the Addresses section.
To add an address(es), select Addresses using the scroll arrows ( or ). Click the Edit button (
). Type the appropriate user's address and click Add (
). Repeat process to add additional addresses. Click OK (
) when finished. As always, save your changes!
Exceptions
You can create two types of exceptions to your entered criteria: Source Exceptions and Destination Exceptions. If you don't want your entry to apply to a particular source (From: ), then you create a source exception. If you don't want your entry to apply to a particular destination (To: ), then you create a destination exception. Both of these exception types will apply to inbound and outbound mail, thus you can create source exceptions for internal addresses, as well as external addresses. The same applies for destination exceptions.
To add an exception, select either Source Exceptions or Dest. Exceptions using the scroll arrows ( or ). Click the Edit button (). Type the desired address for your exception, then click Add (). Repeat process to add additional exceptions. Click OK () when finished. Save changes.
- NOTE: If you want to see what exceptions a particular address or address pattern has been assigned, see Managing exceptions.
Filtering and Searching
You can choose which items to display by using the Filter. The default filter is Show All, displaying all items. You can choose to display only items with specific attributes by selecting the desired attribute from the Filter drop down box. For example, if you want to only look at entries that have Administrator Notifications turned on, then select Administrator Notification under SERVICES in the drop down box (see image below). You can filter by each of the six services or by defined fields (Notes, Exceptions, etc).
You can search for specific criteria using the Search feature. Searches only apply to the filter entry itself, not notes, addresses, services, etc.
