Using Whitelists with Symantec Mail Security

HCL Domino Domino Forum
1

Hi,

I’m using Symantec Mail Security 4.1.1.22 (the latest version), and have pasted all of the domins from our address book into the whitelist to reduce our false positives. Unfortunately, the whitelist function isn’t working.

I’ve just contacted Symantec and been told that Whitelists can bypass heuristic and anti-spam, but not content filtering.

It looks as if my best bet is to create a match list of whitelisted domains and then add an “UNLESS” clause to all of my rules.

Has anyone else had any success with whitelisting with this product?

Thanks.

2

Subject: Using Whitelists with Symantec Mail Security

As for as I know, you can not whitelist the content filter. since the filter is more for the legal protection of the company, the CF rules should apply to all messages, internal and external. This is the main reason I believe Symantec does this. Trend Micro I believe is a little more granular, but only on the STMP gateways. I personally have turned off the CF because it is not as mature as I wuld like it to be. It also isn’t a very smart engine.

3

Subject: RE: Using Whitelists with Symantec Mail Security

Hi Craig,

I’ve got a resolution which may also be of use to you, but first a bit about the content filtering.

The inbuilt symantec content filtering categories are hopeless. What I’ve done is create a bunch of new match lists for various categories of spam. eg: General Marketing, Sex Related Drugs, Deliberate Misspellings etc… I then have different rules surrounding them. For instance, It’s hard to be sure about general marketing, so I tend to simply quarantine these messages, but the other two categories only have words that we don’t use in business, and can be deleted immediately.

I find that this approach works very well, though admittedly, I do have to update my match lists regularly.

Now, for the white lists, I’ve created a new match list that contains all of my regular domain names (from external users in our address book).

I’ve then ammended every rule to read…

IF Body Contains (Ignore Case) [Match List - Sex Related Drugs]

OR Subject Contains (Ignore Case) [Match List - Sex Related Drugs]

UNLESS Sender/Author Contains [Match List - Whitelisted Domains]

Naturally, the first two Match lists change from rule to rule. The only rule haven’t applied this to is the file Extensions rule. I don’t care who people are, they’re not sending us any .VBS Files.

This wasn’t how I envisaged the white lists to work in Mail Security, but this method is producing results.

Hope you or some other Notes.net people can use this on your systems.