Restricting Delivered Messages with Recipient Whitelisting
Applies to HMS Version: 2.1+
It is often useful to separate different types of outbound messages between multiple accounts on a Hurricane MTA Server. Some accounts may only deliver to specific addresses or domains, depending on their purpose. For example, an account may be configured to specifically handle messages for internal consumption within a company. Accounts such as these can take advantage of the Recipient Whitelisting feature to prevent the processing of messages to unintended recipients, either inadvertently or through malicious intent. This feature can be particularly useful for preventing compromised machines that are generating spam messages from using an MTA account to deliver messages to random addresses, greatly restricting the amount of damage done before such activity is detected and stopped.
The following should be considered before using this feature:
This feature is enabled and configured by adding a single line to the [Restrictions] section of the general.config file found in an individual account's config directory. Please remember to reload the target account's configuration after making these changes in order for these changes to take effect.
Description: A comma-delimited list of email addresses. If set to anything other than an empty string, this account will only accept email with a RCPT TO address that is on this list. The comparison is a case insensitive string match. At this time wildcards are not supported.
Example: The following example shows how to create a Recipient Whitelist.
Using the above configuration, only messages that identify themselves as being delivered to any address at @example.com or firstname.lastname@example.org via the RCPT TO component of the SMTP protocol are accepted by the MTA.
For more information about writing regular expressions, we recommend third-party resources such as the following:
The following Knowledge Base article may also be of interest: