BoxTrapper - Ignore, White, Black list order
-
Hello, I've opened internal case CPANEL-15587 to report this behavior. I'll monitor this case and update this thread with more information as it becomes available. Thank you. 0 -
Thank you! I'll keep monitoring this thread for the updates. If there is anything you need me to try just let me know. jim 0 -
@cPanelMichael Greetings, I was just wondering if there has been any progress on CPANEL-15587. THanks! 0 -
I was just wondering if there has been any progress on CPANEL-15587.
Hello, There's currently no time frame on when a change to the existing behavior will make it's way into the product. I'll continue to monitor the case and update this thread with new information as it becomes available. Thank you.0 -
Hello , There's currently no time frame on when a change to the existing behavior will make it's way into the product. I'll continue to monitor the case and update this thread with new information as it becomes available. Thank you.
It's still a frustrating issue, 3 years later lol So I was just wondering(again) if there has been any progress on CPANEL-15587.0 -
Hey there, @jxmot - let me see if I can find out more details for you on this. It might take a few days, but I'll let you know what I see. 0 -
Thanks @cPRex ! 0 -
@cPRex Hello, it's been a "few days"... lol So today I ran into a good example of why the order in which the ignore, white, and black lists is completely wrong. In this example I was expecting an email from a *.org address. And due to previous spam activity .+\@.+\.org is in the ignore list. But the expected sender is in the white list (.+@someplace\.org), and that message was ignored even though it was white listed. If the list order was white, ignore, black I would have received that important message. 0 -
Ohsnap! It has a been a few days for sure. I actually never heard back on my end either, so I'm changing up the plan a bit. I'll reply soon :D 0 -
Alright - I looked into this and the original case was closed as this forums thread is the only report we've had about the issue. I spoke with the manager of the development team that controls email, and he did say it's something he'd like to get changed at some point, so the case has been reopened. It's just been a very low priority case for some time, so we aren't sure when there will be action taken to adjust that behavior. I know that isn't ideal, but that's the best information I have at this point. 0 -
Bummer. I can't believe that I'm the only one LOL Thank you very much cpRex for following up and giving me info. Btw, I am a software engineer with probably enough background to help in some way. Since the issue is low priorty would the manager of the development team be willing to consider some freelance assistance? 0 -
You're welcome to submit a patch if you think you have a good workaround available! If you think you've come up with something just submit a ticket to our team and we can get the right people to review that. 0 -
Cool. Can you direct me to the source code? 0 -
Nope - a vast majority of our perl modules are encoded or otherwise obscured as that isn't something we make public. 0 -
I know this is an old thread but I agree with the OP. Processing the white list (which will be finer grained) before the ignore list makes more sense. E.g you'd like to be able to first allow joe@gmail.com and sally@gmail.com in the whitelist before then hitting the ignore list to deny every other unknown gmail address. Processing the ignore list first really doesn't make sense.
0 -
Neil Erath - if you'd like to see something changed in the product you can always use the features.cpanel.net site to submit a feature request, as I also manage that area!
0 -
I've been having this exact same problem for what must have been a long time but I hadn't realised until now what was going on. My email users complain of missing incoming messages and I tell them "That sender is on Whitelist, look see it's there if you don't believe me...". Now come to think of it that does seem to have happened more the larger the ignore list became.
So I can confirm after tests today BoxTrapper is ignoring Whitelisted senders if the Ignore list spots something in their Subject: line. That's like about to let newspaper delivery through the gate - but then slamming the gate shut if spot a bad news headline! :-)
Is there an patch that could be applied to BoxTrapper, to say, ignore the IgnoreList after a WhiteList regex match?
0 -
Marc Barker - can you let me know which specific whitelist the address is in so I can do some testing with this?
0 -
I refer to BoxTrapper's own whitelist, not any other whitelist anywhere else. The one located here .../etc/.../.../.boxtrapper/white-list.txt , usually edited within BoxTrapper.
I've just discovered BoxTrapper also ignores when it's mail from the same account, making test even simpler.
Here's a suggested test:
1. send email to yourself from your own BoxTrapper enabled account (triggers a challenge if not set 'auto-whitelist') 2. whitelist yourself (appears in the white list as: me\@my\.address\.com) 3. send another email to yourself (comes through unchallenged) 4. Now add a keyword to the ignore list such as "subject password expiry" or "subject I Love You", using BoxTrapper's IGNORELIST editor 5. email yourself again including the keywords. 6. BoxTrapper ignores you even though you are whitelisted. The ignore of the whitelisted sender is recorded in the BoxTrapper log
0 -
Thanks for the additional details. I believe this is actually intended behavior as we have the following option enabled by default on a cPanel server:
"Automatically whitelist the To and From lines from whitelisted senders (whitelist by association)."
So, if that email user has already authenticated through BoxTrapper one time, anything in the subject line is also whitelisted from that user.
This setting is in cPanel >> BoxTrapper >> Configure Settings.
0 -
OK that makes sense but Is it also intended behavior to ignore whitelisted senders? (each time they trigger a ignore list rule)
1 -
If by "ignore" you mean "don't make them reauthenticate through BoxTrapper again" then yes, I believe that is expected.
0 -
Authentication isn't the issue. The issue is BT is (quietly) discarding messages from whitelisted senders when they trigger the ignore list. Try the 123.. test above!
0 -
Here's an abreviated test.
1. Control. Send email to yourself (you're already authenticaed and on whitelist). Comes straright through.
2. Now manually append to Ignore list a new line: " subject password reset ". (Just as normal)
3. Email yourself again including " password reset " in subject line , to trigger the Ignore list action.
3. BoxTrapper will then ignore you even though you are whitelisted.
The ignore is recorded in the BoxTrapper log
1 -
Thanks for that - I've confirmed this behavior and I'm reaching out to the team to see if that is how they expect things to work.
I personally would expect a whitelist to override everything, but I'll let you know what I find out!
0 -
I can see some scenarios where one would want to block whitelisted senders according to subject line criteria.
1. Mitigate spoofing of a whitelisted sender, by blocking certain phrases a spoofer would likely use. (Nowadays SPF and DMARC would pick these up, so this may be moot)
2. Employers wishing to 'vet' personal use such as excluding words/ phrases non business related, but again these days may be interpreted as invasion of liberty.So might I suggest if there will be a patch or feature, that it have a toggle switch or something. i.e. "apply ignore rules to whitelist" on/off
0 -
Alright - I've talked with the team about this and we've decided *not* to change the current behavior as that would likely break the existing implementation that other users have relied on for years.
I think the best plan for this is to create some additional documentation about how this works over at https://docs.cpanel.net/cpanel/email/boxtrapper/ to avoid confusion in the future, so I've created a case with our docs team to get that handled.
0 -
I do hope you know what you're doing :-) because seeing this documented so late in the day could well finish BoxTrapper.
During the last 20+ years BoxTrapper users (according what's talked about in to various forums) apparently expect White-list has priority over Ignore-list. In fact this behavior seems so expected there's no need to document it.
...And now these BoxTrapper users then discover that was never the case since the beginning, nor they can do anything about it. I imagine some users will start scouring their BoxTrapper Log files for instances of ignored mails from whitelisted senders out of realisation they have been gas-lighting their users over this, almost a BoxTrapperGate!
Seriously though I do expect users who suddenly see this documented behavior will now want to begin immediate possible damage control over this - or could even ditch BoxTrapper altogether.
0 -
I ask you please put on hold for now in updating the BoxTrapper documentation?
I have some possible workarounds which apply Whitelist first making BoxTrapper operate instead as users expect it to.
edit: of course after 20+ years of product lifecycle can't just alter the behavior, as you say. However I feel publishing an addendum to standard documentation which clarifies what the behavior (ignore 1st) is, along with workaround steps neccesary to adjust the behavior (whitelist 1st), if so desired.
0 -
Whether or not there is a good workaround for you, we should still make what we've found through testing in this thread a bit more public.
0
Please sign in to leave a comment.
Comments
33 comments