How to Configure Symantec Brightmail Message Filter to Remove Internal Network Addresses from Blocked Senders Whitelist

Article:TECH85279  |  Created: 2007-01-11  |  Updated: 2010-08-26  |  Article URL http://www.symantec.com/docs/TECH85279
Article Type
Technical Solution

Product(s)

Environment

Issue



You want to enable the product to block messages from an internal IP range.


Out of the box, Symantec Brightmail Message Filter (SBMF) and Symantec Brightmail AntiSpam (SBAS) will not block messages from internal sources based solely on IP address of the sender.


This behavior does not affect other the ability of the product to detect and block spam or viruses in messages.


 


Cause



All Brightmail scanners are shipped with a range of internal IP addresses that are considered 'whitelisted'. Messages that are received from these locations will not be affected by the blocked sender list.


Solution



To configure SBMF or SBAS to remove one or more internal IP ranges from the whitelist for Block Senders
 

  1. If using a Brightmail Control Center (BCC), remove the scanner from the control center. If not, move to step 2.
    To remove a Scanner from the BCC, follow these steps:
    1. Login to the Brightmail Control Center
    2. Click on Settings->System Settings->Brightmail Scanners
    3. Select the check-box next to the Scanner that you wish to remove
    4. Press the Delete Button
    5. Press OK
     
  2. Stop bmserver service.

    For Windows 2000/2003 systems follow these steps:
    1. Click on Start->Control Panel->Administrative Tools->Services
    2. In the list find the BMserver service
    3. Right click on the service and select Stop

    For Linux or Solaris systems follow these steps:
    1. Login to the shell prompt of the Brightmail Scanner
    2. Enter the following and press return:
    /etc/init.d/mailwall stop
     
  3. Edit the bmiconfig.xml file.

    For Windows 2000/2003 systems, this file is typically located at C:\Program Files\Symantec\sbas\Scanner\etc\bmiconfig,xml
    For Linux or Solaris systems, this file is typically located at /opt/symantec/sbas/Scanner/etc/bmiconfig.xml
     
  4. Look for the following section:

      

    <module xsi:type='permitModuleType' name='libpermit' enabled='true' critical='false' profiling='false'>

         <url>https://aztec.brightmail.com/rules2/permit_rules</url>

         <ruleFile>/opt/symantec/sbas/Scanner/etc/allowedblockedlist.txt</ruleFile>

         <internalRange hidden='true'>0.0.0.0/255.0.0.0</internalRange>

         <internalRange hidden='true'>10.0.0.0/255.0.0.0</internalRange>

         <internalRange hidden='true'>127.0.0.0/255.0.0.0</internalRange>

         <internalRange hidden='true'>169.254.0.0/255.255.0.0</internalRange>

         <internalRange hidden='true'>172.16.0.0/255.240.0.0</internalRange>

         <internalRange hidden='true'>192.168.0.0/255.255.0.0</internalRange>

         <bbl enabled='true'/>

         <rcvdDNSBL enabled='false'/>

         <safelist enabled='true'/>

         <extendedWhiteCheck enabled='false'/>

         <dbgShowScan enabled='false'/>

         <dbgDumpRules enabled='false'/>

         <dbgTimeRuleLoad enabled='false'/>

         <dbgTimeRuleSearch enabled='false'/>

    </module>


     
  5. Comment out the lines of the IP address ranges that you do not wish to whitelist, for example:

    The following example is found in the bmiconfig.xml file:

    <internalRange hidden='true'>10.0.0.0/255.0.0.0</internalRange>

    Update the line like this to remove the 10.x.x.x IP address range from whitelisting:

    <!-- <internalRange hidden='true'>10.0.0.0/255.0.0.0</internalRange> -->

  6. Save the file.
     
  7. Start bmserver service.
    For Windows 2000/2003 systems follow these steps:
    1. Click on Start->Control Panel->Administrative Tools->Services
    2. In the list find the BMserver service
    3. Right click on the service and select Start

    For Linux or Solaris systems follow these steps:
    1. Login to the shell prompt of the Brightmail Scanner
    2. Enter the following and press return:
    /etc/init.d/mailwall start
     
  8. Re-add the scanner to the control center, if applicable.
    To Add a Scanner from the BCC, follow these steps:
    1. Login to the Brightmail Control Center
    2. Click on Settings->System Settings->Brightmail Scanners
    3. Press Add
    4. Enter in the Scanner Description and Hostname/IP address for the Scanner.
    5. Press Next
    6 Select if the Scanner has both the Brightmail Scanner and Client installed on it and press Save.





Technical Information
See Bugzilla http://bugzilla.brightmail.com/show_bug.cgi?id=10273


 


Supplemental Materials

Value10273

Legacy ID



2007011112092663


Article URL http://www.symantec.com/docs/TECH85279


Terms of use for this information are found in Legal Notices