Implementing Policy › Email Administration › Mailbox Policies

Mailbox Policies

Mailbox policies protect your organization against certain types of email abuse. You can implement policies in the following ways:

• You can define email address inclusion and exclusion lists:
  • Inclusion lists limit email reception to only mail that is sent from particular email addresses (for example, user@company.com) or email domains (for example, company.com).
  • Exclusion lists sort out unwanted email addresses or email domains.

  The default inclusion list for each mailbox is an asterisk (*). An asterisk by itself as a whole name in this list specifies World Domain, and represents all email domains not included in the exclusion list. This representation prevents ambiguity of whether the inclusion list is the complete list of permitted domains or the exceptions to domains in the exclusion list as follows:

  • An inclusion list that includes World Domain specifies that all other entries in the inclusion list are exceptions to the exclusion list, and only domains or addresses in the exclusion list are blocked (with the exception of specific addresses in the inclusion list).
  • An inclusion list that does not contain World Domain specifies that only addresses and domains listed in the inclusion list are permitted to post, and only if the sender domain (if the specific address is not in the inclusion list) or address are not in the exclusion list.
• You can set the Maximum Messages Per Hour Per Address limit for Denial of Service (DoS) detection.

  Maximum Messages limits the number of emails per hour that any one email address is permitted to send to that mailbox. If an email address exceeds the limit, the email address is added to the exclusion list. No more messages from that sender email address are processed for that mailbox until you remove the email address from the exclusion list.

  Mailbox policies for inclusion and exclusion lists and the maximum number of emails allowed per hour pertain to the single associated mailbox only. An address which is added automatically to one mailbox exclusion list for violating the maximum number of emails restriction is not added automatically to the exclusion list for any other mailboxes, nor is the email count used for other mailboxes.

Email addresses that violate policy are logged to the STDLOG based upon the settings of log_policy_violation (None, Log First, or Log All).