Would really like the ability to select a mailing list to only send to a set combined list of groups.

Like:
MailingList1: (this would reach All Sales & All Management both at a set location)

    GROUP:Sales & GROUP:Location

    GROUP:Managment & GROUP: Location

MailingList2: (This would reach all Sales Management regardless of location.)

    GROUP:Sales & GROUP:Management

Right now I have to make locational based position groups and the list is going to be really long and repetitive Sales X, Sales Y, Sales Z, Management Sales, Management X, Management Y, Management Z. I might be missing something that would allow me to do this without this added mailing list / group function.

Currently with location screening, any countries in the blacklist, the emails are simply dropped. In the main this has worked well with blocking 90% of the countries that we never expect to receive emails from and I think has really helped with malware.

However, once every few months, we miss an email that is sent by a helpdesk system or CRM system which for some reason is located in a country in the blacklist even though the supplier we are dealing with is not located in that country and their usual emails come through another system. I suspect that we are also missing emails that we are not even aware of that we should be receiving, because we are not waiting for that particular email.

I have come to the conclusion that a simple blacklist is not entirely practical because there is no way to track an expected email if it's blocked by country. I always have to keep asking the sender what IP address and country the Mailer program is using/from which is really not a desirable way to manage emails and this is causing frustration for end users.

I would like to request that we have the option to either blacklist a country or filter a country for smtp email connections as there are certain countries where an outright ban is appropriate but other countries where a spam filter approach might be better. In fact what I would do is set all countries to filter and after a couple of years, just block countries where we get no legitimate emails and filter the rest.

In addition, it would allow us to whitelist senders from filtered countries whilst still filtering everything else from that country. Currently I have to allow an entire country even if we only receive one sender from that country. Geolocation is great, but we need to go beyond simply blacklisting countries. I hope my suggestion of blacklisting and filtering lists would solve this.

With regards to my other request about separating authentication block list vs smtp block list - that request is still valid and relevant. We don't need people outside the country logging into the email.

Hopefully this latest feature request can be accommodated as well as separating authentication and smtp block list.

Thank you
Robert

Location Screening is a fantastic tool, and I use it extensively. I have eighty mailbox users of which the majority never leaves the country, but I also have a handful of users who travel extensively around the world.
The problem arises when I have to unblock a specific country for a particular user. Suddenly all the mailboxes on my server is open to brute force authentication attacks from that particular country.
If I could apply Location Screening by means of a template, or security group, or even directly on a particular mailbox, it would mean that if I open a particular country, only that one mailbox would be at risk from brute force attacks from that country.
I recently had to open the US because one of my users make use of PipeDrive, and it literally took minutes for the first brute force attempts from the US to start. If I could customize Location Screening to a particular mailbox, then it would mean that an attacker would not only have to brute force, but also have to guess which mailbox is open to that country.

The following security settings would be a good example here.

Close connection if no PTR exists
Close connection if no PTR Match
Outbreak Protection
Spambot Detection

I used to have Spambot Detection enabled but I disabled it a few months back because it appeared to me that the only emails being affected by this were legitimate senders.

I currently have both PTR checks above enabled. We have had a few legitimate senders affected by this.

I also have Outbreak Protection enabled

However there is no easy way for me to list all senders (domains) that were affected by security setting abc. This would really help to ensure that a particular security setting is optimal in that it's blocking 99% spam and less than 1% of legitimate emails. I think it would make sense to have some kind of search function to enable administrators to compile a complete list of sender domains that were blocked because of a security setting which would make it easy to pick up legitimate senders that are being blocked as a result of a security setting. In addition, if I saw 95% of the emails being dropped were from legitimate senders, I could disable that security setting.

I feel that we could be missing legitimate emails and don't even know about it because the sender either doesn't realise or does not let us know.

The request is that some of the metadata that appears in log files be organised in an accessible SQL db to simplify, and help secure the utilisation of the overall system.

My use case is as follows:

In an attempt to secure users primary emails I regularly run scripts to attempt to determine the source of authenticated sessions, and that they correspond to users and devices that are expected e.g. ActiveSync sessions from known devices and networks, or authenticated SMTP from known IPs or via authenticated VPNs.

These tasks end up parsing a lot of log files, where all of the info seems to reside.
However, it would be much easier if this metadata were stored in a queryable database.

A simple example - a QNAP NAS needs to have password details of an authenticated email account to send updates and details of security checks. Such NASes have had security holes that might have allowed them to be compromised. So I check that it only sends email to admins, and that this account only gets used from the NASes IP address.
This involves parsing the Dynamic screen log to check when an authenticated session starts, parsing the SMTP-in log to see the recipient and message number, and possibly the all log to check the title and other details.

These tasks would obviously be easier if they were a couple of queries! They would be dynamic and easier to protect rather than having log files copied around.