This article applies to the following products:
- Messageware EPG 2019
- Messageware EPG 2016
- Messageware EPG 2013
OVERVIEW
The Filtering Service allows administrators to import and manage downloaded lists of high-risk IP addresses from trusted sites. Navigate to EPG – Admin > IP Filtering > Filtering Service.
Enabling Filtering Service
- Set Enable Block List to Enabled
- Enabled - EPG will enforce imported block lists
- Disabled - EPG will not enforce (ignore) imported block lists
- Set Import Block List to Enabled
- Enabled - EPG will import the configured block lists according to the configured schedule
- Disabled - EPG will not import configured block lists. If lists are already imported they will continue to be used
Enabling Filtering Service
Update Mode - Choose the update mode to be Daily (once per day) or Weekly (once per week)
Day - if weekly, choose the day of the week the filtering service will download and import the configured IP Block Lists
Time - choose what time the Filtering Service will download and import the configured IP Block Lists.
First Import: To schedule and test the first import, select today and “manually” type the time approximately 10 minutes from the current time. Wait and reload the Admin page to ensure the process started. If the process has not started, check the Eventlog on the server where EPG Monitor is installed.
The EPG Monitor component, installed on one server in your environment, is responsible for the download and import of the IP Block Lists. Some IP Block Lists are quite large and can take some time to process.
Adding IP Block Lists
- Select “Add new record”
- Set the Enabled checkbox to ensure the list will be turned on
- Select the Type of list or choose “Custom”. The list type does not impact how the file is processed in any way and is only for your reference
- Enter a file name for referencing the IP Block List – note that this is just for reference purposes and does not need to match any filename that the provider may suggest
- Add a Description for reference
- Enter the URL or full path to a local file for downloading the block list
- Select Insert to add the new record to the list
Example for entering UCE Protect level 1 IP Block List
Example for entering a local IP Block List file
Recommended IP Block Lists
The following block list providers and URLs are recommended:
UCE Protect
Level 1: http://wget-mirrors.uceprotect.net/rbldnsd-all/dnsbl-1.uceprotect.net.gz
For more info, see http://www.uceprotect.net/en/index.php
SPAMHaus
Drop List: https://www.spamhaus.org/drop/drop.txt
E-Drop List: https://www.spamhaus.org/drop/edrop.txt
For more info, see: https://www.spamhaus.org
Checking IP Block List status
The Filtering Service web page will show the status of downloading and importing each of the configured Block Lists.
IP Block Lists are processed in sequential order, not in parallel, so it is possible that there will be no status for some block lists while others are processing.
To refresh the status, click on the ‘Refresh’ button in the lower-right corner rather than the web-browser reload which will return to the main Admin pages.
If additional details are available, a button next to the status will appear.
Status messages during the Block List download and import are:
|
Status |
Description |
|
Pending initial download |
This status occurs after an IP Block List is first configured, before the Filtering Service has started to download and process the IP Block List file. |
|
Update successful |
This status occurs after the Filtering Service has successfully processed the IP Block List file. |
|
No update |
This status occurs when the Filtering Service has determined that there were no new updates since the last time the IP Block List file was processed. |
|
Processing IP Ranges (25%) |
This status occurs when the Filtering Service is parsing the IP Block List file. |
|
Importing into DB |
This status occurs when the Filtering Service is adding the blocked IP ranges into the EPG database |
If an issue occurs when the Filtering Service is attempting to download and process the IP Block List file via the URL, an error status may appear.
Common errors are:
|
Status (Error) |
Description |
|
Failed to connect to URL |
EPG was unable to retrieve the list from the configured URL. This can occur if the URL has a typo, or if the block list provider is rate limiting or requiring authentication to access the list. |
|
Failed to extract list |
EPG was unable to extract the list. This can occur if an unexpected response like an error page was returned instead of the IP Block List file when EPG pulled the URL for the list. Please check the URL to see whether it downloads an IP Block List file. |
|
Failed to parse list |
EPG was unable to parse the list. This can occur if an unexpected response like an error page was returned instead of the IP Block List file when EPG pulled the URL for the list. Please check the URL to see whether it downloads an IP Block List file. |
|
Unsupported format |
The IP Block List file downloaded does not appear to be in a supported format. EPG supports P2P and CIDR for the line format, and ZIP, GZ, TXT extensions representing the compression format. |
|
File path invalid |
These statuses are I/O related failures and should generally not occur. Please contact Messageware Support if you see one of these status errors. |
Example: