How to whitelist a domain including all subdomains in ISPConfig 3.1 (Rspamd)

Discussion in 'ISPConfig 3 Priority Support' started by Wade John Beckett, Sep 14, 2025.

Tags:
  1. Wade John Beckett

    Wade John Beckett Member HowtoForge Supporter

    Hi,
    I trust you are well :)

    I’m running ISPConfig 3.1 on Debian with Rspamd as the content filter.

    In the ISPConfig interface under Email → Spamfilter → Whitelist, I can add entries like @domain.com to whitelist all senders from that domain. According to the documentation, this only matches the naked domain.

    The issue: some providers (e.g. SageOne via SendGrid) use rotating subdomains like:

    [email protected]
    [email protected]

    These subdomains change constantly, so I cannot manually add each one.

    Question:

    • Is there a way in ISPConfig’s Spamfilter Whitelist to whitelist all subdomains of a parent domain (e.g. everything under *.sageone.co.za)?
    • Or does this require a manual Rspamd settings.conf rule / regex whitelist outside of the ISPConfig GUI?

    Thanks in advance!
     
    Wade John Beckett, Sep 14, 2025
    #1
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    I have never tried it, so I can not say if it works. It's best to try entering it in the whitelist and checking how it is inserted in the Rspamd config afterward. Also, ist probably not *.sageone.co.za but likely just sageone.co.za that you enter.
     
    till, Sep 14, 2025
    #2
  3. Wade John Beckett

    Wade John Beckett Member HowtoForge Supporter

    Hi @till
    I trust you are well.

    From your reply and my research, I gather that this type of wildcard whitelist would need to be done in rspamd via the CLI?

    If so, noting that end users will not have root or shell access, does this mean that an end user will not be able to effectively handle whitelisting?
     
    Wade John Beckett, Sep 15, 2025
    #3
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    No, I referred to the ISPConfig interface. Have you tried it?
     
    till, Sep 15, 2025
    #4
    Wade John Beckett likes this.
  5. Wade John Beckett

    Wade John Beckett Member HowtoForge Supporter

    Yes. I already whitelisted the naked domain @sageone.co.za in the ISPConfig interface, but it does not apply a wildcard to catch the sub domains as far as I can tell.


    Code:
    spamfilter_wblist-2 {
    priority = 50;
    from = "@sageone.co.za";
    rcpt = "@launchsa.co.za";
    want_spam = true;
    apply {
        actions { reject = null; "add header" = null; greylist = null; "rewrite subject" = null; }
    }
}
     
    Wade John Beckett, Sep 15, 2025
    #5
  6. pyte

    pyte Well-Known Member HowtoForge Supporter

    You can try, if the panel allows you to, to set
    Code:
    /.*@.*sageone.co.za/
    This would work in the user config itself, but I'm not sure if ISPConfig will let you save it like that.

    Anysways, I strongly advise you to not use whitelisting in ISPConfig if possible. The current implementation lacks quiet a bit, and should only be used as a last resort. As these mails seem to originate from trusted senders, may fix the issues why you tag these in the first place, instead of whitelisting them.
     
    pyte, Sep 15, 2025
    #6
    ahrasis likes this.

Share This Page