account control center

Roller Network Help - Valid User Table

The valid user table is a system to configure a list of valid users for a mail domain. This feature is required to configure the Roller Network mail servers with a list of valid email addresses for a given domain. It will also prevent dictionary attacks and eliminate backscatter. By default, the recipient map table for a domain is empty.

The default action determines how the Roller Network will validate email addresses:

A recipient map entry may have an "Allow" or "Deny" action associated with it:

For the "Allow" action, any configured filtering options (DNSBL, SPF, blacklist, etc.) still apply to the final decision; a message may still be rejected by another filter after an "Allow" action is matched. The most common configuration is to list valid addresses as "Allow" entries in "Default Deny" mode. A "Deny" entry is only effective in "Default Allow" mode. Likewise, an "Allow" entry is only effective in "Default Deny" mode.

Single entry or bulk entry (one address per line) is available. Changes take effect immediately. Address extensions, as defined by the "Recipient Delimiter" setting, are ignored when checking the recipient map table. After an entry is added, it may be enabled, disabled, or removed from the valid user table. If an entry in the valid user table is rejected by the destination mail server, it will be automatically deleted by the system. Existing rules can not be changed. When a domain's valid user table is enabled, the following lookup process is applied:

  1. Skip any domain marked as "disabled".
  2. Skip any entry marked as "disabled".
  3. If a matching "deny" entry is found, reject immediately.
  4. If a matching "allow" entry is found, permit the recipient (pending other filter results).
  5. If no matching entry is found, apply the default action.

Mail forwarding maps are automatically included in the valid user table as an "allow" entry.

All mail domains must configure a valid user table. Addresses "postmaster" and "abuse" are automatically included, as they are required by RFC2821 and RFC2142.

The valid user table is available on all account levels. Free accounts are allowed 20 entries (excluding required actions) while paid accounts are allowed unlimited entries. Free accounts that need more entries should use "Default Allow" mode. Paid accounts may also elect to use the Account Control Center API to integrate valid user functions into a management system or other procedure when adding and removing email accounts from the primary server.

Automatic Learning Mode

Automatic learning is only effective in RCPT or VRFY mode when all messages pass through our servers. If you are using a domain in "Secondary MX" we recommend using "Default Deny" mode and the API (or manual entry as part of standard procedure when adding and removing email addresses) to maintain the list of valid users, or use the "HTTP/HTTPS Request" query method calls to validate addresses external outside of the SMTP path.

In addition to managing an explicit table of addresses to allow or deny, an automatic learning mode is also available. When a domain is in auto-learn mode, an address probe is made to determine if the address should be accepted or rejected. This response is then cached by the system, after which the cached entry will be used to determine the response for future responses on the same address. The primary server is only probed if a cached entry was not found.

How does the system know what server to probe? The primary server is determined in one of two ways depending on the domain mode. For domains in "SMTP Redirection" mode, our system will probe the server and port as configured in the account manager. In "Secondary MX" mode, a list of MX records will be assembled and any server at or below the MX priority of the Roller Network mail servers will be probed.

Automatic learning mode (show in the account manager as "Auto-learn") can use three different methods to check an address: SMTP "RCPT TO" commands, SMTP "VRFY" commands, and a URL query method. Once the probe is made and the response cached, the same address will not be probed again until it expires (or is removed from) the cache. All address queries are made using the "stripped" address, i.e. without address extensions.

The default method, and the most compatible, is to probe using a "RCPT TO" command and cache the response given. An "unknown user" response will result in a cached "reject", while an "ok" response will result in a cached "accept". SMTP "VRFY" is similar, except the response to a VRFY command is used instead of RCPT TO. A third advanced method is available to validate email addresses: HTTP/HTTPS Request. This method allows a URL to be queried and an "ACCEPT" or "REJECT" response returned. The URL has three substitution tokens which are replaced with the appropriate information when the URL query is actually made. These are:

For example, the URL "http://www.mydomain.com/validate.cgi?domain=%d&user=%u" would be queried as "http://www.mydomain.com/validate.cgi?domain=domain.com&user=myuser". The URL must return only the words "ACCEPT" or "REJECT" in response in plain text.

There are several options for configuring automatic learning mode.

The cached data table is also shown. Entries may be removed from this table, as desired. When the "Cache Expiration" time is exceeded, the entry will be removed automatically.

Home | Account Control Center | Status | Help | Contact | Policy | IPv6

© Roller Network LLC