Block Authentication by Country - All but Specified Countries

Question asked by Jay Altemoos - 11/11/2024 at 2:09 PM

Unanswered

Good day everyone,

We have the block authnetication by country enabled with "All but specified countries" in our general section of the server which implments that list to all our domains server wide, which by the way is nice so that we don't have to go to each domain and specify that list. My question is this, since we have that enabled, now when a customer calls in about not being able to authenticate when they are out of country, we can't just add another country to their domain, we have to add it to the global list which now enables that for the rest of our domains.

What I have seen is when you try to add a new country for allowed authentication under the domain, the drop-down only gives you the ones you allowed server wide in the first place. I really don't want to have to enable that country server wide if it's only 1 client domain that needs it. Any idea why that is?

Our build is 9008 from Aug 30,2024.

4 Replies

Reply to Thread

Jereming Chen Replied

11/13/2024 at 4:58 PM

Employee Post

Hello Jay,

The idea is the Server configurations should not be overruled by Domain configurations. Thus a server config that blocks all but say the US and UK traffic would apply to every domain. These countries are exceptions to the universal block so you can think of them as whitelisted. Following the idea that domains should not be able to overrule the system, it would not make sense for a domain to add an additional exception to this list for themselves if the connection would be stopped at the system level.

That being said, I can see the point in allowing certain domains to have an exception so I have submitted this as a feature request for a System level config of a Domain.

Jereming Chen System/Network Administrator SmarterTools Inc. www.smartertools.com

Curtis Kropar www.HawaiianHope.org Replied

11/13/2024 at 8:55 PM

Hey Jereming

I would subscribe and expand on that request too. Virtually all of our clients are here in Hawaii in the US, and the likely hood that any of them will ever try to authenticate from anyplace else is really remote. However, we do have a couple of domains where their staff will normally travel to other countries for things, It would be nice to block everything for everyone but have a few domains that we can say "During the next 15 or 30 days allow authentications from this country." and after that time it automatically revokes.

www.HawaiianHope.org - Providing technology services to non profit organizations, low income families, homeless shelters, clean and sober houses and prisoner reentry programs. Since 2015, We have refurbished over 11,000 Computers !

Jereming Chen Replied

11/14/2024 at 7:58 AM

Employee Post

Hello,

One potential work around for now would be to whitelist the IP that is being used by the employee that is connecting from abroad because SmarterMail should prioritize the Whitelist over the Block Authentication by Country. Another option I can think of is to use a VPN so their source IP is effectively masked.

Jereming Chen System/Network Administrator SmarterTools Inc. www.smartertools.com

J. LaDow Replied

11/14/2024 at 9:59 AM

With the multitude of VPNs out there including those bundled with some browsers, we don't make exceptions - a VPN solution with the exit node being in an approved country is the only way to go. If you are worried about getting a "dodgy" VPN, I suggest assembling a "recommended list" for your users when they are required to use one.

We use Windscribe due to multi-platform clients and ease of use, but that's neither here nor there (and not a paid endorsement) -

MailEnable survivor / convert --

Back to Community Threads

Please leave this box unchecked

4 Replies

Reply to Thread

Tags

Related Knowledge Base Articles