Docs/Security Features/Access Control Lists

Access Control Lists

Manage blacklists and whitelists for controlling email access.

Overview

Access Control Lists (ACLs) let you explicitly allow or block specific senders, domains, or IP addresses. ACLs are evaluated before other security checks.

ACL Types

  • Whitelist: Always accept email from these sources
  • Blacklist: Always reject email from these sources

What You Can List

  • Email addresses: spammer@example.com
  • Domains: @spam-domain.com
  • IP addresses: 192.168.1.100
  • IP ranges (CIDR): 10.0.0.0/8

Adding Entries

In the dashboard, go to ACL → Add Entry:

  1. Choose type (Whitelist or Blacklist)
  2. Enter the value (email, domain, or IP)
  3. Optionally add a note explaining why
  4. Save

Whitelist Examples

# Trust all email from partner company @trusted-partner.com # Trust email from backup MX server 192.168.10.50 # Trust specific sender ceo@important-client.com

Blacklist Examples

# Block known spam domain @spam-factory.com # Block compromised IP range 45.33.32.0/24 # Block specific spammer spammer@malicious.com
Priority

Whitelist entries are checked before blacklist entries. If a sender matches both, they will be allowed.

Bulk Import

Import multiple entries at once:

  1. Go to ACL → Import
  2. Paste entries (one per line)
  3. Select whitelist or blacklist
  4. Click Import

Export

Export your ACL for backup or migration:

  1. Go to ACL → Export
  2. Choose format (CSV or plain text)
  3. Download the file

Auto-Blacklist

SecZim can automatically blacklist IPs that show malicious behavior. See Auto-Blacklist for details.

Caution

Be careful with broad whitelist entries like entire domains. A compromised account at a whitelisted domain could bypass all your security checks.