MailWatch icon indicating copy to clipboard operation
MailWatch copied to clipboard

Published 20 hours ago verified publisher icon mailwatch

Whitelist/Blacklist Effectiveness Indicators

Open rickyboone opened this issue 3 years ago • 0 comments

A potentially useful feature in future versions of MailWatch would be to add metrics that show the effectiveness of items in the MailWatch managed whitelist or blacklist. For example:

From To First Seen Last Seen Total Hits Actions
[email protected] default 2021-08-01 12:34:56 2021-08-03 11:11:11 37 Edit, Delete, Reset Indicators, Quick Search

I suspect the performance of the lists page may be impacted if it had to query for each entry against the main maillog table, so instead I think having these as values within the blacklist and whitelist tables that get updated as a step within the normal SQL processes that are added to MailScanner would be better, plus it would allow to have these values reset independently from the contents of the maillog table. This is something that firewalls, for example, provide to help determine if a rule is not working as expected, if another rule is shadowing it, etc.

Additionally, a link that quickly performs a search based on the criteria of the specific whitelist/blacklist item could be added to the actions list, similar to the links in the message detail page that are available for the received via IP.

rickyboone avatar Aug 03 '21 13:08 rickyboone