The restriction is on per-user basis. So the administrator can set a different filtering rules for each user. There is also a per-domain configuration and global-installation setting (applied from most general to most specific, i.e. from installation to user).

Regular user can not change the setting. So this is not like a privacy list where the user control the filter. Domain filter can not be changed or controlled by the user. System administrator can change the settings based on the company policy.

There are predefined rules for packet filtering:

  1. ALL - user can send and receive packets from anybody.
  2. LOCAL - user can send and receive packets within the server installation only and all it’s virtual domains.
  3. OWN - user can send and receive packets within his own domains only
  4. BLOCK - user can’t communicate with anyone. This could be used as a means to temporarily disable account or domain.
  5. LIST - user can send and receive packets within listed domains only (i.e. whitelist).
  6. BLACKLIST - user can communicate with everybody (like ALL), except contacts on listed domains.

Whitelist (LIST) and blacklist (BLACKLIST) settings are mutually exclusive, i.e. at any given point of time only one of them can be used.

Those rules applicable to particular user are stored in the user repository and are loaded for each user session. If there are no rules stored for a particular user server tries to apply rules for a VHost of particular user, and if there is no VHost filtering policy server uses global server configuration. If there is no filtering policy altogether server applies defaults based on following criteria:

  1. If this is Anonymous user then LOCAL rule is applied
  2. For all other users ALL rule is applied.