Mails from whitelisted domain goes to quarantine

Skorpiuz · Sunday at 12:23

Hello for everybody.
I have added SMTP domain to Global Whitelist and SMTP Whitelist but emails from this domain are still going to quarantine.
PMG 8.1.2.

From SA score
KAM_2TLD_PROBLEMS(2)
KAM_SOME_2TLD_ARE_BAD(3)

Please hepl to fix this problem.

Skorpiuz · Sunday at 12:27

Stoiko Ivanov · Monday at 09:30

Please share the logs of such a mail, and its header

Skorpiuz · Monday at 19:28

Partially i've fixed the problem by adding ip-addresses and ip-networks in both WL.
What logs should i share? Can you show me examples?

Stoiko Ivanov · Monday at 19:47

Skorpiuz said:
What logs should i share? Can you show me examples?

the Tracking Center already should contain the relevant logs (you might need to select include Greylist and include empty sender)

else the journal from the timeframe where such a mail was sent to the quarantine would help as well

Skorpiuz · Tuesday at 07:13

Example 1
In this case IP [52.103.176.2] is added to WL as piece of IP-network [52.100.0.0/14]

2025-03-25T07:42:17.296303+03:00 pmg01 postfix/smtpd[206058]: connect from mail-germanywestcentralazrln10220002.outbound.protection.outlook.com[52.103.176.2]
2025-03-25T07:42:17.391093+03:00 pmg01 postfix/smtpd[206058]: 5F71A9C1523: client=mail-germanywestcentralazrln10220002.outbound.protection.outlook.com[52.103.176.2]
2025-03-25T07:42:17.473246+03:00 pmg01 postfix/cleanup[206062]: 5F71A9C1523: message-id=<015d9d4f-13a1-4034@b09e-2be4d483ab1a>
2025-03-25T07:42:17.595718+03:00 pmg01 postfix/qmgr[656]: 5F71A9C1523: from=<presse@kammer.ru>, size=181955, nrcpt=1 (queue active)
2025-03-25T07:42:17.659455+03:00 pmg01 pmg-smtp-filter[205500]: 9C155667E234299D58A: new mail message-id=<015d9d4f-13a1-4034@b09e-2be4d483ab1a>#012
2025-03-25T07:42:17.662926+03:00 pmg01 postfix/smtpd[206058]: disconnect from mail-germanywestcentralazrln10220002.outbound.protection.outlook.com[52.103.176.2] ehlo=1 mail=1 rcpt=1 bdat=1 quit=1 commands=5
2025-03-25T07:42:22.053679+03:00 pmg01 pmg-smtp-filter[205500]: 9C155667E234299D58A: SA score=6/5 time=4.318 bayes=undefined autolearn=no autolearn_force=no hits=ARC_SIGNED(0.001),ARC_VALID(0.001),AWL(0.243),DKIM_INVALID(0.1),DKIM_SIGNED(0.1),DMARC_QUAR(0.1),HTML_FONT_LOW_CONTRAST(0.001),HTML_MESSAGE(0.001),KAM_DMARC_QUARANTINE(3),KAM_DMARC_STATUS(0.01),KAM_EU(0.5),KAM_SHORT(0.001),LONGLN_LOW_CONTRAST(2.499),MAILING_LIST_MULTI(-1),MIME_QP_LONG_LINE(0.001),RCVD_IN_DNSWL_NONE(-0.0001),SPF_HELO_FAIL(0.001),SPF_SOFTFAIL(0.972),T_TVD_FUZZY_SECTOR(0.01)
2025-03-25T07:42:22.061337+03:00 pmg01 pmg-smtp-filter[205500]: 9C155667E234299D58A: moved mail for <Elena.Kovalchuk@roto-frank.ru> to spam quarantine - 9C156967E2342E0DE46 (rule: Quarantine/Mark Spam (Level 6))
2025-03-25T07:42:22.063592+03:00 pmg01 pmg-smtp-filter[205500]: 9C155667E234299D58A: processing time: 4.415 seconds (4.318, 0.073, 0)
2025-03-25T07:42:22.063978+03:00 pmg01 postfix/lmtp[206064]: 5F71A9C1523: to=<Elena.Kovalchuk@roto-frank.ru>, relay=127.0.0.1[127.0.0.1]:10024, delay=4.7, delays=0.21/0.01/0.04/4.4, dsn=2.5.0, status=sent (250 2.5.0 OK (9C155667E234299D58A))
2025-03-25T07:42:22.064408+03:00 pmg01 postfix/qmgr[656]: 5F71A9C1523: removed

Example 2
In this case IP [52.103.176.1] is added to WL as piece of IP-network [52.100.0.0/14]

2025-03-25T08:22:39.894911+03:00 pmg01 postfix/smtpd[206350]: connect from mail-germanywestcentralazrln10220001.outbound.protection.outlook.com[52.103.176.1]
2025-03-25T08:22:39.995867+03:00 pmg01 postfix/smtpd[206350]: F31799C154A: client=mail-germanywestcentralazrln10220001.outbound.protection.outlook.com[52.103.176.1]
2025-03-25T08:22:40.094163+03:00 pmg01 postfix/cleanup[206354]: F31799C154A: message-id=<574b17$248rd@esa2.hc1889-39.eu.iphmx.com>
2025-03-25T08:22:40.192362+03:00 pmg01 postfix/qmgr[656]: F31799C154A: from=<open@garant.ru>, size=125336, nrcpt=1 (queue active)
2025-03-25T08:22:40.246487+03:00 pmg01 pmg-smtp-filter[206069]: 9C155E67E23DA039B36: new mail message-id=<574b17$248rd@esa2.hc1889-39.eu.iphmx.com>#012
2025-03-25T08:22:40.260098+03:00 pmg01 postfix/smtpd[206350]: disconnect from mail-germanywestcentralazrln10220001.outbound.protection.outlook.com[52.103.176.1] ehlo=1 mail=1 rcpt=1 bdat=1 quit=1 commands=5
2025-03-25T08:22:45.492403+03:00 pmg01 pmg-smtp-filter[206069]: 9C155E67E23DA039B36: SA score=8/5 time=5.201 bayes=undefined autolearn=no autolearn_force=no hits=ARC_SIGNED(0.001),ARC_VALID(0.001),DKIM_SIGNED(0.1),DKIM_VALID(-0.1),DMARC_REJECT(0.1),HTML_MESSAGE(0.001),KAM_DMARC_REJECT(6),MIME_HTML_ONLY(0.1),MPART_ALT_DIFF(0.724),MSGID_FROM_MTA_HEADER(0.001),RCVD_IN_DNSWL_NONE(-0.0001),SPF_FAIL(0.919),SPF_HELO_FAIL(0.001),SUBJ_ALL_CAPS(0.5)
2025-03-25T08:22:45.500380+03:00 pmg01 pmg-smtp-filter[206069]: 9C155E67E23DA039B36: moved mail for <Aleksandr.Lanzov@roto-frank.ru> to spam quarantine - 9C156767E23DA578FCF (rule: Quarantine/Mark Spam (Level 6))
2025-03-25T08:22:45.502397+03:00 pmg01 pmg-smtp-filter[206069]: 9C155E67E23DA039B36: processing time: 5.263 seconds (5.201, 0.042, 0)
2025-03-25T08:22:45.502729+03:00 pmg01 postfix/lmtp[206355]: F31799C154A: to=<Aleksandr.Lanzov@roto-frank.ru>, relay=127.0.0.1[127.0.0.1]:10024, delay=5.5, delays=0.2/0/0.04/5.3, dsn=2.5.0, status=sent (250 2.5.0 OK (9C155E67E23DA039B36))
2025-03-25T08:22:45.503144+03:00 pmg01 postfix/qmgr[656]: F31799C154A: removed

Skorpiuz · Tuesday at 07:16

Here is screens from Global WL. The same picture in SMTP WL too.

Screen 1

Screen 2

Screen 3

Skorpiuz · Tuesday at 07:48

I don't understand, some messages are delivered normal, but other put to the quarantine from the same domain.

Stoiko Ivanov · Tuesday at 09:39

How are the priorities and configuration of your actual rules? - what is Quarantine/Mark Spam (Level 6), what is your Whitelist rule?
(`pmgdb dump --rules active` provides a text overview)

Skorpiuz · Tuesday at 11:34

Her it is.

RULE 4 (prio: 98, in, ACTIVE): Blacklist
FROM group 2 (and=0, invert=0): Blacklist
OBJECT Mail address 1: nomail@fromthisdomain.com
ACTION group 18: Block
OBJECT Block 30: block message
RULE 2 (prio: 96, in, ACTIVE): Block Viruses
WHAT group 9 (and=0, invert=0): Virus
OBJECT Virus Filter 21: active
ACTION group 19: Quarantine
OBJECT Quarantine 31: Move to quarantine.
ACTION group 20: Notify Admin
OBJECT Notification 32: notify __ADMIN__
RULE 1 (prio: 93, in, ACTIVE): Block Dangerous Files
WHAT group 8 (and=0, invert=0): Dangerous Content
OBJECT ContentType Filter 16: content-type=application/javascript
OBJECT ContentType Filter 17: content-type=application/x-executable
OBJECT ContentType Filter 15: content-type=application/x-java
OBJECT ContentType Filter 14: content-type=application/x-ms-dos-executable
OBJECT ContentType Filter 18: content-type=message/partial
OBJECT Match Filename 19: filename=.*\.(vbs|pif|lnk|shs|shb)
OBJECT Match Filename 20: filename=.*\.\{.+\}
ACTION group 15: Remove attachments
OBJECT Remove attachments 27: remove matching attachments
RULE 5 (prio: 90, in, ACTIVE): Modify Header
ACTION group 13: Modify Spam Level
OBJECT Header Attribute 25: modify field: X-SPAM-LEVEL:__SPAM_INFO__
RULE 6 (prio: 90, in, ACTIVE): Whitelist
FROM group 3 (and=1, invert=0): Whitelist
OBJECT Domain 381: 1-ofd.ru
OBJECT Domain 49: aeroflot.ru
OBJECT Domain 50: afs-federhenn.de
OBJECT Domain 51: alkuta.ru
OBJECT Domain 53: almo-ags.ru
OBJECT Domain 52: almo.systems
OBJECT Domain 54: alt.by
OBJECT Domain 55: alta.ru
OBJECT Domain 56: altec.ru
OBJECT Domain 57: alustrong.ru
OBJECT Domain 58: alutech-jug.ru
OBJECT Domain 59: alutech-kzn.ru
OBJECT Domain 60: alutechmsk.ru
OBJECT Domain 61: aluvision.ru
OBJECT Domain 62: amngt.ru
OBJECT Domain 63: apkada.ru
OBJECT Domain 64: app-rus.org
OBJECT Domain 65: atomstroyrezerv.ru
OBJECT Domain 66: b1.ru
OBJECT Domain 67: beeline.ru
OBJECT Domain 69: bk-engineering.ru
OBJECT Domain 68: bk.ru
OBJECT Domain 403: bleskincare.ru
OBJECT Domain 369: bounce-sg.zoom.us
OBJECT Domain 382: bounce.linkedin.com
OBJECT Domain 70: bqb.ru.com
OBJECT Domain 71: brusnika.ru
OBJECT Domain 72: cctcom.ru
OBJECT Domain 73: centaurus.com.ru
OBJECT Domain 74: centr-prioritet.ru
OBJECT Domain 75: collini.eu
OBJECT Domain 37: croc.ru
OBJECT Domain 76: ctm.ru
OBJECT Domain 77: customs.ru
OBJECT Domain 78: db.com
OBJECT Domain 79: deceuninck.com
OBJECT Domain 80: deceuninck.ru
OBJECT Domain 81: decorprof.am
OBJECT Domain 82: deklarantonline.ru
OBJECT Domain 375: directcrm.ru
OBJECT Domain 83: dirinler.com.tr
OBJECT Domain 84: doko.ru
OBJECT Domain 85: dsinv.ru
OBJECT Domain 373: e.skillbox.ru
OBJECT Domain 371: e6.expertsender.com
OBJECT Domain 86: eastwinsz.com
OBJECT Domain 87: edata.customs.ru
OBJECT Domain 88: elumatec.com
OBJECT Domain 89: elumatec.ru
OBJECT Domain 90: epam.ru
OBJECT Domain 91: eu.agc.com
OBJECT Domain 92: eu.agc.ru
OBJECT Domain 93: excont.ru
OBJECT Domain 94: fensterra.ru
OBJECT Domain 95: flex.ru
OBJECT Domain 96: fortisflex.ru
OBJECT Domain 97: fwm.biz
OBJECT Domain 98: garant.ru
OBJECT Domain 99: geksagon.ru
OBJECT Domain 100: gip-pro.ru
OBJECT Domain 45: gmail.com
OBJECT Domain 405: gosuslugi.ru
OBJECT Domain 101: gsm.group
OBJECT Domain 378: high-pm.com
OBJECT Domain 102: ideco.ru
OBJECT Domain 103: inicial.ru
OBJECT Domain 104: ite.events
OBJECT Domain 372: jungheinrich.ru
OBJECT Domain 105: just-skills.ru
OBJECT Domain 380: justeml.com
OBJECT Domain 106: kammer.ru
OBJECT Domain 107: klaes.com
OBJECT Domain 108: komplekt-plus.ru
OBJECT Domain 109: kontur.ru
OBJECT Domain 110: kortros.ru
OBJECT Domain 111: krauss-premium.ru
OBJECT Domain 113: ks-online.ru
OBJECT Domain 112: ksbiaoxin.com
OBJECT Domain 114: landal.pro
OBJECT Domain 367: lavillahospitality.com
OBJECT Domain 115: legalsw.ru
OBJECT Domain 116: lesprom2000.cbx.ru
OBJECT Domain 383: linkedin.com
OBJECT Domain 117: lkw-walter.com
OBJECT Domain 118: loxx.de
OBJECT Domain 401: mail.otruda-mail.ru
OBJECT Domain 46: mail.ru
OBJECT Domain 370: mail.s-otruda-client.ru
OBJECT Domain 363: mail.sendsay.ru
OBJECT Domain 119: maps5.ru
OBJECT Domain 120: masttech.ru
OBJECT Domain 121: microsoft.com
OBJECT Domain 122: mitlis.ru
OBJECT Domain 123: mkb.ru
OBJECT Domain 377: mosbizclub.ru
OBJECT Domain 125: moscow-export.ru
OBJECT Domain 124: moscow.ctm.ru
OBJECT Domain 126: mts.by
OBJECT Domain 127: mts.ru
OBJECT Domain 39: n-dbc.ru
OBJECT Domain 128: ng-grp.ru
OBJECT Domain 129: noytech.com
OBJECT Domain 130: ocs-spedition.de
OBJECT Domain 132: okna-peter.ru
OBJECT Domain 131: oknamaster.ru
OBJECT Domain 133: oknastar.ru
OBJECT Domain 134: onlineuniver.ru
OBJECT Domain 135: ost-term.ru
OBJECT Domain 136: otpbank.ru
OBJECT Domain 137: pakt-group.ru
OBJECT Domain 138: partnery-audit.com
OBJECT Domain 139: phototech.ru
OBJECT Domain 140: picaso-3d.ru
OBJECT Domain 141: pik.ru
OBJECT Domain 142: pmfz.ru
OBJECT Domain 143: polimer76.ru
OBJECT Domain 144: polipak.ru
OBJECT Domain 145: profildekor.ru
OBJECT Domain 376: r-call.ru
OBJECT Domain 146: rambler.ru
OBJECT Domain 147: realit-obninsk.ru
OBJECT Domain 148: rehau.com
OBJECT Domain 149: rehau.ru
OBJECT Domain 150: remontkomputerov-elstal.ru
OBJECT Domain 151: rhenus.com
OBJECT Domain 152: rhsolutions.ru
OBJECT Domain 153: rimalog.com
OBJECT Domain 154: rostal.ru
OBJECT Domain 155: roto-frank.com
OBJECT Domain 156: rotofrank.mail.onmicrosoft.com
OBJECT Domain 157: rtd-com.ru
OBJECT Domain 158: rusokon.ru
OBJECT Domain 159: russland-ahk.ru
OBJECT Domain 364: sendsay.ru
OBJECT Domain 160: severstal.com
OBJECT Domain 379: sh22854.ispgateway.de
OBJECT Domain 399: sharepointonline.com
OBJECT Domain 161: sial-group.ru
OBJECT Domain 162: sial-p.ru
OBJECT Domain 374: skillbox.ru
OBJECT Domain 163: sminex.com
OBJECT Domain 164: sminex.ru
OBJECT Domain 165: sofinet.ru
OBJECT Domain 166: softline.com
OBJECT Domain 167: sskindustry.ru
OBJECT Domain 168: tatprof.ru
OBJECT Domain 169: tbm.by
OBJECT Domain 170: tbm.ru
OBJECT Domain 171: tc-hrjs.com
OBJECT Domain 172: timepad.ru
OBJECT Domain 173: tppmo.ru
OBJECT Domain 174: tpprf.ru
OBJECT Domain 175: ts-grp.ru
OBJECT Domain 176: twf.su
OBJECT Domain 177: ucg.ru
OBJECT Domain 178: unikaplast.ru
OBJECT Domain 179: uniwave.eu
OBJECT Domain 182: vbh-sib.ru
OBJECT Domain 180: vbh.by
OBJECT Domain 181: vbh.ru
OBJECT Domain 183: veka.com
OBJECT Domain 184: veka.ru
OBJECT Domain 185: velko.ru
OBJECT Domain 186: viaferrata.su
OBJECT Domain 187: vidnal.ru
OBJECT Domain 188: weidtmann.com.cn
OBJECT Domain 189: wintecs.by
OBJECT Domain 190: wooder.by
OBJECT Domain 191: yandex.ru
OBJECT Domain 192: zettains.ru
OBJECT Domain 40: zoom.us
OBJECT IP Address 362: 194.165.202.64
OBJECT IP Address 361: 194.165.205.150
OBJECT IP Network 342: 104.47.0.0/17
OBJECT IP Network 351: 195.124.36.64/26
OBJECT IP Network 349: 195.125.241.16/28
OBJECT IP Network 338: 40.107.0.0/16
OBJECT IP Network 337: 40.92.0.0/15
OBJECT IP Network 339: 52.100.0.0/14
OBJECT IP Network 350: 62.154.217.0/27
ACTION group 17: Accept
OBJECT Accept 29: accept message
RULE 14 (prio: 82, in, ACTIVE): Quarantine/Mark Spam (Level 6)
WHAT group 25 (and=0, invert=0): Spam (Level 6)
OBJECT Spam Filter 48: Level 6
ACTION group 14: Modify Spam Subject
OBJECT Header Attribute 26: modify field: subject:SPAM: __SUBJECT__
ACTION group 19: Quarantine
OBJECT Quarantine 31: Move to quarantine.

Stoiko Ivanov · Tuesday at 12:24

Skorpiuz said:
FROM group 3 (and=1, invert=0): Whitelist

you have selected "All Match" for your Whitelist who object... - that is most likely the issue

Search

Search

Mails from whitelisted domain goes to quarantine

Skorpiuz

New Member

Skorpiuz

New Member

Stoiko Ivanov

Proxmox Staff Member

Skorpiuz

New Member

Stoiko Ivanov

Proxmox Staff Member

Skorpiuz

New Member

Skorpiuz

New Member

Skorpiuz

New Member

Stoiko Ivanov

Proxmox Staff Member

Skorpiuz

New Member

Stoiko Ivanov

Proxmox Staff Member

We value your privacy