[SOLVED] A mail filter is not honored

O

OlivierF

New Member
Oct 21, 2020
7
1
3
52
France
Hello,

I created a rule based on domains and referenced in a 'Who object'. But some emails are not catched by this rule.

This the object I define with a list of domains :
1608566178315.png

and I use it in this rule :
1608566192765.png

And this is a mail sample that didn't be catched by the rule (I anonymized the email and replaced my domain that list in the 'Who Object' with 'mydomain.fr') :

Code: 
Delivered-To: martin.dupont@mydomain.fr
Return-Path:
Received: from SRV1.mydomain.loc (SRV1.mydomain.loc [x.x.x.x])
    by srv5.mydomain.loc (Proxmox) with ESMTP id D35D21605BD
    for <martin.dupont@mydomain.fr>; Sun, 20 Dec 2020 10:00:58 +0100 (CET)
From: Myapp@mydomain.fr
To: Martin DUPONT <martin.dupont@mydomain.fr>
Subject: [Projets] - Nouveau projet
Date: Sun, 20 Dec 2020 10:00:58 +0100
X-MailFwdBy: CN=Martin DUPONT/OU=XXX/O=MYCOMPANY
Auto-Submitted: auto-forwarded
Message-ID: <OFBBE1880E.6830DAF9-ONC1258644.003186ED@tech.mydomain.loc>
MIME-Version: 1.0
Content-type: text/html; charset=ISO-8859-1
Content-Disposition: inline
Content-transfer-encoding: quoted-printable

The most of the email emitted with a sender in mydomain.fr are catch by this rule, and some of them not.

Any idea ? How to set a debug mode ?

Regards.
 
The action in the screenshot of the rule is 'ACCEPT' - should the mail have been accepted?

In any case please post the complete log of the mail (anonymize only what you must, and only in a way that we still understand what's going on)
 
OlivierF said:
Hi @Stoiko Ivanov , what do you mean by a complete log ? I posted all the header, do you want the content also ?
Click to expand...
the mail.log - the part of the mail-delivery log for this message - what you get in the Message Tracking Center for that particular mail - there you'll which rule triggered

The Return-path being empty probably indicates that this message had not envelop-sender (a.k.a. bounce-message) - that would explain the not matching of the who 'From' object - but the log would show that more clearly
 
Here a new mail sample and trace log :

Code: 
Delivered-To: my.recipient@mydomain.fr
Return-Path:
Received: from passv2.mydomain.local (clbcluster.mydomain.local [x.x.x.2])
    by srv5.mydomain.local (Proxmox) with ESMTP id 1FE07161E70
    for <my.recipient@mydomain.fr>; Mon, 21 Dec 2020 15:39:50 +0100 (CET)
From: my.sender@mydomain.fr
Date: Mon, 21 Dec 2020 15:39:48 +0100
Subject: =?ISO-8859-1?Q?Nicorosi_-_locaux?=
To: User X <my.recipient@mydomain.fr>
MIME-Version: 1.0
Message-ID: <OFC1257C05.00570A28-ONC1258645.00508CA3@tech.mydomain.com>
X-MailFwdBy: CN=User X/O=MYORG/C=FR
Auto-Submitted: auto-forwarded

Trace :
Code: 
Dec 21 15:39:50 srv5 postfix/smtpd[24480]: connect from clbcluster.mydomain.local[x.x.x.2]
Dec 21 15:39:50 srv5 postfix/smtpd[24480]: 1DA18161E6F: client=clbcluster.mydomain.local[x.x.x.2]
Dec 21 15:39:50 srv5 postfix/smtpd[24480]: 1FE07161E70: client=clbcluster.mydomain.local[x.x.x.2]
Dec 21 15:39:50 srv5 postfix/cleanup[24485]: 1FE07161E70: message-id=<OFC1257C05.00570A28-ONC1258645.00508CA3@tech.mydomain.com>
Dec 21 15:39:50 srv5 postfix/qmgr[10179]: 1FE07161E70: from=<>, size=1409, nrcpt=1 (queue active)
Dec 21 15:39:50 srv5 postfix/smtpd[24480]: disconnect from clbcluster.mydomain.local[x.x.x.2] ehlo=1 mail=2 rcpt=2 data=2 quit=1 commands=8
Dec 21 15:39:50 srv5 pmg-smtp-filter[24567]: 161E725FE0B3B63C377: new mail message-id=<OFC1257C05.00570A28-ONC1258645.00508CA3@tech.mydomain.com>#012
Dec 21 15:40:17 srv5 pmg-smtp-filter[24567]: 161E725FE0B3B63C377: moved mail for <my.recipient@mydomain.fr> to spam quarantine - 161E775FE0B3D16EFBF (rule: Outgoing - Quarantine wrong senders)
Dec 21 15:40:17 srv5 pmg-smtp-filter[24567]: 161E725FE0B3B63C377: processing time: 27.479 seconds (0, 27.156, 0)
Dec 21 15:40:17 srv5 postfix/lmtp[24486]: 1FE07161E70: to=<my.recipient@mydomain.fr>, relay=127.0.0.1[127.0.0.1]:10023, delay=28, delays=0.01/0/0.11/27, dsn=2.5.0, status=sent (250 2.5.0 OK (161E725FE0B3B63C377))
Dec 21 15:40:17 srv5 postfix/qmgr[10179]: 1FE07161E70: removed

It's confusing because there's a 'From' field filled in the header and the trace display a 'from=<>' in the 5th line !?
 
Last edited:
OlivierF said:
It's confusing because there's a 'From' field filled in the header and the trace display a 'from=<>' in the 5th line !?
Click to expand...
Yes - it took me quite a while as well to get used to the difference between Envelope-from (a.k.a. Return-Path, a.k.a. bounce-address) and the From header (a.k.a RFC5322.From)

Both don't need to be equal (and there are many legitimate cases where they are not - e.g. mailinglists)

If you want to block in a From-header address you need to use a 'What Object' - Match Field - Field = 'From', value - a regular expression matching the addressess you want to block/accept

https://pmg.proxmox.com/pmg-docs/pmg-admin-guide.html#pmg_mailfilter_what
https://pmg.proxmox.com/pmg-docs/pmg-admin-guide.html#pmg_mailfilter_regex

I hope this helps!
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom