[SOLVED] Adding whitelisted entries before all others

D

dthompson

Well-Known Member
Nov 23, 2011
146
15
58
Canada
www.digitaltransitions.ca
Hi all,

Is there any way that I can have any objects that users themselves have whitelisted or the global whitelist over ride and be delivered. I have some domains that are getting flagged and even though that they have added the emails to their own whitelist, and I've added both the domain and email addresses to the global whitelist, they are still getting quarantined on the users.

Some of the messages are getting flagged such as:
Spam detection results: 0
AWL -0.081 Adjusted score from AWL reputation of From: address
BAYES_00 -1.9 Bayes spam probability is 0 to 1%
DKIM_INVALID 0.1 DKIM or DK signature exists, but is not valid
DKIM_SIGNED 0.1 Message has a DKIM or DK signature, not necessarily valid
HTML_MESSAGE 0.001 HTML included in message
KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment
LOTS_OF_MONEY 0.001 Huge... sums of money
RCVD_IN_DNSWL_NONE -0.0001 Sender listed at https://www.dnswl.org/, no trust
RCVD_IN_MSPIKE_H2 -0.001 Average reputation (+2)
SPF_HELO_PASS -0.001 SPF: HELO matches SPF record
SPF_PASS -0.001 SPF: sender matches SPF record
T_SCC_BODY_TEXT_LINE -0.01 -


^^ This domain has some issues with SPF / DKIM / DMARC, however there should be a way for me to override those and allow delivery.

Is there anyway to get the whitelists to respond first before the other mechanisms kick in start blocking the emails?

Its getting tiresome telling the customers that "this isn't an issue on our end but theirs" as the customer doesn't care, they just want to get the emails from them that they whitelist and quite frankly, I agree that they absolutely should. If they deem those emails are safe, or we add them to the global white list, then it should over ride all other mechanisms.

Did I miss something in setting this up?
Thanks.
 
I think this is what you're looking for:

Feb 14 14:02:29 swarmx1 postfix/postscreen[458389]: CONNECT from [40.107.67.89]:59844 to [192.168.11.218]:25
Feb 14 14:02:29 swarmx1 postfix/postscreen[458389]: WHITELISTED [40.107.67.89]:59844
Feb 14 14:02:29 swarmx1 postfix/smtpd[472577]: connect from mail-eopbgr670089.outbound.protection.outlook.com[40.107.67.89]
Feb 14 14:02:29 swarmx1 postfix/smtpd[472577]: Anonymous TLS connection established from mail-eopbgr670089.outbound.protection.outlook.com[40.107.67.89]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Feb 14 14:02:29 swarmx1 postfix/smtpd[472577]: C84A461EB5: client=mail-eopbgr670089.outbound.protection.outlook.com[40.107.67.89]
Feb 14 14:02:29 swarmx1 postfix/cleanup[472414]: C84A461EB5: message-id=<YT3PR01MB4964733F159DD725A6744217A9339@YT3PR01MB4964.CANPRD01.PROD.OUTLOOK.COM>
Feb 14 14:02:29 swarmx1 postfix/qmgr[139313]: C84A461EB5: from=<will@drinkpartake.com>, size=1663582, nrcpt=2 (queue active)
Feb 14 14:02:29 swarmx1 pmg-smtp-filter[472726]: 2022/02/14-14:02:29 CONNECT TCP Peer: "[127.0.0.1]:57610" Local: "[127.0.0.1]:10024"
Feb 14 14:02:29 swarmx1 postfix/smtpd[472577]: disconnect from mail-eopbgr670089.outbound.protection.outlook.com[40.107.67.89] ehlo=2 starttls=1 mail=1 rcpt=2 bdat=1 quit=1 commands=8
Feb 14 14:02:29 swarmx1 pmg-smtp-filter[472726]: 61EB7620AA745E3D18: new mail message-id=<YT3PR01MB4964733F159DD725A6744217A9339@YT3PR01MB4964.CANPRD01.PROD.OUTLOOK.COM>
Feb 14 14:02:30 swarmx1 pmg-smtp-filter[472940]: 61EB0620AA744CEE71: SA score=0/5 time=1.422 bayes=0.00 autolearn=no autolearn_force=no hits=AWL(-2.338),BAYES_00(-1.9),DKIM_SIGNED(0.1),DKIM_VALID(-0.1),DKIM_VALID_AU(-0.1),HTML_FONT_LOW_CONTRAST(0.001),HTML_IMAGE_RATIO_06(0.001),HTML_MESSAGE(0.001),KAM_SOMETLD_ARE_BAD_TLD(5),MARKETING_PARTNERS(0.001),RCVD_IN_DNSWL_NONE(-0.0001),RCVD_IN_MSPIKE_H2(-0.001),SPF_HELO_PASS(-0.001),SPF_PASS(-0.001),T_SCC_BODY_TEXT_LINE(-0.01)
Feb 14 14:02:30 swarmx1 postfix/smtpd[471896]: connect from localhost.localdomain[127.0.0.1]
Feb 14 14:02:30 swarmx1 postfix/smtpd[471896]: 56F7061EB9: client=localhost.localdomain[127.0.0.1], orig_client=gridf42.slgnt.us[91.230.179.42]
Feb 14 14:02:30 swarmx1 postfix/cleanup[472381]: 56F7061EB9: message-id=<PATT3L128_1004368_mGPOb814rI5mOio5nbicLnaUd9-mq-9P3ioOKQ5T2i9VkgryQRe2lnFxHvsyUj9We2oLp4LLAnsOuU314UXVwcRJ2uEAuDktVXFBMpYdzhUlos/iaLBc0TnsSx1BCAOH.6E9F@gridf42.slgnt.us>
Feb 14 14:02:30 swarmx1 postfix/qmgr[139313]: 56F7061EB9: from=<cricut@em.cricut.com>, size=40222, nrcpt=1 (queue active)
 
dthompson said:
I think this is what you're looking for:
Click to expand...
part of it - it's missing the line where pmg-smtp-filter says which rules triggered - and it;'s also missing the outbound connection to your downstream server
 
Sorry about that. I think this is it. I've snipped out a couple other emails in-between for other email addresses. I can include those as well if needed, but I don't think they are:


Feb 14 14:02:28 swarmx1 pmg-smtp-filter[472940]: 2022/02/14-14:02:28 CONNECT TCP Peer: "[127.0.0.1]:57608" Local: "[127.0.0.1]:10024"
Feb 14 14:02:28 swarmx1 pmg-smtp-filter[472940]: 61EB0620AA744CEE71: new mail message-id=<PATT3L128_1004368_mGPOb814rI5mOio5nbicLnaUd9-mq-9P3ioOKQ5T2i9VkgryQRe2lnFxHvsyUj9We2oLp4LLAnsOuU314UXVwcRJ2uEAuDktVXFBMpYdzhUlos/iaLBc0TnsSx1BCAOH.6E9F@gridf42.slgnt.us>#012

Feb 14 14:02:29 swarmx1 postfix/postscreen[458389]: CONNECT from [40.107.67.89]:59844 to [192.168.11.218]:25
Feb 14 14:02:29 swarmx1 postfix/postscreen[458389]: WHITELISTED [40.107.67.89]:59844
Feb 14 14:02:29 swarmx1 postfix/smtpd[472577]: connect from mail-eopbgr670089.outbound.protection.outlook.com[40.107.67.89]
Feb 14 14:02:29 swarmx1 postfix/smtpd[472577]: Anonymous TLS connection established from mail-eopbgr670089.outbound.protection.outlook.com[40.107.67.89]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Feb 14 14:02:29 swarmx1 postfix/smtpd[472577]: C84A461EB5: client=mail-eopbgr670089.outbound.protection.outlook.com[40.107.67.89]
Feb 14 14:02:29 swarmx1 postfix/cleanup[472414]: C84A461EB5: message-id=<YT3PR01MB4964733F159DD725A6744217A9339@YT3PR01MB4964.CANPRD01.PROD.OUTLOOK.COM>

Feb 14 14:02:29 swarmx1 postfix/qmgr[139313]: C84A461EB5: from=<will@drinkpartake.com>, size=1663582, nrcpt=2 (queue active)
Feb 14 14:02:29 swarmx1 pmg-smtp-filter[472726]: 2022/02/14-14:02:29 CONNECT TCP Peer: "[127.0.0.1]:57610" Local: "[127.0.0.1]:10024"
Feb 14 14:02:29 swarmx1 postfix/smtpd[472577]: disconnect from mail-eopbgr670089.outbound.protection.outlook.com[40.107.67.89] ehlo=2 starttls=1 mail=1 rcpt=2 bdat=1 quit=1 commands=8
Feb 14 14:02:29 swarmx1 pmg-smtp-filter[472726]: 61EB7620AA745E3D18: new mail message-id=<YT3PR01MB4964733F159DD725A6744217A9339@YT3PR01MB4964.CANPRD01.PROD.OUTLOOK.COM>#012
Feb 14 14:02:30 swarmx1 pmg-smtp-filter[472940]: 61EB0620AA744CEE71: SA score=0/5 time=1.422 bayes=0.00 autolearn=no autolearn_force=no hits=AWL(-2.338),BAYES_00(-1.9),DKIM_SIGNED(0.1),DKIM_VALID(-0.1),DKIM_VALID_AU(-0.1),HTML_FONT_LOW_CONTRAST(0.001),HTML_IMAGE_RATIO_06(0.001),HTML_MESSAGE(0.001),KAM_SOMETLD_ARE_BAD_TLD(5),MARKETING_PARTNERS(0.001),RCVD_IN_DNSWL_NONE(-0.0001),RCVD_IN_MSPIKE_H2(-0.001),SPF_HELO_PASS(-0.001),SPF_PASS(-0.001),T_SCC_BODY_TEXT_LINE(-0.01)
Feb 14 14:02:30 swarmx1 postfix/smtpd[471896]: connect from localhost.localdomain[127.0.0.1]
Feb 14 14:02:30 swarmx1 postfix/smtpd[471896]: 56F7061EB9: client=localhost.localdomain[127.0.0.1], orig_client=gridf42.slgnt.us[91.230.179.42]
Feb 14 14:02:30 swarmx1 postfix/cleanup[472381]: 56F7061EB9: message-id=<PATT3L128_1004368_mGPOb814rI5mOio5nbicLnaUd9-mq-9P3ioOKQ5T2i9VkgryQRe2lnFxHvsyUj9We2oLp4LLAnsOuU314UXVwcRJ2uEAuDktVXFBMpYdzhUlos/iaLBc0TnsSx1BCAOH.6E9F@gridf42.slgnt.us>

Feb 14 14:02:32 swarmx1 pmg-smtp-filter[472726]: 61EB7620AA745E3D18: SA score=0/5 time=2.107 bayes=0.00 autolearn=no autolearn_force=no hits=AWL(-0.081),BAYES_00(-1.9),DKIM_INVALID(0.1),DKIM_SIGNED(0.1),HTML_MESSAGE(0.001),KAM_DMARC_STATUS(0.01),LOTS_OF_MONEY(0.001),RCVD_IN_DNSWL_NONE(-0.0001),RCVD_IN_MSPIKE_H2(-0.001),SPF_HELO_PASS(-0.001),SPF_PASS(-0.001),T_SCC_BODY_TEXT_LINE(-0.01)
Feb 14 14:02:32 swarmx1 postfix/smtpd[471896]: connect from localhost.localdomain[127.0.0.1]
Feb 14 14:02:32 swarmx1 postfix/smtpd[471896]: 75A6A61DE5: client=localhost.localdomain[127.0.0.1]
Feb 14 14:02:32 swarmx1 postfix/cleanup[472414]: 75A6A61DE5: message-id=<20220214190232.75A6A61DE5@swarmx1.mailhive.ca>
Feb 14 14:02:32 swarmx1 postfix/qmgr[139313]: 75A6A61DE5: from=<postmaster@swarmx1.mailhive.ca>, size=2217, nrcpt=1 (queue active)
Feb 14 14:02:32 swarmx1 postfix/smtpd[471896]: disconnect from localhost.localdomain[127.0.0.1] ehlo=1 mail=1 rcpt=1 data=1 commands=4
Feb 14 14:02:32 swarmx1 pmg-smtp-filter[472726]: 61EB7620AA745E3D18: notify <support@mailhive.ca> (rule: Block Spam, 75A6A61DE5)
Feb 14 14:02:32 swarmx1 postfix/smtp[471959]: Trusted TLS connection established to 192.168.11.220[192.168.11.220]:25: TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)
Feb 14 14:02:32 swarmx1 pmg-smtp-filter[472726]: 61EB7620AA745E3D18: moved mail for <angela@beachesmediaservices.com> to spam quarantine - 61EB0620AA7487775B (rule: Block Spam)
Feb 14 14:02:32 swarmx1 pmg-smtp-filter[472726]: 61EB7620AA745E3D18: moved mail for <suzanne@beachesmediaservices.com> to spam quarantine - 61EB0620AA7487775B (rule: Block Spam)
Feb 14 14:02:32 swarmx1 pmg-smtp-filter[472726]: 61EB7620AA745E3D18: processing time: 2.562 seconds (2.107, 0.359, 0)
Feb 14 14:02:32 swarmx1 postfix/lmtp[471982]: C84A461EB5: to=<angela@beachesmediaservices.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=2.7, delays=0.11/0/0/2.6, dsn=2.5.0, status=sent (250 2.5.0 OK (61EB7620AA745E3D18))
Feb 14 14:02:32 swarmx1 postfix/lmtp[471982]: C84A461EB5: to=<suzanne@beachesmediaservices.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=2.7, delays=0.11/0/0/2.6, dsn=2.5.0, status=sent (250 2.5.0 OK (61EB7620AA745E3D18))
Feb 14 14:02:32 swarmx1 postfix/qmgr[139313]: C84A461EB5: removed
Feb 14 14:02:32 swarmx1 postfix/smtp[471959]: 75A6A61DE5: to=<support@mailhive.ca>, relay=192.168.11.220[192.168.11.220]:25, delay=0.06, delays=0.01/0/0.02/0.03, dsn=2.0.0, status=sent (250 Mail queued for delivery)
Feb 14 14:02:32 swarmx1 postfix/qmgr[139313]: 75A6A61DE5: removed



Thank you.
 
dthompson said:
Feb 14 14:02:32 swarmx1 pmg-smtp-filter[472726]: 61EB7620AA745E3D18: SA score=0/5 time=2.107 bayes=0.00 autolearn=no autolearn_force=no hits=AWL(-0.081),BAYES_00(-1.9),DKIM_INVALID(0.1),DKIM_SIGNED(0.1),HTML_MESSAGE(0.001),KAM_DMARC_STATUS(0.01),LOTS_OF_MONEY(0.001),RCVD_IN_DNSWL_NONE(-0.0001),RCVD_IN_MSPIKE_H2(-0.001),SPF_HELO_PASS(-0.001),SPF_PASS(-0.001),T_SCC_BODY_TEXT_LINE(-0.01)
Click to expand...
that mail has a SpamAssassin score of 0 and yet:
dthompson said:
Feb 14 14:02:32 swarmx1 pmg-smtp-filter[472726]: 61EB7620AA745E3D18: moved mail for <angela@beachesmediaservices.com> to spam quarantine - 61EB0620AA7487775B (rule: Block Spam)
Click to expand...
gets put in quarantine by a rule (not present in the default ruleset) called Block Spam
What exactly does the rule "Block Spam" contain?
 
The Block Spam rule contains:
Action Objects:
Notify Admin
Quarantine

What Objects:
Medical Industry
Phishing Scams
Pornography

The Objects lots of match fields for subjects.

I can turn this off for now and see if that makes a difference.
 
Hope it works out nice - keep us posted!
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back