[SOLVED] blacklist domain not working

[Jacky Li]

Hi,

I added the domain bluestatedigital.com to my blacklist. Emails is still coming from that domain. Blacklist is the first one to block on the PMG filter. Any ideas why it doesn't block that domain (and its sub-domains)? Thank you.

Here is an example header of the email:

Jan 30 03:06:18 uhhepgw postfix/smtpd[3807]: connect from mta-dock-front-11.bluestatedigital.com[66.151.230.134]
Jan 30 03:06:19 uhhepgw postfix/smtpd[3807]: Anonymous TLS connection established from mta-dock-front-11.bluestatedigital.com[66.151.230.134]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Jan 30 03:06:20 uhhepgw postfix/smtpd[3807]: 20D0E26DF1: client=mta-dock-front-11.bluestatedigital.com[66.151.230.134]
Jan 30 03:06:20 uhhepgw postfix/cleanup[3813]: 20D0E26DF1: message-id=<2ae32c633296d481d700172e98b0693b@bounce.bluestatedigital.com>
Jan 30 03:06:21 uhhepgw postfix/qmgr[909]: 20D0E26DF1: from=<AQRRVGpTUQ0BVlVTBgBQUVZcAgEMPgNSCnlCC09HGwwEEldcCkoDUBA6BgcAUg@bounce.bluestatedigital.com>, size=36361, nrcpt=1 (queue active)
Jan 30 03:06:21 uhhepgw postfix/smtpd[3807]: disconnect from mta-dock-front-11.bluestatedigital.com[66.151.230.134] ehlo=2 starttls=1 mail=1 rcpt=1 data=1 quit=1 commands=7
Jan 30 03:06:21 uhhepgw pmg-smtp-filter[3739]: 400635E32D4CD1512E: new mail message-id=<2ae32c633296d481d700172e98b0693b@bounce.bluestatedigital.com>#012
Jan 30 03:06:26 uhhepgw pmg-smtp-filter[3739]: 400635E32D4CD1512E: SA score=2/5 time=5.585 bayes=0.00 autolearn=no autolearn_force=no hits=AWL(-2.297),BAYES_00(-1.9),DCC_CHECK(1.1),DCC_REPUT_70_89(0.1),DKIM_SIGNED(0.1),DKIM_VALID(-0.1),DKIM_VALID_AU(-0.1),HEADER_FROM_DIFFERENT_DOMAINS(0.25),HTML_FONT_LOW_CONTRAST(0.001),HTML_MESSAGE(0.001),KAM_SHORT(0.001),RCVD_IN_DNSWL_NONE(-0.0001),RCVD_IN_MSPIKE_H3(0.001),RCVD_IN_MSPIKE_WL(0.001),SCHAALIT_HEADER_1815(5),SPF_HELO_NONE(0.001),SPF_PASS(-0.001),T_KAM_HTML_FONT_INVALID(0.01)
Jan 30 03:06:26 uhhepgw postfix/smtpd[3822]: connect from localhost.localdomain[127.0.0.1]
Jan 30 03:06:26 uhhepgw postfix/smtpd[3822]: E8EFF26DF2: client=localhost.localdomain[127.0.0.1], orig_client=mta-dock-front-11.bluestatedigital.com[66.151.230.134]
Jan 30 03:06:26 uhhepgw postfix/cleanup[3813]: E8EFF26DF2: message-id=<2ae32c633296d481d700172e98b0693b@bounce.bluestatedigital.com>
Jan 30 03:06:26 uhhepgw postfix/qmgr[909]: E8EFF26DF2: from=<SRS0=TXyV=3T=bounce.bluestatedigital.com=AQRRVGpTUQ0BVlVTBgBQUVZcAgEMPgNSCnlCC09HGwwEEldcCkoDUBA6BgcAUg@exmx.hi.edu>, size=37958, nrcpt=1 (queue active)
Jan 30 03:06:26 uhhepgw pmg-smtp-filter[3739]: 400635E32D4CD1512E: accept mail to <receiver1@exmx.hi.edu> (E8EFF26DF2) (rule: default-accept)
Jan 30 03:06:26 uhhepgw postfix/smtpd[3822]: disconnect from localhost.localdomain[127.0.0.1] ehlo=1 xforward=1 mail=1 rcpt=1 data=1 commands=5
Jan 30 03:06:26 uhhepgw pmg-smtp-filter[3739]: 400635E32D4CD1512E: processing time: 5.874 seconds (5.585, 0.223, 0)
Jan 30 03:06:26 uhhepgw postfix/lmtp[3814]: 20D0E26DF1: to=<receiver1@exmx.hi.edu>, relay=127.0.0.1[127.0.0.1]:10024, delay=7.1, delays=1.2/0.01/0/5.9, dsn=2.5.0, status=sent (250 2.5.0 OK (400635E32D4CD1512E))
Jan 30 03:06:26 uhhepgw postfix/qmgr[909]: 20D0E26DF1: removed

 

[Stoiko Ivanov]

The Domain object is just for an exact match - if you want to match also all subdomains (since this mail seems like coming from bounce.bluestatedigital.com) use a regex (check the reference documentation at [0])

[0] https://pmg.proxmox.com/pmg-docs/pmg-admin-guide.html#pmg_mailfilter_who

 

[Jacky Li]

Thanks. I ended with a regex expression to catch that domain and the rest.