Block Mail Server Not A domain

Tyger

New Member
Jan 30, 2021
10
0
1
40
Hi,
I want to buy and use your software but I need to know that it's capable to block a mail server not a domain server, I mean, I want to block the server from where that mail are coming, for ex: I receive a mail from *example*@banlist.ro but the mail server from where that mail was sent is *example*.mxserver.ro, how can I block the "mxserver.ro"? I tried every think in blacklist but nothing work. I attached a picture to understand you my explanation.
I'm waiting for an answer from you!

Best regards,
Cristian.
 

Attachments

  • Untitled.png
    Untitled.png
    20.6 KB · Views: 15
Sure, that is possible. The product is freely available for download, so you can simple test.
You have not read all what I posted there, my question is "how can I block a mail server?" you can't tell me that in black list I must write the domain of server from where that kinds of mails arriving because it's doesn't work, in that picture it's a logs from this software and what I want to block is a server not a domain.
 
show your mail filter rules and object
Hi hata_ph, I appreciate your effort to help me, I attached the pictures requested, but please come back to picture from my first post, there I explained that I want to block the server from where the mail it's arriving, in my case i want to block "mxserver.ro" not "banlist.ro", if I block "mxserver.ro" I am blocking automatically "banlist.ro" and every domain that send mail from that server.
 

Attachments

  • object.png
    object.png
    24.1 KB · Views: 16
  • rules.png
    rules.png
    19.7 KB · Views: 16
Last edited:
Noted. Can you provide the spam mail in raw format?
That it's a testing server not a spam server, I own that server and I tested from it, but I want to know if this program can block a mail server not a mail or a domain.
 
You mean this?

Code:
Jan 30 11:11:54 SIDSrvMailGateway03 postfix/smtpd[46298]: warning: hostname cleanserver101.mxserver.ro does not resolve to address 89.44.47.45: Name or service not known
Jan 30 11:11:54 SIDSrvMailGateway03 postfix/smtpd[46298]: connect from unknown[89.44.47.45]
Jan 30 11:11:54 SIDSrvMailGateway03 postfix/smtpd[46298]: C06B320965: client=unknown[89.44.47.45]
Jan 30 11:11:54 SIDSrvMailGateway03 postfix/cleanup[46302]: C06B320965: message-id=<E1l5mID-00053i-Cd@cleanserver1.mxserver.ro>
Jan 30 11:11:54 SIDSrvMailGateway03 postfix/qmgr[4669]: C06B320965: from=<System@BanList.Ro>, size=3146, nrcpt=1 (queue active)
Jan 30 11:11:54 SIDSrvMailGateway03 postfix/smtpd[46298]: disconnect from unknown[89.44.47.45] ehlo=1 mail=1 rcpt=1 bdat=1 quit=1 commands=5
Jan 30 11:11:54 SIDSrvMailGateway03 pmg-smtp-filter[44514]: 209E0601522DAC745E: new mail message-id=<E1l5mID-00053i-Cd@cleanserver1.mxserver.ro>#012
Jan 30 11:11:54 SIDSrvMailGateway03 postfix/smtpd[46307]: connect from localhost.localdomain[127.0.0.1]
Jan 30 11:11:54 SIDSrvMailGateway03 postfix/smtpd[46307]: DA8F1209E5: client=localhost.localdomain[127.0.0.1], orig_client=unknown[89.44.47.45]
Jan 30 11:11:54 SIDSrvMailGateway03 postfix/cleanup[46302]: DA8F1209E5: message-id=<E1l5mID-00053i-Cd@cleanserver1.mxserver.ro>
Jan 30 11:11:54 SIDSrvMailGateway03 postfix/qmgr[4669]: DA8F1209E5: from=<System@BanList.Ro>, size=3397, nrcpt=1 (queue active)
Jan 30 11:11:54 SIDSrvMailGateway03 postfix/smtpd[46307]: disconnect from localhost.localdomain[127.0.0.1] ehlo=1 xforward=1 mail=1 rcpt=1 data=1 commands=5
Jan 30 11:11:54 SIDSrvMailGateway03 pmg-smtp-filter[44514]: 209E0601522DAC745E: accept mail to <cristian.bejan@smartid.ro> (DA8F1209E5) (rule: default-accept)
Jan 30 11:11:54 SIDSrvMailGateway03 pmg-smtp-filter[44514]: 209E0601522DAC745E: processing time: 0.088 seconds (0, 0.037, 0)
Jan 30 11:11:54 SIDSrvMailGateway03 postfix/lmtp[46303]: C06B320965: to=<cristian.bejan@smartid.ro>, relay=127.0.0.1[127.0.0.1]:10024, delay=0.34, delays=0.22/0.02/0/0.09, dsn=2.5.0, status=sent (250 2.5.0 OK (209E0601522DAC745E))
Jan 30 11:11:54 SIDSrvMailGateway03 postfix/qmgr[4669]: C06B320965: removed
Jan 30 11:11:55 SIDSrvMailGateway03 postfix/smtp[46308]: DA8F1209E5: to=<cristian.bejan@smartid.ro>, relay=192.168.200.30[192.168.200.30]:25, delay=0.28, delays=0.01/0.02/0.01/0.24, dsn=2.6.0, status=sent (250 2.6.0 <E1l5mID-00053i-Cd@cleanserver1.mxserver.ro> [InternalId=152771986718729, Hostname=SIDSrvEx01.smartid.local] Queued mail for delivery)
Jan 30 11:11:55 SIDSrvMailGateway03 postfix/qmgr[4669]: DA8F1209E5: removed
 
This is:

Code:
Received: from SIDSrvEx01.smartid.local (192.168.200.30) by
 SIDSrvEx01.smartid.local (192.168.200.30) with Microsoft SMTP Server (TLS) id
 15.0.1497.2 via Mailbox Transport; Mon, 1 Feb 2021 14:14:27 +0200
Received: from SIDSrvEx01.smartid.local (192.168.200.30) by
 SIDSrvEx01.smartid.local (192.168.200.30) with Microsoft SMTP Server (TLS) id
 15.0.1497.2; Mon, 1 Feb 2021 14:14:27 +0200
Received: from SIDSrvMailGateway03.smartid.local (192.168.200.10) by
 SIDSrvEx01.smartid.local (192.168.200.30) with Microsoft SMTP Server id
 15.0.1497.2 via Frontend Transport; Mon, 1 Feb 2021 14:14:27 +0200
Received: from SIDSrvMailGateway03.smartid.local (localhost.localdomain [127.0.0.1])
    by SIDSrvMailGateway03.smartid.local (Proxmox) with ESMTP id A95312068D
    for <cristian.bejan@smartid.ro>; Mon,  1 Feb 2021 14:14:27 +0200 (EET)
Received-SPF: softfail (banlist.ro: Sender is not authorized by default to use 'system@banlist.ro' in 'mfrom' identity, however domain is not currently prepared for false failures (mechanism '~all' matched)) receiver=SIDSrvMailGateway03.smartid.local; identity=mailfrom; envelope-from="system@banlist.ro"; helo=clean203.mxserver.ro; client-ip=176.223.127.109
Received: from clean203.mxserver.ro (clean203.mxserver.ro [176.223.127.109])
    by SIDSrvMailGateway03.smartid.local (Proxmox) with ESMTP id 9207C2066C
    for <cristian.bejan@smartid.ro>; Mon,  1 Feb 2021 14:14:27 +0200 (EET)
Received: from cloud417.mxserver.ro ([46.102.249.7])
    by cleanserver2.mxserver.ro with esmtps (TLSv1.2:AES128-GCM-SHA256:128)
    (Exim 4.92)
    (envelope-from <System@BanList.Ro>)
    id 1l6Y5z-0006Xe-Ff
    for cristian.bejan@smartid.ro; Mon, 01 Feb 2021 07:14:21 -0500
Received: from [::1] (port=57764 helo=localhost)
    by cloud417.mxserver.ro with smtp (Exim 4.93)
    (envelope-from <System@BanList.Ro>)
    id 1l6Y5y-0001g9-9j
    for cristian.bejan@smartid.ro; Mon, 01 Feb 2021 14:14:18 +0200
MIME-Version: 1.0
Date: Mon, 1 Feb 2021 12:14:18 +0000
X-Priority: 3
X-Mailer: IPS PHP Mailer
From: Banlist Online Official Site <System@BanList.Ro>
To: <cristian.bejan@smartid.ro>
Subject: IP.Board Email Test
Content-Type: text/plain; charset="UTF-8"
X-Get-Message-Sender-Via: cloud417.mxserver.ro: none
X-Authenticated-Sender: cloud417.mxserver.ro:
Message-ID: <E1l6Y5z-0006Xe-Ff@cleanserver2.mxserver.ro>
X-Originating-IP: 46.102.249.7
X-SpamExperts-Domain: cloud417.mxserver.ro
X-SpamExperts-Username: 46.102.249.7
Authentication-Results: mxserver.ro; auth=pass smtp.auth=46.102.249.7@cloud417.mxserver.ro
X-SpamExperts-Outgoing-Class: ham
X-SpamExperts-Outgoing-Evidence: Combined (0.18)
X-Recommended-Action: accept
X-Filter-ID: Pt3MvcO5N4iKaDQ5O6lkdGlMVN6RH8bjRMzItlySaT8RnBgm90uIGfWcEkKQKbjmPUtbdvnXkggZ
 3YnVId/Y5jcf0yeVQAvfjHznO7+bT5w5RWfJB8Bt+VAN4RWNhPwrozxl5RGBwWR8xhzXjBnLRhPm
 p87GC1OZvsh7yKER8so9o0qvF2ZFKP5I441+NiAzeb4o0/MLsfRXq2B6Bj1eqJrdaljqZyBc72O+
 SOxmn1uytItRSIiKjyZJbxd96+otQ1/cs/M+n2gG4Hvw7lTUJNWcFsPcwmNKGMnYxHlaJek+dTpK
 ZhE7l5q/2oVPhOdNYBKPjkSYNCHDCl0bquzTMRbCwcirDQUvD9ZSt83Uz8qhr66kih1eY98yFZLv
 KJbjLDnQGgRgHjioU8fpt7xeC7AK0L/uTNt3WCw41GzGb1Zq+pu9ho29CVyp3Dt9A9c5Q0rCcBHa
 hWKxj5ucSpYIqGGJz9rtz9bmckg4MbrIFpyhGbpmfODIZhEo4chb0iMirqq9GopDryQPg7s3heG/
 sptwIRuNuppYmJAhwWaToKKnOLgkNYSIm5/jKyA2MtlgdQdVd9YOTNwpMBmKomfUUcMOFnTMvMql
 KobfKHSWH76L4UiXG51/x0Ki/1/azQiQnOohEibyptTVfIJK/lrvEnFQ14pzlcriKSE0Pc9zNwwQ
 AQ1nLONM8SPS3TX7kXjv/QhND47dY6snDtiSvJDBZqy5+wI1a+m/lJW1tc9cLr927mNv8zfXr6pj
 GFGxTl7OsjkEia6nN1etIm8fDZUJ8x4VzJDtUkTELtDh5HNYPSfTPpuFqUUQz+mM8JAD4ECWzru4
 zEQFbnqwkL2sZsgfgTQEoMzk+wOQqywLP3RYePEBSWCJWqLIDp/AVneTbjhXJOiM8dgjRsprRlED
 qTKBbyG7X+t1TW39Ja77LGPpOwCozOCp4UrEVYn1CPTSjtEBbGMwes7NyHuYBdQjd1YteIsMWI7+
 WQkXAp0KgI7ypXgMcjCHICy57X46hpLxGl75LNLnnkkL94kTQnbQ9bsMgCd3PATozet8ts/wCaL9
 u42aEDO0jVRFvMLrED4TivreKvANyK6oGkxp6Gqb5LS7WqB4NbqLH55Ji+Plxm1u0mMNN2ukizYS
 ekNdv+I2Wu4x
X-Report-Abuse-To: spam@cleanserver1.mxserver.ro
X-SPAM-LEVEL:
Return-Path: System@BanList.Ro
X-MS-Exchange-Organization-Network-Message-Id: f36731c8-cde2-4c14-bf43-08d8c6aaebe2
X-ESET-AS: R=OK;S=0;OP=CALC;TIME=1612181667;VERSION=7874;MC=1768386511;TRN=20;CRV=0;IPC=176.223.127.109;SP=0;SIPS=3;PI=3;F=0
X-ESET-Antispam: OK
X-EsetResult: clean, is OK
X-EsetId: 37303A2957FAAB67667767
X-MS-Exchange-Organization-AVStamp-Enterprise: 1.0
X-MS-Exchange-Organization-AuthSource: SIDSrvEx01.smartid.local
X-MS-Exchange-Organization-AuthAs: Anonymous
 
This is:

Code:
Received: from SIDSrvEx01.smartid.local (192.168.200.30) by
SIDSrvEx01.smartid.local (192.168.200.30) with Microsoft SMTP Server (TLS) id
15.0.1497.2 via Mailbox Transport; Mon, 1 Feb 2021 14:14:27 +0200
Received: from SIDSrvEx01.smartid.local (192.168.200.30) by
SIDSrvEx01.smartid.local (192.168.200.30) with Microsoft SMTP Server (TLS) id
15.0.1497.2; Mon, 1 Feb 2021 14:14:27 +0200
Received: from SIDSrvMailGateway03.smartid.local (192.168.200.10) by
SIDSrvEx01.smartid.local (192.168.200.30) with Microsoft SMTP Server id
15.0.1497.2 via Frontend Transport; Mon, 1 Feb 2021 14:14:27 +0200
Received: from SIDSrvMailGateway03.smartid.local (localhost.localdomain [127.0.0.1])
    by SIDSrvMailGateway03.smartid.local (Proxmox) with ESMTP id A95312068D
    for <cristian.bejan@smartid.ro>; Mon,  1 Feb 2021 14:14:27 +0200 (EET)
Received-SPF: softfail (banlist.ro: Sender is not authorized by default to use 'system@banlist.ro' in 'mfrom' identity, however domain is not currently prepared for false failures (mechanism '~all' matched)) receiver=SIDSrvMailGateway03.smartid.local; identity=mailfrom; envelope-from="system@banlist.ro"; helo=clean203.mxserver.ro; client-ip=176.223.127.109
Received: from clean203.mxserver.ro (clean203.mxserver.ro [176.223.127.109])
    by SIDSrvMailGateway03.smartid.local (Proxmox) with ESMTP id 9207C2066C
    for <cristian.bejan@smartid.ro>; Mon,  1 Feb 2021 14:14:27 +0200 (EET)
Received: from cloud417.mxserver.ro ([46.102.249.7])
    by cleanserver2.mxserver.ro with esmtps (TLSv1.2:AES128-GCM-SHA256:128)
    (Exim 4.92)
    (envelope-from <System@BanList.Ro>)
    id 1l6Y5z-0006Xe-Ff
    for cristian.bejan@smartid.ro; Mon, 01 Feb 2021 07:14:21 -0500
Received: from [::1] (port=57764 helo=localhost)
    by cloud417.mxserver.ro with smtp (Exim 4.93)
    (envelope-from <System@BanList.Ro>)
    id 1l6Y5y-0001g9-9j
    for cristian.bejan@smartid.ro; Mon, 01 Feb 2021 14:14:18 +0200
MIME-Version: 1.0
Date: Mon, 1 Feb 2021 12:14:18 +0000
X-Priority: 3
X-Mailer: IPS PHP Mailer
From: Banlist Online Official Site <System@BanList.Ro>
To: <cristian.bejan@smartid.ro>
Subject: IP.Board Email Test
Content-Type: text/plain; charset="UTF-8"
X-Get-Message-Sender-Via: cloud417.mxserver.ro: none
X-Authenticated-Sender: cloud417.mxserver.ro:
Message-ID: <E1l6Y5z-0006Xe-Ff@cleanserver2.mxserver.ro>
X-Originating-IP: 46.102.249.7
X-SpamExperts-Domain: cloud417.mxserver.ro
X-SpamExperts-Username: 46.102.249.7
Authentication-Results: mxserver.ro; auth=pass smtp.auth=46.102.249.7@cloud417.mxserver.ro
X-SpamExperts-Outgoing-Class: ham
X-SpamExperts-Outgoing-Evidence: Combined (0.18)
X-Recommended-Action: accept
X-Filter-ID: Pt3MvcO5N4iKaDQ5O6lkdGlMVN6RH8bjRMzItlySaT8RnBgm90uIGfWcEkKQKbjmPUtbdvnXkggZ
3YnVId/Y5jcf0yeVQAvfjHznO7+bT5w5RWfJB8Bt+VAN4RWNhPwrozxl5RGBwWR8xhzXjBnLRhPm
p87GC1OZvsh7yKER8so9o0qvF2ZFKP5I441+NiAzeb4o0/MLsfRXq2B6Bj1eqJrdaljqZyBc72O+
SOxmn1uytItRSIiKjyZJbxd96+otQ1/cs/M+n2gG4Hvw7lTUJNWcFsPcwmNKGMnYxHlaJek+dTpK
ZhE7l5q/2oVPhOdNYBKPjkSYNCHDCl0bquzTMRbCwcirDQUvD9ZSt83Uz8qhr66kih1eY98yFZLv
KJbjLDnQGgRgHjioU8fpt7xeC7AK0L/uTNt3WCw41GzGb1Zq+pu9ho29CVyp3Dt9A9c5Q0rCcBHa
hWKxj5ucSpYIqGGJz9rtz9bmckg4MbrIFpyhGbpmfODIZhEo4chb0iMirqq9GopDryQPg7s3heG/
sptwIRuNuppYmJAhwWaToKKnOLgkNYSIm5/jKyA2MtlgdQdVd9YOTNwpMBmKomfUUcMOFnTMvMql
KobfKHSWH76L4UiXG51/x0Ki/1/azQiQnOohEibyptTVfIJK/lrvEnFQ14pzlcriKSE0Pc9zNwwQ
AQ1nLONM8SPS3TX7kXjv/QhND47dY6snDtiSvJDBZqy5+wI1a+m/lJW1tc9cLr927mNv8zfXr6pj
GFGxTl7OsjkEia6nN1etIm8fDZUJ8x4VzJDtUkTELtDh5HNYPSfTPpuFqUUQz+mM8JAD4ECWzru4
zEQFbnqwkL2sZsgfgTQEoMzk+wOQqywLP3RYePEBSWCJWqLIDp/AVneTbjhXJOiM8dgjRsprRlED
qTKBbyG7X+t1TW39Ja77LGPpOwCozOCp4UrEVYn1CPTSjtEBbGMwes7NyHuYBdQjd1YteIsMWI7+
WQkXAp0KgI7ypXgMcjCHICy57X46hpLxGl75LNLnnkkL94kTQnbQ9bsMgCd3PATozet8ts/wCaL9
u42aEDO0jVRFvMLrED4TivreKvANyK6oGkxp6Gqb5LS7WqB4NbqLH55Ji+Plxm1u0mMNN2ukizYS
ekNdv+I2Wu4x
X-Report-Abuse-To: spam@cleanserver1.mxserver.ro
X-SPAM-LEVEL:
Return-Path: System@BanList.Ro
X-MS-Exchange-Organization-Network-Message-Id: f36731c8-cde2-4c14-bf43-08d8c6aaebe2
X-ESET-AS: R=OK;S=0;OP=CALC;TIME=1612181667;VERSION=7874;MC=1768386511;TRN=20;CRV=0;IPC=176.223.127.109;SP=0;SIPS=3;PI=3;F=0
X-ESET-Antispam: OK
X-EsetResult: clean, is OK
X-EsetId: 37303A2957FAAB67667767
X-MS-Exchange-Organization-AVStamp-Enterprise: 1.0
X-MS-Exchange-Organization-AuthSource: SIDSrvEx01.smartid.local
X-MS-Exchange-Organization-AuthAs: Anonymous
Are you sure who object -> IP address (46.102.249.7) do not work?
 
Doesn't work :(
 

Attachments

  • logs.png
    logs.png
    52.1 KB · Views: 11
  • blacklist.png
    blacklist.png
    9.3 KB · Views: 11
Yes, I tried a 2 days ago, but I tried now to can you see that...but same result
 

Attachments

  • blacklist.png
    blacklist.png
    10.3 KB · Views: 8
  • log.png
    log.png
    2.5 KB · Views: 8
I just test a who object with IP address and it able to filter/quarantine the email.

1612193175401.png 1612193214385.png

Code:
Feb 1 23:15:50 pmg postfix/smtpd[9538]: connect from techtarget.outbound.ed10.com[96.47.30.70]
Feb 1 23:15:50 pmg postfix/smtpd[9538]: NOQUEUE: client=techtarget.outbound.ed10.com[96.47.30.70]
Feb 1 23:15:56 pmg postfix/smtpd[9538]: proxy-accept: END-OF-MESSAGE: 250 2.5.0 OK (408A460181B27E3493); from=<97U4QNK-4ZTMIJ-4AH2EF-TMS8V2-MRZSCS-H-M2-20210201-95e3b350285527@techtarget.bounce.ed10.net> to=<user1@mydomain.com> proto=ESMTP helo=<techtarget.outbound.ed10.com>
Feb 1 23:15:57 pmg postfix/smtpd[9538]: NOQUEUE: client=techtarget.outbound.ed10.com[96.47.30.70]
Feb 1 23:15:58 pmg pmg-smtp-filter[9110]: 408A460181B2E0BC9C: new mail message-id=<16847-502-97U4QNK-4ZTMIJ-JS49BC-SWLMKM-P35FAF-H-M2-20210201-e678fcfc587037@e-dialog.com>#012
Feb 1 23:16:01 pmg pmg-smtp-filter[9110]: 408A460181B2E0BC9C: SA score=0/5 time=3.357 bayes=0.00 autolearn=no autolearn_force=no hits=AWL(-0.068),BAYES_00(-1.9),DKIMWL_WL_HIGH(-0.351),DKIM_SIGNED(0.1),DKIM_VALID(-0.1),DKIM_VALID_AU(-0.1),HEADER_FROM_DIFFERENT_DOMAINS(0.25),HTML_FONT_LOW_CONTRAST(0.001),HTML_MESSAGE(0.001),LIST_UNSUB(1),MIME_HTML_ONLY(0.1),RCVD_IN_DNSWL_NONE(-0.0001),RCVD_IN_MSPIKE_H3(-0.01),RCVD_IN_MSPIKE_WL(-0.01),SPF_HELO_PASS(-0.001),SPF_PASS(-0.001)
Feb 1 23:16:01 pmg pmg-smtp-filter[9110]: 408A460181B2E0BC9C: notify <admin@mydomain.com> (rule: testing - who, 6DB3D45F07)
Feb 1 23:16:01 pmg pmg-smtp-filter[9110]: 408A460181B2E0BC9C: moved mail for <user2@mydomain.com> to spam quarantine - 45F0D60181B316FCEB (rule: testing - who)
Feb 1 23:16:01 pmg pmg-smtp-filter[9110]: 408A460181B2E0BC9C: processing time: 3.42 seconds (3.357, 0.027, 0)
Feb 1 23:16:01 pmg postfix/smtpd[9538]: proxy-accept: END-OF-MESSAGE: 250 2.5.0 OK (408A460181B2E0BC9C); from=<97U4QNK-4ZTMIJ-JS49BC-SWLMKM-P35FAF-H-M2-20210201-e678fcfc587037@techtarget.bounce.ed10.net> to=<user2@mydomain.com> proto=ESMTP helo=<techtarget.outbound.ed10.com>
Feb 1 23:16:06 pmg postfix/smtpd[9538]: disconnect from techtarget.outbound.ed10.com[96.47.30.70] ehlo=1 mail=2 rcpt=2 data=2 quit=1 commands=8
 
Yes it's normal that because you have the domain on the same mail server, my domain it's on a different server, the mail server in my case it's a public server, that it's happened also in spam cases, spams arrived from a hundreds domains from a single server. Also it's working if I block banlist.ro, but mails can arrived from another domain that has the same mail server. I just want to block the mail server...
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!