Block Mail Server Not A domain

[Tyger]

Hi,
I want to buy and use your software but I need to know that it's capable to block a mail server not a domain server, I mean, I want to block the server from where that mail are coming, for ex: I receive a mail from *example*@banlist.ro but the mail server from where that mail was sent is *example*.mxserver.ro, how can I block the "mxserver.ro"? I tried every think in blacklist but nothing work. I attached a picture to understand you my explanation.
I'm waiting for an answer from you!

Best regards,
Cristian.

 

[dietmar]

I want to buy and use your software but I need to know that it's capable to block a mail server

Sure, that is possible. The product is freely available for download, so you can simple test.

 

[Tyger]

Sure, that is possible. The product is freely available for download, so you can simple test.

You have not read all what I posted there, my question is "how can I block a mail server?" you can't tell me that in black list I must write the domain of server from where that kinds of mails arriving because it's doesn't work, in that picture it's a logs from this software and what I want to block is a server not a domain.

 

[hata_ph]

Mail filter with Who object -> IP Address may work.

 

[Tyger]

Mail filter with Who object -> IP Address may work.

I tried that option, still receive mails from that ip

 

[hata_ph]

show your mail filter rules and object

 

[Tyger]

show your mail filter rules and object

Hi hata_ph, I appreciate your effort to help me, I attached the pictures requested, but please come back to picture from my first post, there I explained that I want to block the server from where the mail it's arriving, in my case i want to block "mxserver.ro" not "banlist.ro", if I block "mxserver.ro" I am blocking automatically "banlist.ro" and every domain that send mail from that server.

 

[hata_ph]

Noted. Can you provide the spam mail in raw format?

 

[Tyger]

Noted. Can you provide the spam mail in raw format?

That it's a testing server not a spam server, I own that server and I tested from it, but I want to know if this program can block a mail server not a mail or a domain.

 

[hata_ph]

Show the raw format of testing mail that u want to block

 

[Tyger]

You mean this?

Jan 30 11:11:54 SIDSrvMailGateway03 postfix/smtpd[46298]: warning: hostname cleanserver101.mxserver.ro does not resolve to address 89.44.47.45: Name or service not known
Jan 30 11:11:54 SIDSrvMailGateway03 postfix/smtpd[46298]: connect from unknown[89.44.47.45]
Jan 30 11:11:54 SIDSrvMailGateway03 postfix/smtpd[46298]: C06B320965: client=unknown[89.44.47.45]
Jan 30 11:11:54 SIDSrvMailGateway03 postfix/cleanup[46302]: C06B320965: message-id=<E1l5mID-00053i-Cd@cleanserver1.mxserver.ro>
Jan 30 11:11:54 SIDSrvMailGateway03 postfix/qmgr[4669]: C06B320965: from=<System@BanList.Ro>, size=3146, nrcpt=1 (queue active)
Jan 30 11:11:54 SIDSrvMailGateway03 postfix/smtpd[46298]: disconnect from unknown[89.44.47.45] ehlo=1 mail=1 rcpt=1 bdat=1 quit=1 commands=5
Jan 30 11:11:54 SIDSrvMailGateway03 pmg-smtp-filter[44514]: 209E0601522DAC745E: new mail message-id=<E1l5mID-00053i-Cd@cleanserver1.mxserver.ro>#012
Jan 30 11:11:54 SIDSrvMailGateway03 postfix/smtpd[46307]: connect from localhost.localdomain[127.0.0.1]
Jan 30 11:11:54 SIDSrvMailGateway03 postfix/smtpd[46307]: DA8F1209E5: client=localhost.localdomain[127.0.0.1], orig_client=unknown[89.44.47.45]
Jan 30 11:11:54 SIDSrvMailGateway03 postfix/cleanup[46302]: DA8F1209E5: message-id=<E1l5mID-00053i-Cd@cleanserver1.mxserver.ro>
Jan 30 11:11:54 SIDSrvMailGateway03 postfix/qmgr[4669]: DA8F1209E5: from=<System@BanList.Ro>, size=3397, nrcpt=1 (queue active)
Jan 30 11:11:54 SIDSrvMailGateway03 postfix/smtpd[46307]: disconnect from localhost.localdomain[127.0.0.1] ehlo=1 xforward=1 mail=1 rcpt=1 data=1 commands=5
Jan 30 11:11:54 SIDSrvMailGateway03 pmg-smtp-filter[44514]: 209E0601522DAC745E: accept mail to <cristian.bejan@smartid.ro> (DA8F1209E5) (rule: default-accept)
Jan 30 11:11:54 SIDSrvMailGateway03 pmg-smtp-filter[44514]: 209E0601522DAC745E: processing time: 0.088 seconds (0, 0.037, 0)
Jan 30 11:11:54 SIDSrvMailGateway03 postfix/lmtp[46303]: C06B320965: to=<cristian.bejan@smartid.ro>, relay=127.0.0.1[127.0.0.1]:10024, delay=0.34, delays=0.22/0.02/0/0.09, dsn=2.5.0, status=sent (250 2.5.0 OK (209E0601522DAC745E))
Jan 30 11:11:54 SIDSrvMailGateway03 postfix/qmgr[4669]: C06B320965: removed
Jan 30 11:11:55 SIDSrvMailGateway03 postfix/smtp[46308]: DA8F1209E5: to=<cristian.bejan@smartid.ro>, relay=192.168.200.30[192.168.200.30]:25, delay=0.28, delays=0.01/0.02/0.01/0.24, dsn=2.6.0, status=sent (250 2.6.0 <E1l5mID-00053i-Cd@cleanserver1.mxserver.ro> [InternalId=152771986718729, Hostname=SIDSrvEx01.smartid.local] Queued mail for delivery)
Jan 30 11:11:55 SIDSrvMailGateway03 postfix/qmgr[4669]: DA8F1209E5: removed

 

[hata_ph]

this

 

[Tyger]

This is:

Received: from SIDSrvEx01.smartid.local (192.168.200.30) by
 SIDSrvEx01.smartid.local (192.168.200.30) with Microsoft SMTP Server (TLS) id
 15.0.1497.2 via Mailbox Transport; Mon, 1 Feb 2021 14:14:27 +0200
Received: from SIDSrvEx01.smartid.local (192.168.200.30) by
 SIDSrvEx01.smartid.local (192.168.200.30) with Microsoft SMTP Server (TLS) id
 15.0.1497.2; Mon, 1 Feb 2021 14:14:27 +0200
Received: from SIDSrvMailGateway03.smartid.local (192.168.200.10) by
 SIDSrvEx01.smartid.local (192.168.200.30) with Microsoft SMTP Server id
 15.0.1497.2 via Frontend Transport; Mon, 1 Feb 2021 14:14:27 +0200
Received: from SIDSrvMailGateway03.smartid.local (localhost.localdomain [127.0.0.1])
    by SIDSrvMailGateway03.smartid.local (Proxmox) with ESMTP id A95312068D
    for <cristian.bejan@smartid.ro>; Mon,  1 Feb 2021 14:14:27 +0200 (EET)
Received-SPF: softfail (banlist.ro: Sender is not authorized by default to use 'system@banlist.ro' in 'mfrom' identity, however domain is not currently prepared for false failures (mechanism '~all' matched)) receiver=SIDSrvMailGateway03.smartid.local; identity=mailfrom; envelope-from="system@banlist.ro"; helo=clean203.mxserver.ro; client-ip=176.223.127.109
Received: from clean203.mxserver.ro (clean203.mxserver.ro [176.223.127.109])
    by SIDSrvMailGateway03.smartid.local (Proxmox) with ESMTP id 9207C2066C
    for <cristian.bejan@smartid.ro>; Mon,  1 Feb 2021 14:14:27 +0200 (EET)
Received: from cloud417.mxserver.ro ([46.102.249.7])
    by cleanserver2.mxserver.ro with esmtps (TLSv1.2:AES128-GCM-SHA256:128)
    (Exim 4.92)
    (envelope-from <System@BanList.Ro>)
    id 1l6Y5z-0006Xe-Ff
    for cristian.bejan@smartid.ro; Mon, 01 Feb 2021 07:14:21 -0500
Received: from [::1] (port=57764 helo=localhost)
    by cloud417.mxserver.ro with smtp (Exim 4.93)
    (envelope-from <System@BanList.Ro>)
    id 1l6Y5y-0001g9-9j
    for cristian.bejan@smartid.ro; Mon, 01 Feb 2021 14:14:18 +0200
MIME-Version: 1.0
Date: Mon, 1 Feb 2021 12:14:18 +0000
X-Priority: 3
X-Mailer: IPS PHP Mailer
From: Banlist Online Official Site <System@BanList.Ro>
To: <cristian.bejan@smartid.ro>
Subject: IP.Board Email Test
Content-Type: text/plain; charset="UTF-8"
X-Get-Message-Sender-Via: cloud417.mxserver.ro: none
X-Authenticated-Sender: cloud417.mxserver.ro:
Message-ID: <E1l6Y5z-0006Xe-Ff@cleanserver2.mxserver.ro>
X-Originating-IP: 46.102.249.7
X-SpamExperts-Domain: cloud417.mxserver.ro
X-SpamExperts-Username: 46.102.249.7
Authentication-Results: mxserver.ro; auth=pass smtp.auth=46.102.249.7@cloud417.mxserver.ro
X-SpamExperts-Outgoing-Class: ham
X-SpamExperts-Outgoing-Evidence: Combined (0.18)
X-Recommended-Action: accept
X-Filter-ID: Pt3MvcO5N4iKaDQ5O6lkdGlMVN6RH8bjRMzItlySaT8RnBgm90uIGfWcEkKQKbjmPUtbdvnXkggZ
 3YnVId/Y5jcf0yeVQAvfjHznO7+bT5w5RWfJB8Bt+VAN4RWNhPwrozxl5RGBwWR8xhzXjBnLRhPm
 p87GC1OZvsh7yKER8so9o0qvF2ZFKP5I441+NiAzeb4o0/MLsfRXq2B6Bj1eqJrdaljqZyBc72O+
 SOxmn1uytItRSIiKjyZJbxd96+otQ1/cs/M+n2gG4Hvw7lTUJNWcFsPcwmNKGMnYxHlaJek+dTpK
 ZhE7l5q/2oVPhOdNYBKPjkSYNCHDCl0bquzTMRbCwcirDQUvD9ZSt83Uz8qhr66kih1eY98yFZLv
 KJbjLDnQGgRgHjioU8fpt7xeC7AK0L/uTNt3WCw41GzGb1Zq+pu9ho29CVyp3Dt9A9c5Q0rCcBHa
 hWKxj5ucSpYIqGGJz9rtz9bmckg4MbrIFpyhGbpmfODIZhEo4chb0iMirqq9GopDryQPg7s3heG/
 sptwIRuNuppYmJAhwWaToKKnOLgkNYSIm5/jKyA2MtlgdQdVd9YOTNwpMBmKomfUUcMOFnTMvMql
 KobfKHSWH76L4UiXG51/x0Ki/1/azQiQnOohEibyptTVfIJK/lrvEnFQ14pzlcriKSE0Pc9zNwwQ
 AQ1nLONM8SPS3TX7kXjv/QhND47dY6snDtiSvJDBZqy5+wI1a+m/lJW1tc9cLr927mNv8zfXr6pj
 GFGxTl7OsjkEia6nN1etIm8fDZUJ8x4VzJDtUkTELtDh5HNYPSfTPpuFqUUQz+mM8JAD4ECWzru4
 zEQFbnqwkL2sZsgfgTQEoMzk+wOQqywLP3RYePEBSWCJWqLIDp/AVneTbjhXJOiM8dgjRsprRlED
 qTKBbyG7X+t1TW39Ja77LGPpOwCozOCp4UrEVYn1CPTSjtEBbGMwes7NyHuYBdQjd1YteIsMWI7+
 WQkXAp0KgI7ypXgMcjCHICy57X46hpLxGl75LNLnnkkL94kTQnbQ9bsMgCd3PATozet8ts/wCaL9
 u42aEDO0jVRFvMLrED4TivreKvANyK6oGkxp6Gqb5LS7WqB4NbqLH55Ji+Plxm1u0mMNN2ukizYS
 ekNdv+I2Wu4x
X-Report-Abuse-To: spam@cleanserver1.mxserver.ro
X-SPAM-LEVEL:
Return-Path: System@BanList.Ro
X-MS-Exchange-Organization-Network-Message-Id: f36731c8-cde2-4c14-bf43-08d8c6aaebe2
X-ESET-AS: R=OK;S=0;OP=CALC;TIME=1612181667;VERSION=7874;MC=1768386511;TRN=20;CRV=0;IPC=176.223.127.109;SP=0;SIPS=3;PI=3;F=0
X-ESET-Antispam: OK
X-EsetResult: clean, is OK
X-EsetId: 37303A2957FAAB67667767
X-MS-Exchange-Organization-AVStamp-Enterprise: 1.0
X-MS-Exchange-Organization-AuthSource: SIDSrvEx01.smartid.local
X-MS-Exchange-Organization-AuthAs: Anonymous

 

[hata_ph]

This is:

Received: from SIDSrvEx01.smartid.local (192.168.200.30) by
SIDSrvEx01.smartid.local (192.168.200.30) with Microsoft SMTP Server (TLS) id
15.0.1497.2 via Mailbox Transport; Mon, 1 Feb 2021 14:14:27 +0200
Received: from SIDSrvEx01.smartid.local (192.168.200.30) by
SIDSrvEx01.smartid.local (192.168.200.30) with Microsoft SMTP Server (TLS) id
15.0.1497.2; Mon, 1 Feb 2021 14:14:27 +0200
Received: from SIDSrvMailGateway03.smartid.local (192.168.200.10) by
SIDSrvEx01.smartid.local (192.168.200.30) with Microsoft SMTP Server id
15.0.1497.2 via Frontend Transport; Mon, 1 Feb 2021 14:14:27 +0200
Received: from SIDSrvMailGateway03.smartid.local (localhost.localdomain [127.0.0.1])
    by SIDSrvMailGateway03.smartid.local (Proxmox) with ESMTP id A95312068D
    for <cristian.bejan@smartid.ro>; Mon,  1 Feb 2021 14:14:27 +0200 (EET)
Received-SPF: softfail (banlist.ro: Sender is not authorized by default to use 'system@banlist.ro' in 'mfrom' identity, however domain is not currently prepared for false failures (mechanism '~all' matched)) receiver=SIDSrvMailGateway03.smartid.local; identity=mailfrom; envelope-from="system@banlist.ro"; helo=clean203.mxserver.ro; client-ip=176.223.127.109
Received: from clean203.mxserver.ro (clean203.mxserver.ro [176.223.127.109])
    by SIDSrvMailGateway03.smartid.local (Proxmox) with ESMTP id 9207C2066C
    for <cristian.bejan@smartid.ro>; Mon,  1 Feb 2021 14:14:27 +0200 (EET)
Received: from cloud417.mxserver.ro ([46.102.249.7])
    by cleanserver2.mxserver.ro with esmtps (TLSv1.2:AES128-GCM-SHA256:128)
    (Exim 4.92)
    (envelope-from <System@BanList.Ro>)
    id 1l6Y5z-0006Xe-Ff
    for cristian.bejan@smartid.ro; Mon, 01 Feb 2021 07:14:21 -0500
Received: from [::1] (port=57764 helo=localhost)
    by cloud417.mxserver.ro with smtp (Exim 4.93)
    (envelope-from <System@BanList.Ro>)
    id 1l6Y5y-0001g9-9j
    for cristian.bejan@smartid.ro; Mon, 01 Feb 2021 14:14:18 +0200
MIME-Version: 1.0
Date: Mon, 1 Feb 2021 12:14:18 +0000
X-Priority: 3
X-Mailer: IPS PHP Mailer
From: Banlist Online Official Site <System@BanList.Ro>
To: <cristian.bejan@smartid.ro>
Subject: IP.Board Email Test
Content-Type: text/plain; charset="UTF-8"
X-Get-Message-Sender-Via: cloud417.mxserver.ro: none
X-Authenticated-Sender: cloud417.mxserver.ro:
Message-ID: <E1l6Y5z-0006Xe-Ff@cleanserver2.mxserver.ro>
X-Originating-IP: 46.102.249.7
X-SpamExperts-Domain: cloud417.mxserver.ro
X-SpamExperts-Username: 46.102.249.7
Authentication-Results: mxserver.ro; auth=pass smtp.auth=46.102.249.7@cloud417.mxserver.ro
X-SpamExperts-Outgoing-Class: ham
X-SpamExperts-Outgoing-Evidence: Combined (0.18)
X-Recommended-Action: accept
X-Filter-ID: Pt3MvcO5N4iKaDQ5O6lkdGlMVN6RH8bjRMzItlySaT8RnBgm90uIGfWcEkKQKbjmPUtbdvnXkggZ
3YnVId/Y5jcf0yeVQAvfjHznO7+bT5w5RWfJB8Bt+VAN4RWNhPwrozxl5RGBwWR8xhzXjBnLRhPm
p87GC1OZvsh7yKER8so9o0qvF2ZFKP5I441+NiAzeb4o0/MLsfRXq2B6Bj1eqJrdaljqZyBc72O+
SOxmn1uytItRSIiKjyZJbxd96+otQ1/cs/M+n2gG4Hvw7lTUJNWcFsPcwmNKGMnYxHlaJek+dTpK
ZhE7l5q/2oVPhOdNYBKPjkSYNCHDCl0bquzTMRbCwcirDQUvD9ZSt83Uz8qhr66kih1eY98yFZLv
KJbjLDnQGgRgHjioU8fpt7xeC7AK0L/uTNt3WCw41GzGb1Zq+pu9ho29CVyp3Dt9A9c5Q0rCcBHa
hWKxj5ucSpYIqGGJz9rtz9bmckg4MbrIFpyhGbpmfODIZhEo4chb0iMirqq9GopDryQPg7s3heG/
sptwIRuNuppYmJAhwWaToKKnOLgkNYSIm5/jKyA2MtlgdQdVd9YOTNwpMBmKomfUUcMOFnTMvMql
KobfKHSWH76L4UiXG51/x0Ki/1/azQiQnOohEibyptTVfIJK/lrvEnFQ14pzlcriKSE0Pc9zNwwQ
AQ1nLONM8SPS3TX7kXjv/QhND47dY6snDtiSvJDBZqy5+wI1a+m/lJW1tc9cLr927mNv8zfXr6pj
GFGxTl7OsjkEia6nN1etIm8fDZUJ8x4VzJDtUkTELtDh5HNYPSfTPpuFqUUQz+mM8JAD4ECWzru4
zEQFbnqwkL2sZsgfgTQEoMzk+wOQqywLP3RYePEBSWCJWqLIDp/AVneTbjhXJOiM8dgjRsprRlED
qTKBbyG7X+t1TW39Ja77LGPpOwCozOCp4UrEVYn1CPTSjtEBbGMwes7NyHuYBdQjd1YteIsMWI7+
WQkXAp0KgI7ypXgMcjCHICy57X46hpLxGl75LNLnnkkL94kTQnbQ9bsMgCd3PATozet8ts/wCaL9
u42aEDO0jVRFvMLrED4TivreKvANyK6oGkxp6Gqb5LS7WqB4NbqLH55Ji+Plxm1u0mMNN2ukizYS
ekNdv+I2Wu4x
X-Report-Abuse-To: spam@cleanserver1.mxserver.ro
X-SPAM-LEVEL:
Return-Path: System@BanList.Ro
X-MS-Exchange-Organization-Network-Message-Id: f36731c8-cde2-4c14-bf43-08d8c6aaebe2
X-ESET-AS: R=OK;S=0;OP=CALC;TIME=1612181667;VERSION=7874;MC=1768386511;TRN=20;CRV=0;IPC=176.223.127.109;SP=0;SIPS=3;PI=3;F=0
X-ESET-Antispam: OK
X-EsetResult: clean, is OK
X-EsetId: 37303A2957FAAB67667767
X-MS-Exchange-Organization-AVStamp-Enterprise: 1.0
X-MS-Exchange-Organization-AuthSource: SIDSrvEx01.smartid.local
X-MS-Exchange-Organization-AuthAs: Anonymous

Are you sure who object -> IP address (46.102.249.7) do not work?

 

[Tyger]

Doesn't work

 

[hata_ph]

Doesn't work

Your show email from IP 31.14.22.90. Did you have that IP in your who IP object?

 

[Tyger]

Yes, I tried a 2 days ago, but I tried now to can you see that...but same result

 

[hata_ph]

I just test a who object with IP address and it able to filter/quarantine the email.

Feb 1 23:15:50 pmg postfix/smtpd[9538]: connect from techtarget.outbound.ed10.com[96.47.30.70]
Feb 1 23:15:50 pmg postfix/smtpd[9538]: NOQUEUE: client=techtarget.outbound.ed10.com[96.47.30.70]
Feb 1 23:15:56 pmg postfix/smtpd[9538]: proxy-accept: END-OF-MESSAGE: 250 2.5.0 OK (408A460181B27E3493); from=<97U4QNK-4ZTMIJ-4AH2EF-TMS8V2-MRZSCS-H-M2-20210201-95e3b350285527@techtarget.bounce.ed10.net> to=<user1@mydomain.com> proto=ESMTP helo=<techtarget.outbound.ed10.com>
Feb 1 23:15:57 pmg postfix/smtpd[9538]: NOQUEUE: client=techtarget.outbound.ed10.com[96.47.30.70]
Feb 1 23:15:58 pmg pmg-smtp-filter[9110]: 408A460181B2E0BC9C: new mail message-id=<16847-502-97U4QNK-4ZTMIJ-JS49BC-SWLMKM-P35FAF-H-M2-20210201-e678fcfc587037@e-dialog.com>#012
Feb 1 23:16:01 pmg pmg-smtp-filter[9110]: 408A460181B2E0BC9C: SA score=0/5 time=3.357 bayes=0.00 autolearn=no autolearn_force=no hits=AWL(-0.068),BAYES_00(-1.9),DKIMWL_WL_HIGH(-0.351),DKIM_SIGNED(0.1),DKIM_VALID(-0.1),DKIM_VALID_AU(-0.1),HEADER_FROM_DIFFERENT_DOMAINS(0.25),HTML_FONT_LOW_CONTRAST(0.001),HTML_MESSAGE(0.001),LIST_UNSUB(1),MIME_HTML_ONLY(0.1),RCVD_IN_DNSWL_NONE(-0.0001),RCVD_IN_MSPIKE_H3(-0.01),RCVD_IN_MSPIKE_WL(-0.01),SPF_HELO_PASS(-0.001),SPF_PASS(-0.001)
Feb 1 23:16:01 pmg pmg-smtp-filter[9110]: 408A460181B2E0BC9C: notify <admin@mydomain.com> (rule: testing - who, 6DB3D45F07)
Feb 1 23:16:01 pmg pmg-smtp-filter[9110]: 408A460181B2E0BC9C: moved mail for <user2@mydomain.com> to spam quarantine - 45F0D60181B316FCEB (rule: testing - who)
Feb 1 23:16:01 pmg pmg-smtp-filter[9110]: 408A460181B2E0BC9C: processing time: 3.42 seconds (3.357, 0.027, 0)
Feb 1 23:16:01 pmg postfix/smtpd[9538]: proxy-accept: END-OF-MESSAGE: 250 2.5.0 OK (408A460181B2E0BC9C); from=<97U4QNK-4ZTMIJ-JS49BC-SWLMKM-P35FAF-H-M2-20210201-e678fcfc587037@techtarget.bounce.ed10.net> to=<user2@mydomain.com> proto=ESMTP helo=<techtarget.outbound.ed10.com>
Feb 1 23:16:06 pmg postfix/smtpd[9538]: disconnect from techtarget.outbound.ed10.com[96.47.30.70] ehlo=1 mail=2 rcpt=2 data=2 quit=1 commands=8

 

[Tyger]

Yes it's normal that because you have the domain on the same mail server, my domain it's on a different server, the mail server in my case it's a public server, that it's happened also in spam cases, spams arrived from a hundreds domains from a single server. Also it's working if I block banlist.ro, but mails can arrived from another domain that has the same mail server. I just want to block the mail server...