Cant seem to whitelist domains

Sep 17, 2020
310
19
23
Hello All,

I have below header info for emails which keep getting quarantined even though they are whitelisted.

I have domain sender.com in a WHO -> Domains -> domain-> "sender.com"
and
WHO -> Domains -> Regular Expression-> ".+@sender.com"
Since they are using servers like sendgrid, we certainly can't whitelist server IP.

Now I see the negative score ( or positive number ) on Sendgrid, and then Mime 64, so I look at my quarantine/Mark Spam rule, with a priority at 80 ( and it is set to Spam Level 3.
And then my whitelist set at priority 96 making me feel like I'm whitelisting before the quarantine, but I'm clearly missing something.
Any assistance appreciated.


Delivered-To: megan.User@ClientDom1.com Return-Path: bounces+17068649-3fb4-megan.User=ClientDom1.com@em6264.Sender.com Received: from wrqvrsrn.outbound-mail.sendgrid.net (wrqvrsrn.outbound-mail.sendgrid.net [149.72.86.82]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mgw.innovativeinternet.net (Proxmox) with ESMTPS for <megan.User@ClientDom1.com>; Mon, 16 Oct 2023 11:11:19 -0400 (EDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Sender.com; h=mime-version:from:subject:content-type:content-transfer-encoding:to: cc:cc:content-type:from:subject:to; s=s4; bh=Nfw0mRiebXl1GUWuP9kVjBpab/t+OtGPDiMYkhcw3Jw=; b=pfx9nVy3tY6odQ8VxMs6n4wAitGmAvouExbp/hwnJ7VOFRAxCeaFcenjzC4DD8YhCeA5 lpAt1HiV1J9G/eliJ9xrBRi1CTwfEsFabUkt6mb9m/eX3LhS0Zoz0kAE6fz0Gqek/DJH4r nun4uUs0JhIC0Em+/MgvuBDO+idCugImOiZcDdG/vBQaJE2Q9Qb++5UgR5rfz6KKOvi2Kr 5bLOjRj1UIxWmxJNDrGYwrqWBrs1yOv8zXBgDBfWBa8zPpxIzQH3JrJ5p8Z/jK/X8NMBkD G4Px2I8Du0RUM4SDEvFhmPTYrnKHiZ+QTz06B9KuRT8J7eOWmcj3VscVznYxKHRA== Received: by filterdrecv-7d6bbb66cf-hlsgd with SMTP id filterdrecv-7d6bbb66cf-hlsgd-1-652D5296-3A 2023-10-16 15:11:18.264743396 +0000 UTC m=+499678.389559267 Received: from pd0mdwk0002FU (unknown) by geopod-ismtpd-11 (SG) with ESMTP id UxvBIGvMQ-60k7UNF2yYAQ Mon, 16 Oct 2023 15:11:18.155 +0000 (UTC) MIME-Version: 1.0 From: CompanyBrand Motors Inc <CompanyBrand@Sender.com> Date: Mon, 16 Oct 2023 15:11:18 +0000 (UTC) subject: SPAM: Company Co-Op Assistance Claim 975352 for Company Info Approved Content-Type: text/html; charset=us-ascii Content-Transfer-Encoding: base64 Message-ID: <UxvBIGvMQ-60k7UNF2yYAQ@geopod-ismtpd-11> X-SG-EID: =?us-ascii?Q?1zo8u7vbk9AiE0UNuOTFRv9KNLvu771oSamzOUdxx2M3FRjGxgicUjC9FIoJ9a?= =?us-ascii?Q?T1kJSiErPs2fLS7LQTS79JdCyKKI7yJdx=2Fss9lJ?= =?us-ascii?Q?7x+Be0aklo=2FNCH7EdQfP5dG4sg9Ncy6lF8B2qZM?= =?us-ascii?Q?Jgnn0zr23avjRdbYs=2FLJxiDU4jZJ7txWp+fB24O?= =?us-ascii?Q?VmZuOyCZbnucE7kp2dgYIgmtWYdSTCUAYlyXF3w?= =?us-ascii?Q?4ER9QEIc5U3uU6+KKmOzhqL4SdXhvwewTgHQI0U?= =?us-ascii?Q?eIb8=2F=2FXeatio+aPmt7Aig=3D=3D?= To: CompanyBrandSupport@Team.com, Megan.User@ClientDom1.com Cc: CompanyBrand@Sender.com X-Entity-ID: /6t8jkrfbgzpNNWZlasF+g== X-SPAM-LEVEL: Spam detection results: 3 AWL -0.147 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DKIM_SIGNED 0.1 Message has a DKIM or DK signature, not necessarily valid DKIM_VALID -0.1 Message has at least one valid DKIM or DK signature DKIM_VALID_AU -0.1 Message has a valid DKIM or DK signature from author's domain DMARC_MISSING 0.1 Missing DMARC policy HTML_IMAGE_ONLY_20 1.546 HTML: images with 1600-2000 bytes of words HTML_MESSAGE 0.001 HTML included in message HTML_MIME_NO_HTML_TAG 0.377 HTML-only message, but there is no HTML tag KAM_REALLYHUGEIMGSRC 0.5 Spam with image tags with ridiculously huge http urls KAM_SENDGRID 1.5 Sendgrid being exploited by scammers MIME_BASE64_TEXT 1.741 Message text disguised using base64 encoding MIME_HTML_ONLY 0.1 Message only has text/html MIME parts SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record T_REMOTE_IMAGE 0.01 Message contains an external image
 
Thanks @Stoiko Ivanov.

I will update some of my existing to match your example of .+@.+sender.com
But, If I have 2 rules one with the domain, and one with the subdomain, will it fail on the first one?
Regex 1 - .+@.+sender.com
Regex 2 - .+@sender.com

Not sure this will work at all.
 
Last edited:

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!