[SOLVED] Despite Domain and the IP of sender are on the Global Blacklist => Mail is delivered with rule default-accept

R

rudolfo1967

New Member
Apr 1, 2024
10
1
3
Hello Community.

My installation of Proxmox Mail Gateway let Mails come in despite the senders IP an Domainname are on the blacklist (Mailfilter/Who Objects/Blacklist).
In detail it is about the maildomain @tanner.com.tr an the corresponding mailserver IP: 217.172.170.69
In the tracking center of PMG it is shown that mails from that domain and ip is not filtered by looking at the blacklist. Instead it delivers with (rule: default-accept). You can see this in the following log entry from the tracking centre below:

Code: 
2025-05-06T14:47:56.520173+02:00 pmg postfix/smtpd[417633]: connect from tilobr.or.mg[217.172.170.69]
2025-05-06T14:47:57.072849+02:00 pmg postfix/smtpd[417633]: 11BA580359: client=tilobr.or.mg[217.172.170.69]<br>2025-05-06T14:47:57.116735+02:00 pmg postfix/cleanup[417645]: 11BA580359: message-id=&lt;882142168145626864674565467565351570206400204652@tanner.com.tr&gt;
2025-05-06T14:47:57.189065+02:00 pmg postfix/qmgr[730]: 11BA580359: from=&lt;eyfukcm@tanner.com.tr&gt;, size=41364, nrcpt=1 (queue active)
2025-05-06T14:47:57.189218+02:00 pmg postfix/smtpd[417633]: disconnect from tilobr.or.mg[217.172.170.69] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5
2025-05-06T14:47:57.327569+02:00 pmg pmg-smtp-filter[415434]: 8054C681A04FD4BDA1: new mail message-id=&lt;882142168145626864674565467565351570206400204652@tanner.com.tr&gt;#012
2025-05-06T14:47:58.602154+02:00 pmg pmg-smtp-filter[415434]: 8054C681A04FD4BDA1: SA score=0/5 time=1.147 bayes=undefined autolearn=no autolearn_force=no hits=DMARC_MISSING(0.1),HTML_IMAGE_ONLY_28(0.726),HTML_MESSAGE(0.001),KAM_DMARC_STATUS(0.01),RCVD_IN_VALIDITY_CERTIFIED_BLOCKED(0.001),RCVD_IN_VALIDITY_RPBL_BLOCKED(0.001),RCVD_IN_VALIDITY_SAFE_BLOCKED(0.001),SPF_HELO_PASS(-0.001),SPF_PASS(-0.001),T_TVD_MIME_EPI(0.01)
2025-05-06T14:47:58.644504+02:00 pmg postfix/smtpd[417651]: connect from localhost.localdomain[127.0.0.1]
2025-05-06T14:47:58.647209+02:00 pmg postfix/smtpd[417651]: 9DF5680D70: client=localhost.localdomain[127.0.0.1], orig_client=tilobr.or.mg[217.172.170.69]
2025-05-06T14:47:58.652635+02:00 pmg postfix/cleanup[417645]: 9DF5680D70: message-id=&lt;882142168145626864674565467565351570206400204652@tanner.com.tr&gt;
2025-05-06T14:47:58.713948+02:00 pmg postfix/qmgr[730]: 9DF5680D70: from=&lt;eyfukcm@tanner.com.tr&gt;, size=42611, nrcpt=1 (queue active)
2025-05-06T14:47:58.714120+02:00 pmg postfix/smtpd[417651]: disconnect from localhost.localdomain[127.0.0.1] ehlo=1 xforward=1 mail=1 rcpt=1 data=1 commands=5
2025-05-06T14:47:58.714265+02:00 pmg pmg-smtp-filter[415434]: 8054C681A04FD4BDA1: accept mail to &lt;rudolf.pezzei@compaid.at&gt; (9DF5680D70) (rule: default-accept)
2025-05-06T14:47:58.727661+02:00 pmg pmg-smtp-filter[415434]: 8054C681A04FD4BDA1: processing time: 1.403 seconds (1.147, 0.112, 0)
2025-05-06T14:47:58.728226+02:00 pmg postfix/lmtp[417646]: 11BA580359: to=&lt;rudolf.pezzei@compaid.at&gt;, relay=127.0.0.1[127.0.0.1]:10024, delay=2.1, delays=0.59/0.08/0.04/1.4, dsn=2.5.0, status=sent (250 2.5.0 OK (8054C681A04FD4BDA1))
2025-05-06T14:47:58.728468+02:00 pmg postfix/qmgr[730]: 11BA580359: removed
2025-05-06T14:47:59.254726+02:00 pmg postfix/smtp[417652]: 9DF5680D70: to=&lt;rudolf.pezzei@compaid.at&gt;, relay=192.168.200.201[192.168.200.201]:25, delay=0.61, delays=0.07/0.08/0.08/0.38, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as DFE0F6F37DF)
2025-05-06T14:47:59.254956+02:00 pmg postfix/qmgr[730]: 9DF5680D70: removed

Could anyone see in the log lines why the blacklist entries for IP and Maildomain are not having an effect?

Greetings - Rudolf
 
Hello Janus57, did both entries in Mailfilter->Blacklist with Domain-Type and IP-Type - domain entry can be seen in the attached screenshot. best regards Rudolf
 

Attachments

  • blacklistentry.png
    blacklistentry.png
    92 KB · Views: 13
Hello Janus,
as i reviewed the Mailfilter - see attachment, i realized that i must also react to "SpamLevel 0"? But maybe there is a setting in "what Objects" to block ALL regardless the spam level, when something is in the global blacklist?
 

Attachments

  • mailfilter.png
    mailfilter.png
    221.4 KB · Views: 16
OOTB this looks different, so you already changed it and made it worse. I would start over fresh*.
I made two new lists, "blockfrom" and "blockto" and the filter that is using the list is without "what".
Screenshot 2025-05-09 100517.png
 
Last edited:
  • Like
Reactions: rudolfo1967
Hello Bob.Dig, i followed your advice - so if there is no "What Objects" it makes it unconditional = all matches in the blacklist leads to block then. I thinkt thats it!
 
Thank you Bob.Dig - that was exactly the problem.
Thank you Janus57 - for leading to the right direction.
 
Last edited:
  • Like
Reactions: janus57
You must log in or register to reply here.
Top Bottom