eBay is being Quarantined

[zolthar]

All emails from ebay are not being whitelisted and are being Quarantined at a global/server level:
bounces+1434781-b894-(username)=(domain)@m.reply.ebay.com.au

I have added the domains here: Configurations > Mail Proxy > Whitelist:


I have also added here: Mail Filter > Who Objects > Whitelist:


According to the logs, it gets caught in my Quarantine Rule @ 75 for emails scoring 6:

• Whitelist priority is 85
• Quarantine SPAM >= 5 is 75

It works for the reachlocal domain no issues in the same Whitelist WHO Object.

However if individually whitelisted per mailbox it works - however I am lazy and any help would be much apprecaited.

Please note that the recipient does exist and it definitely should be delivered.

Here are the Tracking Logs:

Jan 31 10:35:14 spam postfix/smtpd[18320]: connect from o14.m.reply1.ebay.com[167.89.87.200]
Jan 31 10:35:16 spam postfix/smtpd[18320]: Anonymous TLS connection established from o14.m.reply1.ebay.com[167.89.87.200]: TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
Jan 31 10:35:16 spam postfix/smtpd[18320]: B0B0418104C: client=o14.m.reply1.ebay.com[167.89.87.200]
Jan 31 10:35:17 spam postfix/cleanup[18279]: B0B0418104C: info: header From: eBay <ebay@reply.ebay.com.au> from o14.m.reply1.ebay.com[167.89.87.200]; from=<bounces+1434781-4987-username=domain.com.au@m.reply.ebay.com.au> to=<username@domain.com.au> proto=ESMTP helo=<o14.m.reply1.ebay.com>
Jan 31 10:35:17 spam postfix/cleanup[18279]: B0B0418104C: message-id=<WLQmGNjpSpeEswsgJ8LeCA@ismtpd0007p1sjc2.sendgrid.net>
Jan 31 10:35:17 spam postfix/cleanup[18279]: B0B0418104C: info: header Subject: Shop these supplies & stay busy from o14.m.reply1.ebay.com[167.89.87.200]; from=<bounces+1434781-4987-username=domain.com.au@m.reply.ebay.com.au> to=<username@domain.com.au> proto=ESMTP helo=<o14.m.reply1.ebay.com>
Jan 31 10:35:17 spam postfix/cleanup[18279]: B0B0418104C: info: header To: -14 <username@domain.com.au> from o14.m.reply1.ebay.com[167.89.87.200]; from=<bounces+1434781-4987-username=domain.com.au@m.reply.ebay.com.au> to=<username@domain.com.au> proto=ESMTP helo=<o14.m.reply1.ebay.com>
Jan 31 10:35:17 spam postfix/qmgr[58806]: B0B0418104C: from=<bounces+1434781-4987-username=domain.com.au@m.reply.ebay.com.au>, size=122778, nrcpt=1 (queue active)
Jan 31 10:35:17 spam pmg-smtp-filter[18166]: 1A098E6015ED35C12E2: new mail message-id=<WLQmGNjpSpeEswsgJ8LeCA@ismtpd0007p1sjc2.sendgrid.net>#012
Jan 31 10:35:18 spam postfix/smtpd[18320]: disconnect from o14.m.reply1.ebay.com[167.89.87.200] ehlo=2 starttls=1 mail=1 rcpt=1 data=1 quit=1 commands=7
Jan 31 10:35:22 spam pmg-smtp-filter[18166]: 1A098E6015ED35C12E2: SA score=6/5 time=4.497 bayes=0.00 autolearn=no autolearn_force=no hits=AWL(-0.401),BAYES_00(-1.9),DCC_CHECK(1.1),DCC_REPUT_90_94(0.6),DKIMWL_WL_HIGH(-0.195),DKIM_SIGNED(0.1),DKIM_VALID(-0.1),DKIM_VALID_AU(-0.1),HTML_FONT_LOW_CONTRAST(0.001),HTML_IMAGE_RATIO_04(0.001),HTML_MESSAGE(0.001),KAM_HUGEIMGSRC(0.2),KAM_REALLYHUGEIMGSRC(0.5),KAM_SENDGRID(1.5),MIME_HTML_ONLY(0.1),RCVD_IN_MSPIKE_H2(-0.001),SCHAALIT_URI_823(5),SPF_HELO_NONE(0.001),SPF_PASS(-0.001),UNPARSEABLE_RELAY(0.001),URIBL_BLOCKED(0.001)
Jan 31 10:35:22 spam pmg-smtp-filter[18166]: 1A098E6015ED35C12E2: moved mail for <username@domain.com.au> to spam quarantine - 1A0A5C6015ED3A5F91E (rule: Quarantine >= 5 (Everyone))
Jan 31 10:35:22 spam pmg-smtp-filter[18166]: 1A098E6015ED35C12E2: processing time: 4.602 seconds (4.497, 0.083, 0)
Jan 31 10:35:22 spam postfix/lmtp[18280]: B0B0418104C: to=<username@domain.com.au>, relay=127.0.0.1[127.0.0.1]:10024, delay=5.9, delays=1.3/0/0/4.6, dsn=2.5.0, status=sent (250 2.5.0 OK (1A098E6015ED35C12E2))
Jan 31 10:35:22 spam postfix/qmgr[58806]: B0B0418104C: removed

And here is another

Jan 31 10:39:06 spam postfix/smtpd[18277]: connect from xtrwsqbc.outbound-mail.sendgrid.net[167.89.100.188]
Jan 31 10:39:07 spam postfix/smtpd[18277]: Anonymous TLS connection established from xtrwsqbc.outbound-mail.sendgrid.net[167.89.100.188]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Jan 31 10:39:08 spam postfix/smtpd[18277]: 8C1D418104C: client=xtrwsqbc.outbound-mail.sendgrid.net[167.89.100.188]
Jan 31 10:39:09 spam postfix/cleanup[18279]: 8C1D418104C: info: header From: "eBay" <ebay@reply.ebay.com.au> from xtrwsqbc.outbound-mail.sendgrid.net[167.89.100.188]; from=<bounces+1434781-9794-username=domain.com.au@m.reply.ebay.com.au> to=<username@domain.com.au> proto=ESMTP helo=<xtrwsqbc.outbound-mail.sendgrid.net>
Jan 31 10:39:09 spam postfix/cleanup[18279]: 8C1D418104C: info: header To: "-3416" <username@domain.com.au> from xtrwsqbc.outbound-mail.sendgrid.net[167.89.100.188]; from=<bounces+1434781-9794-username=domain.com.au@m.reply.ebay.com.au> to=<username@domain.com.au> proto=ESMTP helo=<xtrwsqbc.outbound-mail.sendgrid.net>
Jan 31 10:39:09 spam postfix/cleanup[18279]: 8C1D418104C: message-id=<mVyekKlHSeuYLjqEa8g8Yw@ismtpd0010p1sjc2.sendgrid.net>
Jan 31 10:39:09 spam postfix/cleanup[18279]: 8C1D418104C: info: header Subject: Shop these supplies & stay busy from xtrwsqbc.outbound-mail.sendgrid.net[167.89.100.188]; from=<bounces+1434781-9794-username=domain.com.au@m.reply.ebay.com.au> to=<username@domain.com.au> proto=ESMTP helo=<xtrwsqbc.outbound-mail.sendgrid.net>
Jan 31 10:39:09 spam postfix/qmgr[58806]: 8C1D418104C: from=<bounces+1434781-9794-username=domain.com.au@m.reply.ebay.com.au>, size=123399, nrcpt=1 (queue active)
Jan 31 10:39:09 spam pmg-smtp-filter[18166]: 1A0A586015EE1DE40BC: new mail message-id=<mVyekKlHSeuYLjqEa8g8Yw@ismtpd0010p1sjc2.sendgrid.net>#012
Jan 31 10:39:11 spam postfix/smtpd[18277]: disconnect from xtrwsqbc.outbound-mail.sendgrid.net[167.89.100.188] ehlo=2 starttls=1 mail=1 rcpt=1 data=1 quit=1 commands=7
Jan 31 10:39:18 spam pmg-smtp-filter[18166]: 1A0A586015EE1DE40BC: SA score=6/5 time=8.900 bayes=0.00 autolearn=no autolearn_force=no hits=AWL(-0.397),BAYES_00(-1.9),DCC_CHECK(1.1),DCC_REPUT_90_94(0.6),DKIMWL_WL_HIGH(-0.195),DKIM_SIGNED(0.1),DKIM_VALID(-0.1),DKIM_VALID_AU(-0.1),HTML_FONT_LOW_CONTRAST(0.001),HTML_IMAGE_RATIO_06(0.001),HTML_MESSAGE(0.001),KAM_HUGEIMGSRC(0.2),KAM_REALLYHUGEIMGSRC(0.5),KAM_SENDGRID(1.5),MIME_HTML_ONLY(0.1),RCVD_IN_MSPIKE_H2(-0.001),SCHAALIT_URI_823(5),SPF_HELO_NONE(0.001),SPF_PASS(-0.001),UNPARSEABLE_RELAY(0.001),URIBL_BLOCKED(0.001)
Jan 31 10:39:18 spam pmg-smtp-filter[18166]: 1A0A586015EE1DE40BC: moved mail for <username@domain.com.au> to spam quarantine - 1A0A5D6015EE26E5059 (rule: Quarantine >= 5 (Everyone))
Jan 31 10:39:18 spam pmg-smtp-filter[18166]: 1A0A586015EE1DE40BC: processing time: 9.006 seconds (8.9, 0.086, 0)
Jan 31 10:39:18 spam postfix/lmtp[18280]: 8C1D418104C: to=<username@domain.com.au>, relay=127.0.0.1[127.0.0.1]:10024, delay=11, delays=1.7/0/0/9, dsn=2.5.0, status=sent (250 2.5.0 OK (1A0A586015EE1DE40BC))
Jan 31 10:39:18 spam postfix/qmgr[58806]: 8C1D418104C: removed

 

[hata_ph]

try whitelist this domain reply.ebay.com.au

 

[zolthar]

try whitelist this domain reply.ebay.com.au

Just added: Configurations > Mail Proxy > Whitelist



Will have to see any future eBay emails and will update.


After going through a few, I have found that its only the Marketing eBay emails that gets trapped. eBay messages and anything else seems to go through ok, however they do not get tagged as whitelisted as it goes into the "default-accept" rule:

Jan 31 14:17:14 spam postfix/smtpd[21825]: connect from mxphxpool1064.ebay.com[66.211.185.167]
Jan 31 14:17:15 spam postfix/smtpd[21825]: Anonymous TLS connection established from mxphxpool1064.ebay.com[66.211.185.167]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Jan 31 14:17:16 spam postfix/smtpd[21825]: D323A1810F3: client=mxphxpool1064.ebay.com[66.211.185.167]
Jan 31 14:17:17 spam postfix/cleanup[21829]: D323A1810F3: info: header From: eBay - ebayUsername <ebayUsername@members.ebay.com.au> from mxphxpool1064.ebay.com[66.211.185.167]; from=<ebayUsername@members.ebay.com.au> to=<username@domain.com.au> proto=ESMTP helo=<mxphxpool1064.ebay.com>
Jan 31 14:17:17 spam postfix/cleanup[21829]: D323A1810F3: info: header To: username@domain.com.au from mxphxpool1064.ebay.com[66.211.185.167]; from=<ebayUsername@members.ebay.com.au> to=<username@domain.com.au> proto=ESMTP helo=<mxphxpool1064.ebay.com>
Jan 31 14:17:17 spam postfix/cleanup[21829]: D323A1810F3: message-id=<27f0ca8d-eece-4341-9afc-63a06bc16c6e@starship>
Jan 31 14:17:17 spam postfix/cleanup[21829]: D323A1810F3: info: header Subject: ebayUsername has sent a question about :shipping for item #123123,? ending on 04-Feb-21 13:06:41 AEDST - Gas Fire Place & Marble Surround from mxphxpool1064.ebay.com[66.211.185.167]; from=<ebayUsername@members.ebay.com.au> to=<username@domain.com.au> proto=ESMTP helo=<mxphxpool1064.ebay.com>
Jan 31 14:17:17 spam postfix/qmgr[58806]: D323A1810F3: from=<ebayUsername@members.ebay.com.au>, size=34328, nrcpt=1 (queue active)
Jan 31 14:17:17 spam pmg-smtp-filter[21696]: 1A0A736016213D38B74: new mail message-id=<27f0ca8d-eece-4341-9afc-63a06bc16c6e@starship>#012
Jan 31 14:17:17 spam postfix/smtpd[21825]: disconnect from mxphxpool1064.ebay.com[66.211.185.167] ehlo=2 starttls=1 mail=1 rcpt=1 data=1 quit=1 commands=7
Jan 31 14:17:20 spam pmg-smtp-filter[21696]: 1A0A736016213D38B74: SA score=0/5 time=2.743 bayes=0.00 autolearn=ham autolearn_force=no hits=BAYES_00(-1.9),DKIMWL_WL_HIGH(-0.195),DKIM_SIGNED(0.1),DKIM_VALID(-0.1),DKIM_VALID_AU(-0.1),HTML_MESSAGE(0.001),MIME_HTML_ONLY(0.1),MONEY_BACK(1.232),RCVD_IN_DNSWL_HI(-5),RCVD_IN_MSPIKE_H2(-0.001),SPF_HELO_NONE(0.001),SPF_PASS(-0.001),T_REMOTE_IMAGE(0.01),URIBL_BLOCKED(0.001)
Jan 31 14:17:20 spam postfix/smtpd[21836]: connect from localhost.localdomain[127.0.0.1]
Jan 31 14:17:20 spam postfix/smtpd[21836]: 121621810FB: client=localhost.localdomain[127.0.0.1], orig_client=mxphxpool1064.ebay.com[66.211.185.167]
Jan 31 14:17:20 spam postfix/cleanup[21829]: 121621810FB: message-id=<27f0ca8d-eece-4341-9afc-63a06bc16c6e@starship>
Jan 31 14:17:20 spam postfix/qmgr[58806]: 121621810FB: from=<ebayUsername@members.ebay.com.au>, size=35681, nrcpt=1 (queue active)
Jan 31 14:17:20 spam postfix/smtpd[21836]: disconnect from localhost.localdomain[127.0.0.1] ehlo=1 xforward=1 mail=1 rcpt=1 data=1 commands=5
Jan 31 14:17:20 spam pmg-smtp-filter[21696]: 1A0A736016213D38B74: accept mail to <username@domain.com.au> (121621810FB) (rule: default-accept)
Jan 31 14:17:20 spam pmg-smtp-filter[21696]: 1A0A736016213D38B74: processing time: 2.846 seconds (2.743, 0.063, 0)
Jan 31 14:17:20 spam postfix/lmtp[21830]: D323A1810F3: to=<username@domain.com.au>, relay=127.0.0.1[127.0.0.1]:10024, delay=4.1, delays=1.3/0.02/0/2.9, dsn=2.5.0, status=sent (250 2.5.0 OK (1A0A736016213D38B74))
Jan 31 14:17:20 spam postfix/qmgr[58806]: D323A1810F3: removed
Jan 31 14:17:20 spam postfix/smtp[21837]: 121621810FB: to=<username@domain.com.au>, relay=192.168.18.25[192.168.18.25]:25, delay=0.31, delays=0.01/0.03/0.02/0.25, dsn=2.6.0, status=sent (250 2.6.0 <27f0ca8d-eece-4341-9afc-63a06bc16c6e@starship> [InternalId=179310589640737, Hostname=EXCH1.olavar.local] 37340 bytes in 0.161, 226.029 KB/sec Queued mail for delivery)
Jan 31 14:17:20 spam postfix/qmgr[58806]: 121621810FB: removed

 

[Stoiko Ivanov]

SCHAALIT_URI_823(5)

This single rule adds 5 point to your spam-result - a quick grep in the rules shipped by PMG did not show it - do you maybe have some local rules/other rule sources?

on another (but maybe related) note - it seems the DNS-server you're using is over quota - you don't get answers from URIBL (which is quite a good source to find spam) :

URIBL_BLOCKED(0.001)

maybe consider setting up a dedicated DNS server for your PMG - check out our getting started page:
https://pmg.proxmox.com/wiki/index.php/Getting_started_with_Proxmox_Mail_Gateway