[SOLVED] Exclude postmaster from sending non delivery notification to specific email addresses.

B

BlinTUZ

New Member
Nov 3, 2022
11
1
3
Hello.
We get too many spams, phishing and so on from variety emails . Thanks to PMG our emails are in safe and we can breathe easy )
As it is known, when spam mail is stopped, postmaster sends notification to sender that his mail is not delivered and due to senders mail are not real in in Tracking Center occurred a vast number of queued/deferred mails :
tracking_center.png
..and this happened each day.
My question: is there any way to create exclusion so that postmaster will not send non delivery notification only to those addresses that contain *-sales=domain.com@mail.*
 
I have the same problem I have tried to enable
Configuration - Mail Proxy - Options - Reject Unknown Clients
Configuration - Mail Proxy - Options - Reject Unknown Senders
Configuration - Mail Proxy - Options - SMTP HELO checks
Configuration - Mail Proxy - Options - Use SPF
Configuration - Mail Proxy - Options - Before Queue Filtering

If you would need to add an exception for this because people don't know how to configure their mail servers you can add it to Configuration - Mail Proxy - Whitelist (only IP exception works) and you need to restart postfix process everytime you add an exception or it won't work.

This helps to reduce the number of notifications send from postmaster. The main problem is how do you know if the message is not deliverable it's hard to know it is possible that the receiver SMTP server is just offline for that moment or something else.

You can disable some postmaster notifications in your rule set by changing the mail flow direction to just IN direction or by removing Action Objects that use Notification type Action Object.

If anyone has any idea how to do better please let us know.

The main thing I am worried about is that we do not lose any email. If one of our servers for mail is offline and the messages are in queue they should not be removed and should wait in queue for at least 2 days (I think that is the default).
In this case messages in queue are also undeliverable until the mail server is back online.
 
  • Like
Reactions: BlinTUZ
Configuration - Mail Proxy - Options - Reject Unknown Clients
Configuration - Mail Proxy - Options - Reject Unknown Senders
Configuration - Mail Proxy - Options - SMTP HELO checks
Configuration - Mail Proxy - Options - Use SPF
Configuration - Mail Proxy - Options - Before Queue Filtering
Click to expand...
From all above , I only have "Use SPF" enabled.
Since I do not know how all other options will affect the delivery of mail, I would like to know what type of email addresses I risk not receiving an email from in case if I turn on all the rest options.
 
BlinTUZ said:
From all above , I only have "Use SPF" enabled.
Since I do not know how all other options will affect the delivery of mail, I would like to know what type of email addresses I risk not receiving an email from in case if I turn on all the rest options.
Click to expand...

I was worried about this too but after enabling it I only had 3 people notify me that they can't get the email and it was related to this change. We have average 20k mail flow per day. I added exception and warned the providers that have their mail servers or dns records configured incorrectly. It's simple to add exception if you need to Configuration - Mail Proxy - Whitelist (only IP/IP Network exception works) and you need to restart postfix process every time you add an exception or it won't work.

It's mostly just badly configured mail servers any serious provider for email will have this settings configured correctly. If they don't they are not serious about mail delivery.

Example you can use this tool to test if mail configuration on server is correctly configured.
https://mxtoolbox.com/diagnostic.aspx

Example this kind of sender will be blocked:
1668802337838.png

Here are some threads as I was asking about more information about this settings:

https://forum.proxmox.com/threads/missing-documentation-helotests.113810/
https://www.postfix.org/postconf.5.html#smtpd_helo_required

https://forum.proxmox.com/threads/missing-documentation-rejectunknown-rejectunknownsender.113809/
https://www.postfix.org/postconf.5.html#reject_unknown_client_hostname

https://forum.proxmox.com/threads/h...m-messages-to-undeliverable-addresses.117609/

After you enable this changes restart server and monitor the logs.
You can search in the log
  • reject
  • connect from unknown
  • Client host rejected
  • cannot find your hostname
  • Helo command rejected
  • need fully-qualified hostname
  • Sender address rejected
You should be able to see servers that are blocked by this change.
 
Last edited:
  • Like
Reactions: BlinTUZ
poetry said:
I was worried about this too but after enabling it I only had 3 people notify me that they can't get the email and it was related to this change. We have average 20k mail flow per day. I added exception and warned the providers that have their mail servers or dns records configured incorrectly. It's simple to add exception if you need to Configuration - Mail Proxy - Whitelist (only IP/IP Network exception works) and you need to restart postfix process every time you add an exception or it won't work.

It's mostly just badly configured mail servers any serious provider for email will have this settings configured correctly. If they don't they are not serious about mail delivery.

Example you can use this tool to test if mail configuration on server is correctly configured.
https://mxtoolbox.com/diagnostic.aspx

Example this kind of sender will be blocked:
View attachment 43382

Here are some threads as I was asking about more information about this settings:

https://forum.proxmox.com/threads/missing-documentation-helotests.113810/
https://www.postfix.org/postconf.5.html#smtpd_helo_required

https://forum.proxmox.com/threads/missing-documentation-rejectunknown-rejectunknownsender.113809/
https://www.postfix.org/postconf.5.html#reject_unknown_client_hostname

https://forum.proxmox.com/threads/h...m-messages-to-undeliverable-addresses.117609/

After you enable this changes restart server and monitor the logs.
You can search in the log
  • reject
  • connect from unknown
  • Client host rejected
  • cannot find your hostname
  • Helo command rejected
  • need fully-qualified hostname
  • Sender address rejected
You should be able to see servers that are blocked by this change.
Click to expand...
Thanks for the detailed answer.
I will check it out.
But also, I believe there is more precise option/configuration that allows to achieve the result without losing emails from those who do not really care about their mail server's smtp status.
 
Found solution:

created "Who Objects" with name "No quarantine notification" and added "Regular Expression" - *-sales=domain.com@mail.*
1669716291712.png

then in "Mail Filter" added new "Rule" with "Block in" . Then in "Block in" rule in "Action Objects" added "Block" action and in "From" added "No quarantine notification"
1669716637834.png

give it priority higher than the default quarantine spam rule "Quarantine/Mark Spam (Level 3)"

After that the pmg no longer sends any notification to addresses according to regular expression in "No quarantine notification"
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back