filter mail based on sender's domain

T

tdemeyer

New Member
Oct 2, 2007
22
0
1
Hi,

I receive a lot of unwanted external mails where the sender's adress is an email adress known to our internal users. As it is impossible for our users to send mails connecting from somewhere outside the domain, I had a rule on our old gateway that says"if there arrives a mail pretending to be from *@ourdomain.com, then reject this mail".
Is this possible to do this with proxmox? I noticed there was an object named "add match field", but I can't find a list of possible fields and filter values...
 
Should this work? create rule
- Inbound
- From: known LDAP address
- To: known LDAP address
- Action: Block

and the same, with idem priority, but
- From: unknown LDAP address (to prevent incoming <anything>@ourdomain.com)
 
tdemeyer said:
Hi,

I receive a lot of unwanted external mails where the sender's adress is an email adress known to our internal users. As it is impossible for our users to send mails connecting from somewhere outside the domain, I had a rule on our old gateway that says"if there arrives a mail pretending to be from *@ourdomain.com, then reject this mail".
Is this possible to do this with proxmox? I noticed there was an object named "add match field", but I can't find a list of possible fields and filter values...
Click to expand...

hi tim!

do you know SPF? I highly suggest you define an SPF for your domain and activate SPF on your Proxmox (if you deactivated it).

Also, you are using a backup mx for your domain. Most spammer knows this and they sent their spam via the backup mx, working around proxmox.

For improving spam detection, deactivate the backup mx, if you need redundancy, think of building a Proxmox HA Cluster
 
Tom,

Our MX record point to the off-site antivirus scanner (Mc Affee mail4sure service). Our mails arrive at their site, get scanned and are then forwarded to our mail gateway for further processing. Our IP adres is unknown to the outside world, so mail never arrives directly at our proxmox server.

The fact that mails are pre-processed also makes it impossible to use spf.
 
tdemeyer said:
Tom,

Our MX record point to the off-site antivirus scanner (Mc Affee mail4sure service). Our mails arrive at their site, get scanned and are then forwarded to our mail gateway for further processing. Our IP adres is unknown to the outside world, so mail never arrives directly at our proxmox server.

The fact that mails are pre-processed also makes it impossible to use spf.
Click to expand...

Hi tim,
thanks for clarification. in this setup you you cannot benefit of smtp level spam checks (RBL, SPF and greylisting, Receiver verification). With these smtp level checks a lot of Proxmox users can filter up to 90 % of email before the emails reach their systems. so maybe you should change your setup? btw, proxmox is doing also very reliable virus scanning and if you need you can additionally buy a kaspersky license to add dual layer scanning to your proxmox.
 
tdemeyer said:
Should this work? create rule
- Inbound
- From: known LDAP address
- To: known LDAP address
- Action: Block

and the same, with idem priority, but
- From: unknown LDAP address (to prevent incoming <anything>@ourdomain.com)
Click to expand...

if you try this, please start NOT with block. just do a notification action to see results, later do a BCC to a archive mailbox or use the quarantine.
 
Our mail gateway only needs to filter forbidden attachments, provide a second layer AV scanning (in fact we have three levels: Mc Affee off-site, Clam on the gateway, and TrendMicro on the internal server.. pretty paranoic .... but we want to be sure :D)
Our off-site contract is still valid for three more years, so I don't want to waste money by not using their services right now...

Their service is not so good when it comes to filtering attachments. When messages are quarantained, users must have access to a web page, but not all of them are allowed on the internet... That's why we want this type of filtering done on "our side".
The only thing left are the messages as explained in my first post. So I need to find a way to block them with proxmox. (our current gateway with trend-micro running on it does this fine, as i simply have a rule that blocks all sender-from with our domain name in it..)
 
Field names?

Hi All,

Will try to experiment with the object object named "add match field".

Can someone tell me where to find the list of field names I can use?

(can be handy as we also want to filter hotmail senders!)

Tim
 
Sorry, haven't been clear on this in my previous post:

The Manual says:

"Define custom WHO objects, possible values:
...
Add Regular Expression "

I need the field names I can enter here, as there is no list in the manual
 
tdemeyer said:
Sorry, haven't been clear on this in my previous post:

The Manual says:

"Define custom WHO objects, possible values:
...
Add Regular Expression "

I need the field names I can enter here, as there is no list in the manual
Click to expand...

hi tim,

just see chapter 13.4 in the admin guide. if you just want a who object with hotmail.com, just add the domain to this who object. but be careful with blocking,
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back