Global Blacklist getting ignored

[Trulli]

Hi,
i have added serveral spammer domains to the global blacklist (and also added it to the user blacklist on the spam report), but the mails from the below domains are still being accepted and delivered; there are no changes in the emails itself (e.g. variation of sender adresses etc.).

Have i entered the domains in a wrong format ? (manual has no example)

Anyone got an idea why the blacklist gets completely ignored (Blacklist itself is active in filter setting) ?

(i also restarted the server...)

 

[Trulli]

after testing around i may have found the cause.
I now edited the blacklist for to "in & out" (was only "in" before) and mails are getting rejected. (my definition of OUT is different though, or something is bugged with only the "IN" setting...

 

[Trulli]

unfortunately it doesnt fully work, mails are still getting through, example below


Oct 26 20:33:44 mx01 postfix/smtpd[4555]: connect from heute3.ausverkauf-aktuell.de[185.46.185.78]
Oct 26 20:33:44 mx01 postfix/smtpd[4555]: Anonymous TLS connection established from heute3.ausverkauf-aktuell.de[185.46.185.78]: TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
Oct 26 20:33:45 mx01 pmgpolicy[3810]: SPF says pass
Oct 26 20:33:45 mx01 postfix/smtpd[4555]: NOQUEUE: client=heute3.ausverkauf-aktuell.de[185.46.185.78]
Oct 26 20:33:45 mx01 pmg-smtp-filter[2382]: 2022/10/26-20:33:45 CONNECT TCP Peer: "[127.0.0.1]:43042" Local: "[127.0.0.1]:10024"
Oct 26 20:33:45 mx01 pmg-smtp-filter[2382]: 1B2E163597D891D669: new mail message-id=<c1490dc108718c49114909a726bcf201@heute.ausverkauf-aktuell.de>
Oct 26 20:33:45 mx01 clamd[337]: SelfCheck: Database status OK.
Oct 26 20:33:45 mx01 clamd[337]: SelfCheck: Database status OK.
Oct 26 20:33:48 mx01 sshd[4544]: Failed password for root from 61.177.172.104 port 54480 ssh2
Oct 26 20:33:52 mx01 sshd[4544]: Failed password for root from 61.177.172.104 port 54480 ssh2
Oct 26 20:33:52 mx01 pmg-smtp-filter[2382]: 1B2E163597D891D669: SA score=1/5 time=7.453 bayes=0.00 autolearn=no autolearn_force=no hits=AWL(0.561),BAYES_00(-1.9),DKIM_SIGNED(0.1),DKIM_VALID(-0.1),DKIM_VALID_AU(-0.1),HTML_FONT_LOW_CONTRAST(0.001),HTML_MESSAGE(0.001),SCC_ISEMM_LID_1B(1.5),SPF_HELO_NONE(0.001),SPF_PASS(-0.001),URIBL_ABUSE_SURBL(1.25)
Oct 26 20:33:52 mx01 postfix/smtpd[4587]: connect from localhost[127.0.0.1]
Oct 26 20:33:52 mx01 postfix/smtpd[4587]: A405B1B2F1: client=localhost[127.0.0.1], orig_client=heute3.ausverkauf-aktuell.de[185.46.185.78]
Oct 26 20:33:52 mx01 postfix/cleanup[4588]: A405B1B2F1: message-id=<c1490dc108718c49114909a726bcf201@heute.ausverkauf-aktuell.de>
Oct 26 20:33:52 mx01 postfix/qmgr[451]: A405B1B2F1: from=<bounce@heute.ausverkauf-aktuell.de>, size=17606, nrcpt=1 (queue active)
Oct 26 20:33:52 mx01 pmg-smtp-filter[2382]: 1B2E163597D891D669: accept mail to <hans.meier@whatever.com> (A405B1B2F1) (rule: default-accept)
Oct 26 20:33:52 mx01 postfix/smtpd[4587]: disconnect from localhost[127.0.0.1] ehlo=1 xforward=1 mail=1 rcpt=1 data=1 commands=5
Oct 26 20:33:52 mx01 pmg-smtp-filter[2382]: 1B2E163597D891D669: processing time: 7.606 seconds (7.453, 0.057, 0)
Oct 26 20:33:52 mx01 postfix/smtpd[4555]: proxy-accept: END-OF-MESSAGE: 250 2.5.0 OK (1B2E163597D891D669); from=<bounce@heute.ausverkauf-aktuell.de> to=<hans.meier@whatever.com> proto=ESMTP helo=<heute3.ausverkauf-aktuell.de>
Oct 26 20:33:52 mx01 postfix/smtpd[4555]: disconnect from heute3.ausverkauf-aktuell.de[localserver185.46.185.78] ehlo=2 starttls=1 mail=1 rcpt=1 data=1 quit=1 commands=7
Oct 26 20:33:52 mx01 postfix/smtp[4589]: Untrusted TLS connection established to localmailserver[localmailserver]:47525: TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)
Oct 26 20:33:52 mx01 postfix/smtp[4589]: A405B1B2F1: to=<hans.meier@whatever.com>, relay=localmailserver[localmailserver]:47525, delay=0.21, delays=0.06/0.03/0.09/0.03, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as D4726BF3)
Oct 26 20:33:52 mx01 postfix/qmgr[451]: A405B1B2F1: removed

 

[Trulli]

anyone got an idea why the global domain blacklist is not working ?
User based blacklists do work, but the global fails, like it doesnt even get read.

I dont seem to be the only one having trouble with the GBL.
https://forum.proxmox.com/threads/better-way-to-block-sender-domain.117391/

 

[Stoiko Ivanov]

not quite sure from what you posted - but on a hunch - domain entries in who object match just the domain - not all subdomains thereof.
which entry from your screenshot would you expect to block this particular mail?

in other words ausverkauf-aktuell.de does not cover heute.ausverkauf-aktuell.de...

 

[Trulli]

Thank your for the guidance, and confirming my suspicion that i have entered the domains in a wrong format.
Much appreciated !


Feedback:

I think the documentation is misleading or..not precise enough in this case. Adding a simple example what the function does may help many people.

A domain is not a subdomain and also not a TLD ;-). You are using the FQDN.

Unfortunately the basic thinking is most likely for the vast majority:

If i block all email from e.g. hotmail.com i dont want to get anything from the subdomains as well..

Otherwise it doesn't make really sense, and therefore the "domain" option is likely the most useless thing i have seen in a long time .. no offense intended.

It should be either changed or removed, as its suggest it blocks the full domain, while it actually does not but it easily leads to the perception: "PMG sucks!" - which is definitely not the case; its a great tool.



....Should have used regex from the start...., but im getting too old ;-)