How to idtentify which blacklist entry is matched?

[cpergler]

Hello, I just wondered if there is an easy way to find out which exact entry in a global blacklist caused an incoming mail to be blocked. In the tracking center of the GUI you can only read something like:

[...] block mail to <some.dude@somecompany.com> (rule: Blacklist)

For example I have a global blacklist containing several thousands of enrties, some of them containing placeholders and i have a realy hard time figureing out which entry caused a specific sender to be blocked. I even tried searching the blacklist objects wich something like

# pmgsh get /config/ruledb/who/2/objects | grep domain.com

...also with several different search strings containing different parts of the senders adress or domain, but coud not find any plausible matches.

 

[kalachev_89]

Hello.
I got same problem. I wrote a step, that helped me in this post.
1 dump rules to files
2 find block with all blacklisted addresses
3 via regex find triggered record.

Solution for linux.

#!/bin/bash
for fn in `(pmgsh get "path_to_blocklist_object (in your example /config/ruledb/who/2/objects)" | awk '/value/ { gsub(/[",]/,"",$3); print $3}')`; do
mail="good.e-mail@contoso.com"
reg=$(echo -e $fn)
if [[ "$mail" =~ $reg ]];
then echo "$reg regex to mail $mail ";
fi
done

 

[cpergler]

Hello kalachev_89 and thank you for your suggestion. I solved it by using this Command.

# pmgsh get /config/ruledb/who/2/objects | grep [STRING]

Of cousre you have to replace [STRING] with an appropriate search string. Yout then get a list of blacklist entries that are containing that string. In my case I had made a very widely matching regular expression, but I could find it using the above command.

If anyone of the proxmox staff is reading this: I would stronly suggest to add the following features for blacklists/whitelists in the GUI:

1) Search field to be able to qickly find entries.

2) Stats for each entry how often the entry was matched and when the last match occured.

And for the tracking center to be a little more verbose, for example do not onlny state that the blacklist/whitelist rule applied, but also which blacklist/whitelist entry was matched.