Mail Filter "AND" logic not possible?

A

admail

Member
Apr 14, 2022
21
2
8
We are in the process of migrating transport rules from MS Exchange to PROXMOX and noticed that it is not possible (compared to MS Excchange) to create exceptions for mail filters. Therefore we tried to logicaly link multiple checks with inverted regex (e.g. "NOT 'STRING'" like ^(?!STRING.*$) ) but are facing the next issue that AND is not possible for content checks.

Example of what we need:
MODIFY subject (action object)
IF the mail comes from specific domain (From Object)
AND the header field "subject" contains a specific word (What Object)
AND the header field "received" DOES NOT contains a specific word (What Object).

The first three lines are working fine, but it seems there is no way to have two AND combined header field checks!?

We already tried to combine two "What Objects" within a Mail Filter and also one single "What Object" with two regex: In both cases the object groups are linked by AND but the elements within one group or within one object are always liked by OR.

Is there any other trick we are not aware of?
How do ther users work around this limitation?
Any plans for the future to add exceptions and/or logic operators for rules?
 
No currently there is no negation or selective and/or in the rule-system.
The advantage of this is that the system is a bit simpler (and still can lead to quite some complex rules, which are hard to debug)
The disadvantage, as you've experienced is that not everything can be expressed quite straight-forwardly


admail said:
Is there any other trick we are not aware of?
Click to expand...
well - usually you can work around this by creating two rules with different priorities - the one for the 'exception' with a higher priority and the desired action for the exception, the general one with a lower priority

admail said:
Any plans for the future to add exceptions and/or logic operators for rules?
Click to expand...
Currently not really - as most things can be expressed quite well with the existing system

I hope this helps!
 
Stoiko Ivanov said:
well - usually you can work around this by creating two rules with different priorities - the one for the 'exception' with a higher priority and the desired action for the exception, the general one with a lower priority
Click to expand...
I think this will not work: The intention of an exception is "don't do it" and not "do something else".
And as far as i know there is no "exit" option for rules like MS Outlook has (e.g. "if rule is triggered, don't process any other lower prio rule) or am I wrong?

BTW: We use this for detection of email spoofing. To make it more clear:
PMG should tag all incoming mails with sender domain "@domain.de" by adding "[EXTERNAL]" to the subject line as it is unusual that "internal" mails are passing the PMG. But it should not do the tagging if the email is coming from whitelisted external systems.
 
admail said:
BTW: We use this for detection of email spoofing. To make it more clear:
PMG should tag all incoming mails with sender domain "@domain.de" by adding "[EXTERNAL]" to the subject line as it is unusual that "internal" mails are passing the PMG. But it should not do the tagging if the email is coming from whitelisted external systems.
Click to expand...
What speaks against pushing this rule quite to the bottom (i.e. as last rule, before the default accept) - and having one with the whitelisted external systems as from and action accept, and one with a priority of one lower without a from object and action modify subject?

but I get that this is a different concept than what exchange offers...
 
Stoiko Ivanov said:
What speaks against pushing this rule quite to the bottom (i.e. as last rule, before the default accept) - and having one with the whitelisted external systems as from and action accept, and one with a priority of one lower without a from object and action modify subject?

but I get that this is a different concept than what exchange offers...
Click to expand...
You mean that a mail filter with action "accept" causes the lower priorities not to be executed?

BTW: The whitelist does not use "From" but hostnames within the "received" (by) headers, as the sender mail adress varies.
 
admail said:
You mean that a mail filter with action "accept" causes the lower priorities not to be executed?
Click to expand...
yes - the actions 'Accept', 'Block' and 'Quarantine' are final

admail said:
BTW: The whitelist does not use "From" but hostnames within the "received" (by) headers, as the sender mail adress varies.
Click to expand...
depending on your setup you could also use from-objects with IP addresses
 
You must log in or register to reply here.
Top Bottom