Mail Filter "AND" logic not possible?

admail

Member
Apr 14, 2022
21
2
8
We are in the process of migrating transport rules from MS Exchange to PROXMOX and noticed that it is not possible (compared to MS Excchange) to create exceptions for mail filters. Therefore we tried to logicaly link multiple checks with inverted regex (e.g. "NOT 'STRING'" like ^(?!STRING.*$) ) but are facing the next issue that AND is not possible for content checks.

Example of what we need:
MODIFY
subject (action object)
IF the mail comes from specific domain (From Object)
AND the header field "subject" contains a specific word (What Object)
AND the header field "received" DOES NOT contains a specific word (What Object).

The first three lines are working fine, but it seems there is no way to have two AND combined header field checks!?

We already tried to combine two "What Objects" within a Mail Filter and also one single "What Object" with two regex: In both cases the object groups are linked by AND but the elements within one group or within one object are always liked by OR.

Is there any other trick we are not aware of?
How do ther users work around this limitation?
Any plans for the future to add exceptions and/or logic operators for rules?
 
No currently there is no negation or selective and/or in the rule-system.
The advantage of this is that the system is a bit simpler (and still can lead to quite some complex rules, which are hard to debug)
The disadvantage, as you've experienced is that not everything can be expressed quite straight-forwardly


Is there any other trick we are not aware of?
well - usually you can work around this by creating two rules with different priorities - the one for the 'exception' with a higher priority and the desired action for the exception, the general one with a lower priority

Any plans for the future to add exceptions and/or logic operators for rules?
Currently not really - as most things can be expressed quite well with the existing system

I hope this helps!
 
well - usually you can work around this by creating two rules with different priorities - the one for the 'exception' with a higher priority and the desired action for the exception, the general one with a lower priority
I think this will not work: The intention of an exception is "don't do it" and not "do something else".
And as far as i know there is no "exit" option for rules like MS Outlook has (e.g. "if rule is triggered, don't process any other lower prio rule) or am I wrong?

BTW: We use this for detection of email spoofing. To make it more clear:
PMG should tag all incoming mails with sender domain "@domain.de" by adding "[EXTERNAL]" to the subject line as it is unusual that "internal" mails are passing the PMG. But it should not do the tagging if the email is coming from whitelisted external systems.
 
BTW: We use this for detection of email spoofing. To make it more clear:
PMG should tag all incoming mails with sender domain "@domain.de" by adding "[EXTERNAL]" to the subject line as it is unusual that "internal" mails are passing the PMG. But it should not do the tagging if the email is coming from whitelisted external systems.
What speaks against pushing this rule quite to the bottom (i.e. as last rule, before the default accept) - and having one with the whitelisted external systems as from and action accept, and one with a priority of one lower without a from object and action modify subject?

but I get that this is a different concept than what exchange offers...
 
What speaks against pushing this rule quite to the bottom (i.e. as last rule, before the default accept) - and having one with the whitelisted external systems as from and action accept, and one with a priority of one lower without a from object and action modify subject?

but I get that this is a different concept than what exchange offers...
You mean that a mail filter with action "accept" causes the lower priorities not to be executed?

BTW: The whitelist does not use "From" but hostnames within the "received" (by) headers, as the sender mail adress varies.
 
You mean that a mail filter with action "accept" causes the lower priorities not to be executed?
yes - the actions 'Accept', 'Block' and 'Quarantine' are final

BTW: The whitelist does not use "From" but hostnames within the "received" (by) headers, as the sender mail adress varies.
depending on your setup you could also use from-objects with IP addresses
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!