Postfix Configuration files and Proxmox white/black lists

[MiamiJack]

Hello All,

I have a few posts with issues related to whitelist and blacklist so today I decided to look at the postfix configuration which I'm familiar with.
I was able to find the mail proxy whitelist contents in sender access, however I can't find any of the who/what-> white/blacklist information anywhere within any files in the postfix directory.

While this may be the root of my issue, it may be that those who/what objects are not stored or exported to any postfix configuration files ( which for me doesn't make sense ).

Can someone point me in the right direction or confirm my belief ?

In addition, in my manual postfix servers, I put a senderaccess file in this format:
@abc.com OK
Mike@123.com OK
@badperson.com 550 And My own custom reject ( purpose of custom reject is to see which rule rejected in case of issue )
brasiltelecom.net.br 550 SPR-brasiltelecom.net.br

I see senderaccess is a regex, which I thought wasn't necessary unless your matching subdomains?
/^.+@thispersonok\.com$/ OK



Thanks

 

[hata_ph]

Are your PMG in production now? If not, i would suggest to reset all the filter rules to default.
Create a new test rules to quarantine all incoming @gmail.com. Let see does it work or not.

 

[MiamiJack]

It is active, I could possibly do that very quickly.
Can you answer my above question about the postfix files, because if PMG isn't generating the white/black lists to postfix, this may be where my issue is.

 

[hata_ph]

PMG's who/what object do not store in senderaccess, it is store under postgres DB.
You can use below command to check your object

pmgsh get /config/ruledb/who

 

[MiamiJack]

That

PMG's who/what object do not store in senderaccess, it is store under postgres DB.
You can use below command to check your object

pmgsh get /config/ruledb/who

That shows the rules, but not the objects.

 

[hata_ph]

Replace xx with your who ID.

pmgsh get /config/ruledb/who/xx/objects

 

[MiamiJack]

Replace xx with your who ID.

pmgsh get /config/ruledb/who/xx/objects

Sorry, not having luck

pmgsh get /config/ruledb/who/Blacklist/objects
400 Parameter verification failed.
ogroup: type check ('integer') failed - got 'Blacklist'
get config/ruledb/who/Blacklist/objects
root@mgw:~# pmgsh get /config/ruledb/who/Blacklist/
400 Parameter verification failed.
ogroup: type check ('integer') failed - got 'Blacklist'
get config/ruledb/who/Blacklist
root@mgw:~# pmgsh get /config/ruledb/who/Whitelist/objects
400 Parameter verification failed.
ogroup: type check ('integer') failed - got 'Whitelist'
get config/ruledb/who/Whitelist/objects
root@mgw:~# pmgsh get /config/ruledb/what/Images/objects
400 Parameter verification failed.
ogroup: type check ('integer') failed - got 'Images'
get config/ruledb/what/Images/objects
root@mgw:~# pmgsh get /config/ruledb/what/Images
400 Parameter verification failed.
ogroup: type check ('integer') failed - got 'Images'
get config/ruledb/what/Images

 

[hata_ph]

ID

 

[MiamiJack]

Sorry, never used that before, thank you.

It does show me come content.

Here is an example blacklist.

   {
      "cidr" : "23.90.0.0/18",
      "descr" : "23.90.0.0/18",
      "id" : 173,
      "ogroup" : 25,
      "otype" : 1004,
      "otype_text" : "IP Network",
      "receivertest" : 0
   }

So the data is there, but everything I try to match white/black doesn't seem to work.

 

[hata_ph]

Like I mentioned, disable all custom rules.
Create a new test rules to quarantine all incoming @gmail.com. Let see does it work or not.
Start from there and tackle the issue 1 by 1.

 

[MiamiJack]

Thanks for your patience.
I was able to get this rule to work, mail log shows -> rule: Blacklist-2

This was done by created blacklist-2-> Action Quarantine -> from -> Quar-Test which contained 1 domain ( just the domain name ).
Should I try replacing the main rules with my own version and see if that works?

 

[hata_ph]

You can create a second rules with higher/different priority to test.