Return-Path Not Checked

koby

Renowned Member
Jun 21, 2012
138
4
83
Natanya , Israel
Hello guys ,
I did add to my header check field the following :

"Filed : Return-Path"
"Value : test@test.com"

I test it with mail with this line in its header and I found that the system does not test this line

Any advice please.
PMG ver 7.1-7

Koby Peleg Hen
 
please share the logs and the headers of such a mail, as well as the relevant rules.
 
here is the mail header message

"
Received: from AM9PR05MB7649.eurprd05.prod.outlook.com (2603:10a6:20b:2c9::21)
by PAXPR05MB9662.eurprd05.prod.outlook.com with HTTPS; Sun, 6 Nov 2022
11:35:42 +0000
Received: from ZR2P278CA0031.CHEP278.PROD.OUTLOOK.COM (2603:10a6:910:47::12)
by AM9PR05MB7649.eurprd05.prod.outlook.com (2603:10a6:20b:2c9::21) with
Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5791.24; Sun, 6 Nov
2022 11:35:40 +0000
Received: from VI1EUR05FT029.eop-eur05.prod.protection.outlook.com
(2603:10a6:910:47:cafe::2c) by ZR2P278CA0031.outlook.office365.com
(2603:10a6:910:47::12) with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5746.28 via Frontend
Transport; Sun, 6 Nov 2022 11:35:40 +0000
Authentication-Results: spf=none (sender IP is 95.217.215.74)
smtp.mailfrom=test.com; dkim=none (message not signed)
header.d=none;dmarc=permerror action=none header.from=test.com;compauth=none
reason=405
Received-SPF: None (protection.outlook.com: test.com does not designate
permitted sender hosts)
Received: from smg-lab01.localdomain (95.217.215.74) by
VI1EUR05FT029.mail.protection.outlook.com (10.233.243.126) with Microsoft
SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
15.20.5791.20 via Frontend Transport; Sun, 6 Nov 2022 11:35:40 +0000
Received: from smg-lab01 (localhost [127.0.0.1])
by smg-lab01.localdomain (Proxmox) with ESMTP id B28553FB57
for <koby@mksoft.co.il>; Sun, 6 Nov 2022 13:35:39 +0200 (IST)
Received: from emkei.cz (emkei.cz [89.187.129.29])
by smg-lab01.localdomain (Proxmox) with ESMTPS
for <koby@mksoft.co.il>; Sun, 6 Nov 2022 13:35:34 +0200 (IST)
Received: by emkei.cz (Postfix, from userid 33)
id 3B6E8646BFF; Sun, 6 Nov 2022 12:35:33 +0100 (CET)
To: koby@mksoft.co.il
Subject: test 300
From: "test" <test@test.com>
Errors-To: test@test.com
Reply-To: test@test.com
Content-Type: text/plain; charset=utf-8
Message-Id: <20221106113533.3B6E8646BFF@emkei.cz>
Date: Sun, 6 Nov 2022 12:35:33 +0100 (CET)
X-SmgPro: Checked & Verified by SmgPro - Mksoft Systems
...
Return-Path: test@test.com
...
X-MS-Exchange-Organization-ExpirationStartTime: 06 Nov 2022 11:35:40.5261
(UTC)
X-MS-Exchange-Organization-ExpirationStartTimeReason: OriginalSubmit
X-MS-Exchange-Organization-ExpirationInterval: 1:00:00:00.0000000
X-MS-Exchange-Organization-ExpirationIntervalReason: OriginalSubmit
X-MS-Exchange-Organization-Network-Message-Id:
1f97225c-8439-4a5e-d4ef-08dabfeb0862
X-EOPAttributedMessage: 0
X-EOPTenantAttributedMessage: 0ce69c76-25e2-432f-998f-ad657ba0b7b3:0
X-MS-Exchange-Organization-MessageDirectionality: Incoming
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: VI1EUR05FT029:EE_|AM9PR05MB7649:EE_
X-MS-Exchange-Organization-AuthSource:
VI1EUR05FT029.eop-eur05.prod.protection.outlook.com
X-MS-Exchange-Organization-AuthAs: Anonymous
X-MS-Office365-Filtering-Correlation-Id: 1f97225c-8439-4a5e-d4ef-08dabfeb0862
X-MS-Exchange-Organization-SCL: -1
X-Microsoft-Antispam: BCL:0;
X-Forefront-Antispam-Report:
CIP:95.217.215.74;CTRY:FI;LANG:en;SCL:-1;SRV:;IPV:CAL;SFV:SKN;H:smg-lab01.localdomain;PTR:smg-lab01.mksoft.co.il;CAT:NONE;SFS:;DIR:INB;
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 06 Nov 2022 11:35:40.2136
(UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 1f97225c-8439-4a5e-d4ef-08dabfeb0862
X-MS-Exchange-CrossTenant-Id: 0ce69c76-25e2-432f-998f-ad657ba0b7b3
X-MS-Exchange-CrossTenant-AuthSource:
VI1EUR05FT029.eop-eur05.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: Internet
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM9PR05MB7649
X-MS-Exchange-Transport-EndToEndLatency: 00:00:02.1058571
X-MS-Exchange-Processed-By-BccFoldering: 15.20.5791.025
X-Microsoft-Antispam-Mailbox-Delivery:
ucf:0;jmr:0;auth:0;dest:I;ENG:(910001)(944506478)(944626604)(920097)(930097);
X-Microsoft-Antispam-Message-Info:
=?utf-8?B?bVk4Uk91VWtoUEdNV3dQZ1FHY09VekJhMENjYjRWcjJJZVRnTE9HL29lbGx5?=
......
"
Here is the rule

Screenshot 2022-11-07 at 13.03.00.png

Best regards ,
Koby Peleg Hen
 
Sorry - I misread the header - 'Return-Path' is usually not present when sending the mail and contains the Envelope-Sender

Try matching with a Who Object
 
With your permission ,
What I trying to achieve here is some confident that the sender is the sender.
My preferred is of course is a DKIM record , but not all mail header has this in there header , this is why I try to white sender base on "something" that some hacker will not wont to spent time to mess with
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!