SPF failure Whitelist

Simpleroute

New Member
Jun 12, 2018
3
0
1
27
DomainHello all,

I do have a valid subscription key for PMG, but for some reason it seems like the only key I can plug into my account is a VE key.


I have an issue with a company sending email the most backwards way possible. Their helpdesk is rather special and they simply don't understand why they can't have an SPF detailed as they do and send email as they do. Their answer to me was to ultimately configure an IMAP connector on each of the users PC's and have them download mail that way.

I have done everything I can to try and whitelist them, but for some reason PMG will still deny it. The only thing I can think is that it processes the hardfail SPF before it processes the whitelist. Any assistance on how to make this email pass through without being filtered would be appreciated.


Example of a rejection from the tracking center.

Legend:
PMG.FQDN.TLD is a masked, but proper FQDN for the PMG instance
RECIP is a masked recipient email
pastebin. com/b9k57TFL

Current whitelist configuration
Regular Expression: .*medallia.*
IP Address: 66.104.218.100
Domain: bwipropemail.guardiandigital. com
Domain: express.medallia. com
Domain: medallia. com
 
Better add your logs in the forum, so all needed information is on one place - much easier to read and you will get faster an answer.

To your question:
Did you add this to the SMTP whitelist on "Configuration/Mail Proxy/Whitelist"?
 
i'm running into a similar problem, where the outgoing mailservers of our parent company has an SPF record (limiting the allowed senders to a select few), but has so-far problems with configuring their NAT, making their emails appear to come from another IP address.

whitelisting this IP address in "Configuration/Mail Proxy/Whitelist" works so far, but it seems that this bypasses all checks (not just greylisting, SPF, and RBL, as indicated in the manual; but also spamassassin!!!).
since the (whitelisted) IP address is a generic outgoing IP address for all NATted clients of the company, this is opening the PMG for all kind of potential spammers (infected spambot PCs in the company, most likely having our users emails stored in their local MUA).

so: is it possible to whitelist a host only for certain checks (e.g. SPF)?

obviously the real solution is to fix their NAT rules, but I don't know when this will happen.
 
the SMTP whitelist does not interact with spamassassin, so the rules check should work
 
oops indeed.
i somehow missed the headers showing me that a scan happened (spamassassin even gives some points for the failed SPF, which is just as good :))
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!