SPF failure Whitelist

Discussion in 'Mail Gateway: Installation and configuration' started by Simpleroute, Jun 12, 2018.

  1. Simpleroute

    Simpleroute New Member

    Joined:
    Jun 12, 2018
    Messages:
    3
    Likes Received:
    0
    DomainHello all,

    I do have a valid subscription key for PMG, but for some reason it seems like the only key I can plug into my account is a VE key.


    I have an issue with a company sending email the most backwards way possible. Their helpdesk is rather special and they simply don't understand why they can't have an SPF detailed as they do and send email as they do. Their answer to me was to ultimately configure an IMAP connector on each of the users PC's and have them download mail that way.

    I have done everything I can to try and whitelist them, but for some reason PMG will still deny it. The only thing I can think is that it processes the hardfail SPF before it processes the whitelist. Any assistance on how to make this email pass through without being filtered would be appreciated.


    Example of a rejection from the tracking center.

    Legend:
    PMG.FQDN.TLD is a masked, but proper FQDN for the PMG instance
    RECIP is a masked recipient email
    pastebin. com/b9k57TFL

    Current whitelist configuration
    Regular Expression: .*medallia.*
    IP Address: 66.104.218.100
    Domain: bwipropemail.guardiandigital. com
    Domain: express.medallia. com
    Domain: medallia. com
     
  2. Simpleroute

    Simpleroute New Member

    Joined:
    Jun 12, 2018
    Messages:
    3
    Likes Received:
    0
    The spaces were added to the .com so I can post this as a new user
     
  3. Simpleroute

    Simpleroute New Member

    Joined:
    Jun 12, 2018
    Messages:
    3
    Likes Received:
    0
    Bump?

    Anyone?
     
  4. tom

    tom Proxmox Staff Member
    Staff Member

    Joined:
    Aug 29, 2006
    Messages:
    13,033
    Likes Received:
    333
    Better add your logs in the forum, so all needed information is on one place - much easier to read and you will get faster an answer.

    To your question:
    Did you add this to the SMTP whitelist on "Configuration/Mail Proxy/Whitelist"?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. IEM

    IEM Member

    Joined:
    Sep 4, 2018
    Messages:
    35
    Likes Received:
    4
    i'm running into a similar problem, where the outgoing mailservers of our parent company has an SPF record (limiting the allowed senders to a select few), but has so-far problems with configuring their NAT, making their emails appear to come from another IP address.

    whitelisting this IP address in "Configuration/Mail Proxy/Whitelist" works so far, but it seems that this bypasses all checks (not just greylisting, SPF, and RBL, as indicated in the manual; but also spamassassin!!!).
    since the (whitelisted) IP address is a generic outgoing IP address for all NATted clients of the company, this is opening the PMG for all kind of potential spammers (infected spambot PCs in the company, most likely having our users emails stored in their local MUA).

    so: is it possible to whitelist a host only for certain checks (e.g. SPF)?

    obviously the real solution is to fix their NAT rules, but I don't know when this will happen.
     
  6. tom

    tom Proxmox Staff Member
    Staff Member

    Joined:
    Aug 29, 2006
    Messages:
    13,033
    Likes Received:
    333
    the SMTP whitelist does not interact with spamassassin, so the rules check should work
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  7. IEM

    IEM Member

    Joined:
    Sep 4, 2018
    Messages:
    35
    Likes Received:
    4
    oops indeed.
    i somehow missed the headers showing me that a scan happened (spamassassin even gives some points for the failed SPF, which is just as good :))
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice