SRS

nocturne.op.15

New Member
Feb 16, 2021
3
2
3
125
Hello,
what is designed way to handle (whitelist) redirected emails with SRS? I did not found any related information (or I'm searching wrong terms)

I found I can put (re)sending server to whitelist at Configuration > Mail proxy > Whitelist, but that is not really good option for freemails. But I need to get some emails, redirected from some of my old freemail accounts.

When I use "whitelist" function of PMG, it adds original sender address, but obviously, all further emails running through SRS are blocked again.

Sample log:

Feb 15 19:17:21 proxmox postfix/smtpd[25758]: connect from mxe1.seznam.cz[77.75.78.34] Feb 15 19:17:23 proxmox postfix/smtpd[25758]: 3430840079: client=mxe1.seznam.cz[77.75.78.34] Feb 15 19:17:23 proxmox postfix/cleanup[25748]: 3430840079: resent-message-id=<1.1LNmFd.NewJWmMxMF.1WAeqw@seznam.cz> Feb 15 19:17:23 proxmox postfix/cleanup[25748]: 3430840079: message-id=988a3337491848c2936d5c4b3da945d2 Feb 15 19:17:24 proxmox postfix/qmgr[968]: 3430840079: from=<SRS0=dvwA=HR=info.aliexpress.com=notice@seznam.cz>, size=50280, nrcpt=1 (queue active) Feb 15 19:17:24 proxmox pmg-smtp-filter[25391]: 41217602ABAB47CF2C: new mail message-id=988a3337491848c2936d5c4b3da945d2#012 Feb 15 19:17:24 proxmox postfix/smtpd[25758]: disconnect from mxe1.seznam.cz[77.75.78.34] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5 Feb 15 19:17:27 proxmox pmg-smtp-filter[25391]: 41217602ABAB47CF2C: SA score=4/5 time=2.598 bayes=undefined autolearn=no autolearn_force=no hits=DKIM_SIGNED(0.1),DKIM_VALID(-0.1),FREEMAIL_FORGED_FROMDOMAIN(0.249),FREEMAIL_FROM(0.001),HEADER_FROM_DIFFERENT_DOMAINS(0.249),HOSTED_IMG_FREEM(3.418),HTML_FONT_LOW_CONTRAST(0.001),HTML_MESSAGE(0.001),KAM_SHORT(0.001),MIME_HTML_ONLY(0.1),RCVD_IN_DNSWL_NONE(-0.0001),RCVD_IN_MSPIKE_H2(-0.001),SPF_HELO_NONE(0.001),SPF_PASS(-0.001),UNPARSEABLE_RELAY(0.001),URIBL_BLOCKED(0.001) Feb 15 19:17:27 proxmox pmg-smtp-filter[25391]: 41217602ABAB47CF2C: moved mail for <target@receiver.domain> to spam quarantine - 4156F602ABAB737989 (rule: Quarantine/Mark Spam (Level 3)) Feb 15 19:17:27 proxmox pmg-smtp-filter[25391]: 41217602ABAB47CF2C: processing time: 2.777 seconds (2.598, 0.095, 0) Feb 15 19:17:27 proxmox postfix/lmtp[25749]: 3430840079: to=<target@receiver.domain>, relay=127.0.0.1[127.0.0.1]:10024, delay=5, delays=2.2/0/0/2.8, dsn=2.5.0, status=sent (250 2.5.0 OK (41217602ABAB47CF2C)) Feb 15 19:17:27 proxmox postfix/qmgr[968]: 3430840079: removed
 
Last edited:
simply whitelisting the server which does the SRS (seznam.cz) does not work?
 
It does, but it is not a good idea a tthis case - "seznam.cz" is public freemail service. I did this same workaround for our webshop, which also uses SRS - but would like to avoid this in case of seznam.cz
 
"seznam.cz" is public freemail service.
ahh - sorry did not catch that ...

Maybe try adding the entry as regex in a From Who object:
Code:
.*SRS0=.{4}=.{2}=.*=.*@seznam.cz

without trying it - that should catch all first level SRS rewrites coming from @seznam.cz...

(this has to be done in the rules system as opposed to the user blocklists)

I hope this helps!

else - checkout the getting started guide for PMG - seems your DNS server is over quota at uribl:
URIBL_BLOCKED(0.001)

https://pmg.proxmox.com/wiki/index.php/Getting_started_with_Proxmox_Mail_Gateway
 
Cool, that solved my SRS problem without affecting security! Thank you for your help. And thanks for pointing URIBL issue.

Regarding SRS - it would be great if this could be addressed by some simplier GUI settings
 
Regarding SRS - it would be great if this could be addressed by some simplier GUI settings
TBH I'm not sure if this is a too common thing - as far as I can tell it never gained too wide traction (quite many services offering mail-forwarding still simply keep the original envelope address) - and if it is easily addressable with a regular expression I think that's a valid solution.

If you like you can open an enhancement request over at https://bugzilla.proxmox.com describing what you would like to see
- that way other who wish for that can write so there - if there's enough interest we could then consider it for implementation.
(however currently I'd not consider this a high priority on our TODO list)

Thanks