SRS

nocturne.op.15

New Member
Feb 16, 2021
3
2
3
124
Hello,
what is designed way to handle (whitelist) redirected emails with SRS? I did not found any related information (or I'm searching wrong terms)

I found I can put (re)sending server to whitelist at Configuration > Mail proxy > Whitelist, but that is not really good option for freemails. But I need to get some emails, redirected from some of my old freemail accounts.

When I use "whitelist" function of PMG, it adds original sender address, but obviously, all further emails running through SRS are blocked again.

Sample log:

Feb 15 19:17:21 proxmox postfix/smtpd[25758]: connect from mxe1.seznam.cz[77.75.78.34] Feb 15 19:17:23 proxmox postfix/smtpd[25758]: 3430840079: client=mxe1.seznam.cz[77.75.78.34] Feb 15 19:17:23 proxmox postfix/cleanup[25748]: 3430840079: resent-message-id=<1.1LNmFd.NewJWmMxMF.1WAeqw@seznam.cz> Feb 15 19:17:23 proxmox postfix/cleanup[25748]: 3430840079: message-id=988a3337491848c2936d5c4b3da945d2 Feb 15 19:17:24 proxmox postfix/qmgr[968]: 3430840079: from=<SRS0=dvwA=HR=info.aliexpress.com=notice@seznam.cz>, size=50280, nrcpt=1 (queue active) Feb 15 19:17:24 proxmox pmg-smtp-filter[25391]: 41217602ABAB47CF2C: new mail message-id=988a3337491848c2936d5c4b3da945d2#012 Feb 15 19:17:24 proxmox postfix/smtpd[25758]: disconnect from mxe1.seznam.cz[77.75.78.34] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5 Feb 15 19:17:27 proxmox pmg-smtp-filter[25391]: 41217602ABAB47CF2C: SA score=4/5 time=2.598 bayes=undefined autolearn=no autolearn_force=no hits=DKIM_SIGNED(0.1),DKIM_VALID(-0.1),FREEMAIL_FORGED_FROMDOMAIN(0.249),FREEMAIL_FROM(0.001),HEADER_FROM_DIFFERENT_DOMAINS(0.249),HOSTED_IMG_FREEM(3.418),HTML_FONT_LOW_CONTRAST(0.001),HTML_MESSAGE(0.001),KAM_SHORT(0.001),MIME_HTML_ONLY(0.1),RCVD_IN_DNSWL_NONE(-0.0001),RCVD_IN_MSPIKE_H2(-0.001),SPF_HELO_NONE(0.001),SPF_PASS(-0.001),UNPARSEABLE_RELAY(0.001),URIBL_BLOCKED(0.001) Feb 15 19:17:27 proxmox pmg-smtp-filter[25391]: 41217602ABAB47CF2C: moved mail for <target@receiver.domain> to spam quarantine - 4156F602ABAB737989 (rule: Quarantine/Mark Spam (Level 3)) Feb 15 19:17:27 proxmox pmg-smtp-filter[25391]: 41217602ABAB47CF2C: processing time: 2.777 seconds (2.598, 0.095, 0) Feb 15 19:17:27 proxmox postfix/lmtp[25749]: 3430840079: to=<target@receiver.domain>, relay=127.0.0.1[127.0.0.1]:10024, delay=5, delays=2.2/0/0/2.8, dsn=2.5.0, status=sent (250 2.5.0 OK (41217602ABAB47CF2C)) Feb 15 19:17:27 proxmox postfix/qmgr[968]: 3430840079: removed
 
Last edited:
simply whitelisting the server which does the SRS (seznam.cz) does not work?
 
It does, but it is not a good idea a tthis case - "seznam.cz" is public freemail service. I did this same workaround for our webshop, which also uses SRS - but would like to avoid this in case of seznam.cz
 
"seznam.cz" is public freemail service.
ahh - sorry did not catch that ...

Maybe try adding the entry as regex in a From Who object:
Code:
.*SRS0=.{4}=.{2}=.*=.*@seznam.cz

without trying it - that should catch all first level SRS rewrites coming from @seznam.cz...

(this has to be done in the rules system as opposed to the user blocklists)

I hope this helps!

else - checkout the getting started guide for PMG - seems your DNS server is over quota at uribl:
URIBL_BLOCKED(0.001)

https://pmg.proxmox.com/wiki/index.php/Getting_started_with_Proxmox_Mail_Gateway
 
Cool, that solved my SRS problem without affecting security! Thank you for your help. And thanks for pointing URIBL issue.

Regarding SRS - it would be great if this could be addressed by some simplier GUI settings
 
Regarding SRS - it would be great if this could be addressed by some simplier GUI settings
TBH I'm not sure if this is a too common thing - as far as I can tell it never gained too wide traction (quite many services offering mail-forwarding still simply keep the original envelope address) - and if it is easily addressable with a regular expression I think that's a valid solution.

If you like you can open an enhancement request over at https://bugzilla.proxmox.com describing what you would like to see
- that way other who wish for that can write so there - if there's enough interest we could then consider it for implementation.
(however currently I'd not consider this a high priority on our TODO list)

Thanks
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!