Hi,
I am trying to blocking the following email:
1) tried to block it with "Match Field"; Value: X-Mailer=RM Mailer in the What Objects as "Block RM Mails".
2) put domains rm0005.net and rdgmedia.net in the Blacklist.
I have Blacklist on priority 98 to Block and "Block RM Mails" on priority 83. It is still coming through. I am tempting to just block the whole IP 193.34.0.0 network. However, I am curious to figure out why the domains and the Match Field didn't work. Thank you for any pointers.
I am on proxmox-mailgateway: 5.2-1 (API: 5.2-7/9943bd5d, running kernel: 4.15.18-20-pve).
Jacky
Delivered-To: receiver@domain1.edu
Return-Path: errors-receiver1=domain1.edu@mail-202-169.rm0005.net
Received-SPF: pass (mail-202-169.rm0005.net: 193.34.202.169 is authorized to use 'errors-receiver1=domain1.edu@mail-202-169.rm0005.net' in 'mfrom' identity (mechanism 'a' matched)) receiver=pmxmailer1.domain1.edu; identity=mailfrom; envelope-from="errors-receiver1=domain1.edu@mail-202-169.rm0005.net"; helo=mail-202-169.rm0005.net; client-ip=193.34.202.169Authentication-Results: pmxmailer1.domain1.edu; dmarc=none (p=none dis=none) header.from=rdgmedia.net
Authentication-Results: pmxmailer1.domain1.edu;
dkim=pass (1024-bit key; unprotected) header.d=mail-202-169.rm0005.net header.i=@mail-202-169.rm0005.net header.b="y4Euvg2B";
dkim-atps=neutral
Received: from mail-202-169.rm0005.net (mail-202-169.rm0005.net [193.34.202.169])
by pmxmailer1.domain1.edu (HEPG) with ESMTPS id C4903200EC
for <receiver@domain1.edu>; Tue, 12 Nov 2019 06:11:19 -1000 (HST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=k1; d=mail-202-169.rm0005.net;
h=From:To:Reply-To:Subject:Message-ID:List-Unsubscribe:List-Unsubscribe-Post:
MIME-Version:Content-Type:Content-Transfer-Encoding
ate;
bh=N37w8dY9PRvwXij3cPmM0L7fpc1KnvLuITJM7YxDhkg=;
b=y4Euvg2BpEy7hfN5+5nkS3dEL0z8buBzT2vJSuTorev15ELkapnlTJCWJ2y697ClAu/HFBiA9/Hk
5617/QNoI44d5lkYPv3q7Qvn3I/J3P0KR26zfmroyYTg1nxN1iVqPwYBgUfrsC8sSo2mgIJ9vwf/
37G1qyvPdSH+rEMbGrM=
From: "IMS Auctions" <reply@rdgmedia.net>
To: "receiver@domain1.edu" <receiver@domain1.edu>
Reply-To: <reply@rdgmedia.net>
Subject: Three Manufacturing Equipment Auctions for Simonds Exide and StanCo
X-BPS1: 7317616
Feedback-ID: 2379234:eab33cfcfd8746a99838e2ee45f093a0:marketing:reachmail
X-BPS2: 319
Message-ID: <7622eab3-0742-4f4c-a91c-49b541bc2f8d@mail-202-169.rm0005.net>
List-Unsubscribe: <https://go.reachmail.net/subscription/direct/M5LX3qmlJqQxkVrsTedotA2/>, <mailto:leave-7317616-319-2479@mail-202-169.rm0005.net>
List-Unsubscribe-Post: List-Unsubscribe=One-Click
X-Mailer: RM Mailer (v5.4.1029.0)
MIME-Version: 1.0
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Date: Tue, 12 Nov 2019 10:11:20 -0600
X-SPAM-LEVEL: Spam detection results: 3
AWL 1.532 Adjusted score from AWL reputation of From: address
BAYES_00 -1.9 Bayes spam probability is 0 to 1%
DCC_CHECK 1.1 Detected as bulk mail by DCC (dcc-servers.net)
DCC_REPUT_95_98 1 DCC reputation between 95 and 98 % (mostly spam)
DKIM_SIGNED 0.1 Message has a DKIM or DK signature, not necessarily valid
DKIM_VALID -0.1 Message has at least one valid DKIM or DK signature
HEADER_FROM_DIFFERENT_DOMAINS 0.25 From and EnvelopeFrom 2nd level mail domains are different
HTML_FONT_LOW_CONTRAST 0.001 HTML font color similar or identical to background
HTML_MESSAGE 0.001 HTML included in message
JMQ_SPF_NEUTRAL 0.5 SPF set to ?all
KAM_SWIPE2 0.5 SwipeBid Spam / Penny Auction Spams
MIME_HTML_ONLY 0.1 Message only has text/html MIME parts
SPF_HELO_PASS -0.001 SPF: HELO matches SPF record
SPF_PASS -0.001 SPF: sender matches SPF record
I am trying to blocking the following email:
1) tried to block it with "Match Field"; Value: X-Mailer=RM Mailer in the What Objects as "Block RM Mails".
2) put domains rm0005.net and rdgmedia.net in the Blacklist.
I have Blacklist on priority 98 to Block and "Block RM Mails" on priority 83. It is still coming through. I am tempting to just block the whole IP 193.34.0.0 network. However, I am curious to figure out why the domains and the Match Field didn't work. Thank you for any pointers.
I am on proxmox-mailgateway: 5.2-1 (API: 5.2-7/9943bd5d, running kernel: 4.15.18-20-pve).
Jacky
Delivered-To: receiver@domain1.edu
Return-Path: errors-receiver1=domain1.edu@mail-202-169.rm0005.net
Received-SPF: pass (mail-202-169.rm0005.net: 193.34.202.169 is authorized to use 'errors-receiver1=domain1.edu@mail-202-169.rm0005.net' in 'mfrom' identity (mechanism 'a' matched)) receiver=pmxmailer1.domain1.edu; identity=mailfrom; envelope-from="errors-receiver1=domain1.edu@mail-202-169.rm0005.net"; helo=mail-202-169.rm0005.net; client-ip=193.34.202.169Authentication-Results: pmxmailer1.domain1.edu; dmarc=none (p=none dis=none) header.from=rdgmedia.net
Authentication-Results: pmxmailer1.domain1.edu;
dkim=pass (1024-bit key; unprotected) header.d=mail-202-169.rm0005.net header.i=@mail-202-169.rm0005.net header.b="y4Euvg2B";
dkim-atps=neutral
Received: from mail-202-169.rm0005.net (mail-202-169.rm0005.net [193.34.202.169])
by pmxmailer1.domain1.edu (HEPG) with ESMTPS id C4903200EC
for <receiver@domain1.edu>; Tue, 12 Nov 2019 06:11:19 -1000 (HST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=k1; d=mail-202-169.rm0005.net;
h=From:To:Reply-To:Subject:Message-ID:List-Unsubscribe:List-Unsubscribe-Post:
MIME-Version:Content-Type:Content-Transfer-Encoding
ate;bh=N37w8dY9PRvwXij3cPmM0L7fpc1KnvLuITJM7YxDhkg=;
b=y4Euvg2BpEy7hfN5+5nkS3dEL0z8buBzT2vJSuTorev15ELkapnlTJCWJ2y697ClAu/HFBiA9/Hk
5617/QNoI44d5lkYPv3q7Qvn3I/J3P0KR26zfmroyYTg1nxN1iVqPwYBgUfrsC8sSo2mgIJ9vwf/
37G1qyvPdSH+rEMbGrM=
From: "IMS Auctions" <reply@rdgmedia.net>
To: "receiver@domain1.edu" <receiver@domain1.edu>
Reply-To: <reply@rdgmedia.net>
Subject: Three Manufacturing Equipment Auctions for Simonds Exide and StanCo
X-BPS1: 7317616
Feedback-ID: 2379234:eab33cfcfd8746a99838e2ee45f093a0:marketing:reachmail
X-BPS2: 319
Message-ID: <7622eab3-0742-4f4c-a91c-49b541bc2f8d@mail-202-169.rm0005.net>
List-Unsubscribe: <https://go.reachmail.net/subscription/direct/M5LX3qmlJqQxkVrsTedotA2/>, <mailto:leave-7317616-319-2479@mail-202-169.rm0005.net>
List-Unsubscribe-Post: List-Unsubscribe=One-Click
X-Mailer: RM Mailer (v5.4.1029.0)
MIME-Version: 1.0
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Date: Tue, 12 Nov 2019 10:11:20 -0600
X-SPAM-LEVEL: Spam detection results: 3
AWL 1.532 Adjusted score from AWL reputation of From: address
BAYES_00 -1.9 Bayes spam probability is 0 to 1%
DCC_CHECK 1.1 Detected as bulk mail by DCC (dcc-servers.net)
DCC_REPUT_95_98 1 DCC reputation between 95 and 98 % (mostly spam)
DKIM_SIGNED 0.1 Message has a DKIM or DK signature, not necessarily valid
DKIM_VALID -0.1 Message has at least one valid DKIM or DK signature
HEADER_FROM_DIFFERENT_DOMAINS 0.25 From and EnvelopeFrom 2nd level mail domains are different
HTML_FONT_LOW_CONTRAST 0.001 HTML font color similar or identical to background
HTML_MESSAGE 0.001 HTML included in message
JMQ_SPF_NEUTRAL 0.5 SPF set to ?all
KAM_SWIPE2 0.5 SwipeBid Spam / Penny Auction Spams
MIME_HTML_ONLY 0.1 Message only has text/html MIME parts
SPF_HELO_PASS -0.001 SPF: HELO matches SPF record
SPF_PASS -0.001 SPF: sender matches SPF record
