[SOLVED] Trying to block sender

Jacky Li

Jan 15, 2019

I am trying to blocking the following email:

1) tried to block it with "Match Field"; Value: X-Mailer=RM Mailer in the What Objects as "Block RM Mails".
2) put domains rm0005.net and rdgmedia.net in the Blacklist.

I have Blacklist on priority 98 to Block and "Block RM Mails" on priority 83. It is still coming through. I am tempting to just block the whole IP network. However, I am curious to figure out why the domains and the Match Field didn't work. Thank you for any pointers.

I am on proxmox-mailgateway: 5.2-1 (API: 5.2-7/9943bd5d, running kernel: 4.15.18-20-pve).


Delivered-To: receiver@domain1.edu
Return-Path: errors-receiver1=domain1.edu@mail-202-169.rm0005.net
Received-SPF: pass (mail-202-169.rm0005.net: is authorized to use 'errors-receiver1=domain1.edu@mail-202-169.rm0005.net' in 'mfrom' identity (mechanism 'a' matched)) receiver=pmxmailer1.domain1.edu; identity=mailfrom; envelope-from="errors-receiver1=domain1.edu@mail-202-169.rm0005.net"; helo=mail-202-169.rm0005.net; client-ip= pmxmailer1.domain1.edu; dmarc=none (p=none dis=none) header.from=rdgmedia.net
Authentication-Results: pmxmailer1.domain1.edu;
dkim=pass (1024-bit key; unprotected) header.d=mail-202-169.rm0005.net header.i=@mail-202-169.rm0005.net header.b="y4Euvg2B";
Received: from mail-202-169.rm0005.net (mail-202-169.rm0005.net [])
by pmxmailer1.domain1.edu (HEPG) with ESMTPS id C4903200EC
for <receiver@domain1.edu>; Tue, 12 Nov 2019 06:11:19 -1000 (HST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=k1; d=mail-202-169.rm0005.net;
From: "IMS Auctions" <reply@rdgmedia.net>
To: "receiver@domain1.edu" <receiver@domain1.edu>
Reply-To: <reply@rdgmedia.net>
Subject: Three Manufacturing Equipment Auctions for Simonds Exide and StanCo
X-BPS1: 7317616
Feedback-ID: 2379234:eab33cfcfd8746a99838e2ee45f093a0:marketing:reachmail
X-BPS2: 319
Message-ID: <7622eab3-0742-4f4c-a91c-49b541bc2f8d@mail-202-169.rm0005.net>
List-Unsubscribe: <https://go.reachmail.net/subscription/direct/M5LX3qmlJqQxkVrsTedotA2/>, <mailto:leave-7317616-319-2479@mail-202-169.rm0005.net>
List-Unsubscribe-Post: List-Unsubscribe=One-Click
X-Mailer: RM Mailer (v5.4.1029.0)
MIME-Version: 1.0
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Date: Tue, 12 Nov 2019 10:11:20 -0600
X-SPAM-LEVEL: Spam detection results: 3
AWL 1.532 Adjusted score from AWL reputation of From: address
BAYES_00 -1.9 Bayes spam probability is 0 to 1%
DCC_CHECK 1.1 Detected as bulk mail by DCC (dcc-servers.net)
DCC_REPUT_95_98 1 DCC reputation between 95 and 98 % (mostly spam)
DKIM_SIGNED 0.1 Message has a DKIM or DK signature, not necessarily valid
DKIM_VALID -0.1 Message has at least one valid DKIM or DK signature
HEADER_FROM_DIFFERENT_DOMAINS 0.25 From and EnvelopeFrom 2nd level mail domains are different
HTML_FONT_LOW_CONTRAST 0.001 HTML font color similar or identical to background
HTML_MESSAGE 0.001 HTML included in message
JMQ_SPF_NEUTRAL 0.5 SPF set to ?all
KAM_SWIPE2 0.5 SwipeBid Spam / Penny Auction Spams
MIME_HTML_ONLY 0.1 Message only has text/html MIME parts
SPF_HELO_PASS -0.001 SPF: HELO matches SPF record
SPF_PASS -0.001 SPF: sender matches SPF record
afair the match field regex is anchored, so if you do not want an exact match you have to put a '.*' before and after that string
afair the match field regex is anchored, so if you do not want an exact match you have to put a '.*' before and after that string

Thank you for the help. I assume the match field is on a field in the email header. I did the test and run successful with space/character in front and/or behind RM Mailer. So I think the PMG code is smart enough to know it is a regex expression. But I put in your suggestion anyway and see.
Sorry..my bad. I checked the log and see that the "Block RM Mails" works. It moves the emails to quarantine. I was looking at the spamassassin score in the Quarantine area. Thank you all for the help.


The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!