User blacklist is automatically filled

J

jo.chen

New Member
Proxmox Subscriber
Dec 4, 2023
13
0
1
Hello everyone,
I have the feeling that I'm missing something obvious here. We use PMG in the company and the user blacklist of some users is very well filled (several hundred entries), although they say they have never added an address to the blacklist. And I can confirm that they didn't even know how to do it.

I learnt from one user that he marks the spam mails that make it into the mailbox as junk by right-clicking in Outlook. But I doub't that this has any effect on the PMG blacklist.

Is there an automatic process for filling the user blacklists? I couldn't find anything like this in the processing rules nor in the documentation.

Kind regards,
Jochen
 
The spamreport contains links that automatically add mails to the white/blacklists - maybe your users clicked there?
 
Hi Stoiko,
Thanks for your post. Do you mean the "Whitelist" and "Blacklist" at the right side of the spam report? I doubt it, because at least one of the users didn't even look the reports, because they were treated as junk from Outlook and were automatically moved to the Junk-Folder. At least from what this user told me, he didn't know the reports at all.

Best regards,
jo.chen
 
Hi,
same problem here: hundreds of user blacklists are filled.
Users do not receive any reports (and are not aware of PMG filtering).
Regards.
 
Some E-mail scanning solutions do click on links inside e-mails (to see if they're dangerous) - maybe something like that happens for your users?
 
I wouldn't know of a scanning solution like this. We're only using Outlook on the workstations.
How could such a solution trigger a blacklist entry on the mail gateway, anyway?
 
jo.chen said:
How could such a solution trigger a blacklist entry on the mail gateway, anyway?
Click to expand...
because the spamreport sent to the users has links to directly blacklist/whitelist/accept/delete the mails in quarantine....
 
  • Like
Reactions: jo.chen
We can reproduce the "problem" with selecting several spams and click blacklist in the Administration / Spam Quarantine.
In the postgresql table userprefs, i can see that for rows with the column name=BL, the mtime is the same,
so it confirms we may have done this...
 
You must log in or register to reply here.
Top Bottom