Where is directory -> Configuration -> Mail Proxy -> Whitelist

H.c.K · Jan 9, 2020

Hi, I will add yahoo and google out ip addresses to whitelist. But I could not find the file on the server. Since there are many ips, I will add a manual. Where can I edit this file?

mira · Jan 9, 2020

The whitelist entries are kept in a database. If you want to add new ones I'd recommend to use either the GUI (can be cumbersome) or the API together with pmgsh. (https://pmg.proxmox.com/pmg-docs/api-viewer/index.html)

H.c.K · Jan 9, 2020

mira said:
The whitelist entries are kept in a database. If you want to add new ones I'd recommend to use either the GUI (can be cumbersome) or the API together with pmgsh. (https://pmg.proxmox.com/pmg-docs/api-viewer/index.html)

I don't know any api. I thought it would be in a file like a list of transports. This is really sad

Is there any way ..

H.c.K · Jan 10, 2020

@mira i add to pmgsh create /config/whitelist/network --cidr 216.39.62.60/31 in ssh. But record only sender. How to receiver add record?

mira · Jan 10, 2020

For adding receiver entries, use either 'receiver', 'receiver_domain' or 'receiver_regex'. The ones not prefixed by 'receiver' are all senders.

H.c.K · Jan 10, 2020

mira said:
For adding receiver entries, use either 'receiver', 'receiver_domain' or 'receiver_regex'. The ones not prefixed by 'receiver' are all senders.

How can i do @mira. I try but failed.

root@pmg3:/etc# pmgsh create /config/whitelist/network --cidr receiver 216.39.62.60/31
400 too many arguments
create config/whitelist/network --cidr <string> [OPTIONS]
root@pmg3:/etc# pmgsh create /config/whitelist/network --cidr 216.39.62.60/31 receiver
400 too many arguments
create config/whitelist/network --cidr <string> [OPTIONS]
root@pmg3:/etc# pmgsh create /config/whitelist/network --cidr 216.39.62.60/31 --receiver
Unknown option: receiver
400 unable to parse option
create config/whitelist/network --cidr <string> [OPTIONS]
root@pmg3:/etc# pmgsh create /config/whitelist/network --cidr --receiver 216.39.62.60/31
400 too many arguments
create config/whitelist/network --cidr <string> [OPTIONS]
root@pmg3:/etc# pmgsh create /config/whitelist/network --cidr 216.39.62.60/31 [receiver]
400 too many arguments
create config/whitelist/network --cidr <string> [OPTIONS]
root@pmg3:/etc# pmgsh ls /
Dr--- access
Dr--- config
Dr--- nodes
Dr--- quarantine
Dr--- statistics
-r--- version
root@pmg3:/etc# pmgsh create /config/whitelist/network --cidr 216.39.62.60/31 -receiver
Unknown option: receiver
400 unable to parse option
create config/whitelist/network --cidr <string> [OPTIONS]
root@pmg3:/etc# pmgsh create /config/whitelist/network --cidr 216.39.62.60/31 --receiver
Unknown option: receiver
400 unable to parse option
create config/whitelist/network --cidr <string> [OPTIONS]

mira · Jan 10, 2020

Sorry if my last post wasn't clear. You have to change the 'network' part to whatever you want to add. (e.g. pmgsh create /config/whitelist/receiver [...])

H.c.K · Jan 10, 2020

mira said:
Sorry if my last post wasn't clear. You have to change the 'network' part to whatever you want to add. (e.g. pmgsh create /config/whitelist/receiver [...])

Hi @mira no problem.
i again try but again failed :/

Code:

root@pmg3:/etc# pmgsh create /config/whitelist/network/receiver --cidr 216.39.62.60/31
no 'create' handler for 'config/whitelist/network/receiver'
root@pmg3:/etc# pmgsh create /config/whitelist/receiver --cidr 216.39.62.60/31
Unknown option: cidr
400 unable to parse option
create config/whitelist/receiver --email <string> [OPTIONS]
root@pmg3:/etc# pmgsh create /config/whitelist/receiver --network 216.39.62.60/31
Unknown option: network
400 unable to parse option
create config/whitelist/receiver --email <string> [OPTIONS]
root@pmg3:/etc# pmgsh create /config/whitelist/receiver 216.39.62.60/31
400 too many arguments
create config/whitelist/receiver --email <string> [OPTIONS]
root@pmg3:/etc# pmgsh create /config/whitelist/receiver --email 216.39.62.60/31
400 Parameter verification failed.
email: invalid format - value does not look like a valid email address

create config/whitelist/receiver --email <string> [OPTIONS]
root@pmg3:/etc# pmgsh create /config/whitelist/receiver --ip 216.39.62.60/31
Unknown option: ip
400 unable to parse option
create config/whitelist/receiver --email <string> [OPTIONS]
root@pmg3:/etc# pmgsh create /config/whitelist/receiver --network 216.39.62.60/31
Unknown option: network
400 unable to parse option
create config/whitelist/receiver --email <string> [OPTIONS]
root@pmg3:/etc# pmgsh create /config/whitelist/receiver --cidr 216.39.62.60/31
Unknown option: cidr
400 unable to parse option
create config/whitelist/receiver --email <string> [OPTIONS]
root@pmg3:/etc#

H.c.K · Jan 17, 2020

Is there someone who can help how do I add the outgoing side?

chotaire · Jan 19, 2020

Receiver is either an e-mail, a domain, or a regexp. Why would you want to add a remote IP?
Google is a SENDER.

See https://wiki.chotaire.net/pfsense-unblock-incoming-gmail how to obtain the current list of Google mailservers.

chotaire · Jan 19, 2020

Because I'm such a nice guy. Google:

Code:

pmgsh create /config/whitelist/network --cidr 35.190.247.0/24
pmgsh create /config/whitelist/network --cidr 64.233.160.0/19
pmgsh create /config/whitelist/network --cidr 66.102.0.0/20
pmgsh create /config/whitelist/network --cidr 66.249.80.0/20
pmgsh create /config/whitelist/network --cidr 72.14.192.0/18
pmgsh create /config/whitelist/network --cidr 74.125.0.0/16
pmgsh create /config/whitelist/network --cidr 108.177.8.0/21
pmgsh create /config/whitelist/network --cidr 173.194.0.0/16
pmgsh create /config/whitelist/network --cidr 209.85.128.0/17
pmgsh create /config/whitelist/network --cidr 216.58.192.0/19
pmgsh create /config/whitelist/network --cidr 216.239.32.0/19
pmgsh create /config/whitelist/network --cidr 172.217.0.0/19
pmgsh create /config/whitelist/network --cidr 172.217.32.0/20
pmgsh create /config/whitelist/network --cidr 172.217.128.0/19
pmgsh create /config/whitelist/network --cidr 172.217.160.0/20
pmgsh create /config/whitelist/network --cidr 172.217.192.0/19
pmgsh create /config/whitelist/network --cidr 172.253.56.0/21
pmgsh create /config/whitelist/network --cidr 172.253.112.0/20
pmgsh create /config/whitelist/network --cidr 108.177.96.0/19
pmgsh create /config/whitelist/network --cidr 35.191.0.0/16
pmgsh create /config/whitelist/network --cidr 130.211.0.0/22
pmgsh create /config/whitelist/network --cidr 2001:4860:4000::/36
pmgsh create /config/whitelist/network --cidr 2404:6800:4000::/36
pmgsh create /config/whitelist/network --cidr 2607:f8b0:4000::/36
pmgsh create /config/whitelist/network --cidr 2800:3f0:4000::/36
pmgsh create /config/whitelist/network --cidr 2a00:1450:4000::/36
pmgsh create /config/whitelist/network --cidr 2c0f:fb50:4000::/36

H.c.K · Jan 20, 2020

chotaire said:
Receiver is either an e-mail, a domain, or a regexp. Why would you want to add a remote IP?
Google is a SENDER.

See https://wiki.chotaire.net/pfsense-unblock-incoming-gmail how to obtain the current list of Google mailservers.

You are a good person.
I have no problem with incoming e-mail. I also use pmg on the outgoing side. Does it send mail when I send an e-mail to an IP address that is on the RBL list?
Is the mail I sent is delivered even if the other party's ip address is in the rbl list? I'm asking because I don't know. I use google translate ^^

chotaire · Jan 20, 2020

To my understanding RBL is only used for the sender, not the receiver.

H.c.K · Jan 20, 2020

chotaire said:
To my understanding RBL is only used for the sender, not the receiver.

If so, I will not have to add the outgoing side. If someone from the Proxmox team approves this, I will be very pleased.

chotaire · Jan 20, 2020

Btw, Yahoo is so "smart" they use PTR records for SPF.

Code:

# dig txt _spf.mail.yahoo.com | grep spf
_spf.mail.yahoo.com.    1345    IN      TXT     "v=spf1 ptr:yahoo.com ptr:yahoo.net ?all"

That is absolutely ridiculous as anyone could create a PTR record for yahoo.com. You cannot whitelist Yahoo this way.

chotaire · Jan 20, 2020

H.c.K said:
If so, I will not have to add the outgoing side. If someone from the Proxmox team approves this, I will be very pleased.

Getting a proxmox subscription will give you the benefit of not having to rely on community support

H.c.K · Jan 20, 2020

chotaire said:
Btw, Yahoo is so "smart" they use PTR records for SPF.

Code:

# dig txt _spf.mail.yahoo.com | grep spf _spf.mail.yahoo.com. 1345 IN TXT "v=spf1 ptr:yahoo.com ptr:yahoo.net ?all"

That is absolutely ridiculous as anyone could create a PTR record for yahoo.com. You cannot whitelist Yahoo this way.

If we do not add a white list, this time we cannot receive mail from yahoo.com. we have to add.

chotaire · Jan 20, 2020

Welcome all the spam then.

H.c.K · Jan 20, 2020

chotaire said:
Welcome all the spam then.

View attachment 14278

yes you are wellcome

BiteMyElbow · Aug 13, 2024

Is it possible to DELETE networks from /config/whitelist/network with pmgsh?

Where is directory -> Configuration -> Mail Proxy -> Whitelist

Active Member

Proxmox Staff Member

Active Member

Active Member

Proxmox Staff Member

Active Member

Proxmox Staff Member

Active Member

Active Member

Well-Known Member

Well-Known Member

Active Member

Well-Known Member

Active Member

Well-Known Member

Well-Known Member

Active Member

Well-Known Member

Active Member

Member