Whitelist and Blacklists not working as expected

dthompson

Well-Known Member
Nov 23, 2011
146
15
58
Canada
www.digitaltransitions.ca
I have an issue where emails that are coming in have been added to either a whitelist or blacklist but still the emails get by,

For instance, one of my clients have an email from domain: abcdef.com and they have added the emails to the whitelist after it was caught as spam. They then have back and forth conversations and then the 12th one gets flagged as spam and locked away until they get the mail notifications the following morning.

The domain abcdef.com is hosted on google's mail servers, but that shouldn't matter. If they have added that domain to their own whitelist of blacklist should that not super seed any other rules and pass through the email to the end user(s)?

This seems counterintuitive. If I add an email my own white or black lists then any emails from those email addresses or domains I've deemed as being OK or bad should be blocked for my own domains or email addresses residing on my PMG servers.

The fact that they are not is worrisome and frustrating for my end users who are expecting the emails and domains they added to come through are not getting them.

However it could be on my end that the problem resides:

One of the rules I have in place are:


Name Priority Direction Enabled
=======================================================================
Blacklist 98 <--IN YES
Block Viruses 96 <--IN YES
Virus Alert 96 --> OUT YES
Block Dangerous Files 93 <--IN YES
Modify Header 90 <--IN YES
Whitelist 85 <--IN YES
Quarantine/Mark Spam (Level3) 80 <--IN YES


>> So the blacklist has the top priority however it seems some of those emails are still getting though. The whitelist has a much lower priority. Should that be moved to a higher number above and or equal to the Blacklist number in this case?

I'm a little lost here and would like to get a better handle on this solution.
Thank you!!
 
For a full analysis you need to inspect your rules in detail.

One common configuration issue is a wrong SMTP port configuration (so the incoming rules does only trigger on the configured incoming SMTP port).
 
For a full analysis you need to inspect your rules in detail.

One common configuration issue is a wrong SMTP port configuration (so the incoming rules does only trigger on the configured incoming SMTP port).

Thanks for the reply. So the rules are the default out of the box. So far as I know the smtp port configuration is port 25 incoming and port 26 relay from the internal mail servers.

Where do I find the smtp port configuration information? I’m fairly certain it’s setup properly but who knows.
 
Thanks for the reply. So the rules are the default out of the box. So far as I know the smtp port configuration is port 25 incoming and port 26 relay from the internal mail servers.

Where do I find the smtp port configuration information? I’m fairly certain it’s setup properly but who knows.

Check your settings on: "Configuration/Mail Proxy/Ports"
 
were you able to solve this? i think i have the same problem. Mail Gateway 5.0-76 with some domains in the global blacklist and they still get thru. mostly all default config, also in menu "mail filter" besides adding domain blacklist objects. just used as incoming mailproxy.
 
the really annoying part is, that the user itself (me in this case) opened a spam from the digest and clicked the button "blacklist", which in fact does not have any effect. i've even manually added *@annoyingspamer.com before, which had also no effect. so to sum it up: seems like in default configuration blacklists do not have any effect at all. which makes them pretty useless...
 
No, that is not true. Those blacklists are working, but are not able to see "real" sender addresses for some type of emails, typically mass mailing, because the sender is "masked" by envelope of the mass mailer. It is fun because you usually want to block mass mailing, huh?

I hope proxmox will fix this in the future...
 
Does not seem to solve the custom blacklist problem... Because I want to black even "regular" mass mailing, that is not listed anywhere on external blacklist...
 
Exactly the same problem +1
please consider opening a new thread, instead of replying to one from more than one year ago

else - please provide logs of mails that go through which should be blocked
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!