whitelist and confspam
- Thread starter tcsis
- Start date
I guess this got posted in the wrong forum? (Proxmox VE is for PVE - the virtualization).
I moved the thread to the appropriate Mail Gateway forum..
Please post the logs of a mail which got blocked/quarantined
(Most likely you need to add the address to the rule-system whitelist - check the reference documentation:
https://pmg.proxmox.com/pmg-docs/pmg-admin-guide.html#pmgconfig_whitelist_overview)
I moved the thread to the appropriate Mail Gateway forum..
Please post the logs of a mail which got blocked/quarantined
(Most likely you need to add the address to the rule-system whitelist - check the reference documentation:
https://pmg.proxmox.com/pmg-docs/pmg-admin-guide.html#pmgconfig_whitelist_overview)
Check the mail.log of the system:
/var/log/mail.log (/var/log/mail.log.1, /var/log/mail.log.2.gz)
or the system journal
`journalctl -b`
alternatively
the information can be seen in the GUI's Tracking Center
mail.log.1 mail.log.2.gz mail.log.3.gz mail.log.4.gz
root@mailgw:~# cat /var/log/mail.log.1 |grep creditsafe
Oct 6 15:30:50 mailgw postfix/smtpd[9646]: connect from mail6031.creditsafeuk.mkt6630.com[74.112.64.149]
Oct 6 15:30:57 mailgw postfix/smtpd[9646]: 103B41D013BC: client=mail6031.creditsafeuk.mkt6630.com[74.112.64.149]
Oct 6 15:30:57 mailgw postfix/qmgr[575]: 103B41D013BC: from=<v-cjjjhdm_oonplfapnb_gooegbee_gooegbee_a@bounce.grp.creditsafemail.com>, size=27427, nrcpt=1 (queue active)
Oct 6 15:30:57 mailgw postfix/smtpd[9646]: disconnect from mail6031.creditsafeuk.mkt6630.com[74.112.64.149] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5
Oct 6 15:31:12 mailgw postfix/smtpd[10429]: 7E2CE1D01405: client=localhost[127.0.0.1], orig_client=mail6031.creditsafeuk.mkt6630.com[74.112.64.149]
Oct 6 15:31:12 mailgw postfix/qmgr[575]: 7E2CE1D01405: from=<v-cjjjhdm_oonplfapnb_gooegbee_gooegbee_a@bounce.grp.creditsafemail.com>, size=28545, nrcpt=1 (queue active)
Oct 8 09:57:28 mailgw postfix/qmgr[575]: C64801D013A8: from=<andrea.porcelli@creditsafe.it>, size=102894, nrcpt=1 (queue active)
Oct 8 09:57:44 mailgw postfix/qmgr[575]: 4522E1D01418: from=<andrea.porcelli@creditsafe.it>, size=103626, nrcpt=1 (queue active)
++++++++++++++++++++++++++++
root@mailgw:~# cat /var/log/mail.log.1 |grep creditsafe
Oct 6 15:30:50 mailgw postfix/smtpd[9646]: connect from mail6031.creditsafeuk.mkt6630.com[74.112.64.149]
Oct 6 15:30:57 mailgw postfix/smtpd[9646]: 103B41D013BC: client=mail6031.creditsafeuk.mkt6630.com[74.112.64.149]
Oct 6 15:30:57 mailgw postfix/qmgr[575]: 103B41D013BC: from=<v-cjjjhdm_oonplfapnb_gooegbee_gooegbee_a@bounce.grp.creditsafemail.com>, size=27427, nrcpt=1 (queue active)
Oct 6 15:30:57 mailgw postfix/smtpd[9646]: disconnect from mail6031.creditsafeuk.mkt6630.com[74.112.64.149] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5
Oct 6 15:31:12 mailgw postfix/smtpd[10429]: 7E2CE1D01405: client=localhost[127.0.0.1], orig_client=mail6031.creditsafeuk.mkt6630.com[74.112.64.149]
Oct 6 15:31:12 mailgw postfix/qmgr[575]: 7E2CE1D01405: from=<v-cjjjhdm_oonplfapnb_gooegbee_gooegbee_a@bounce.grp.creditsafemail.com>, size=28545, nrcpt=1 (queue active)
Oct 8 09:57:28 mailgw postfix/qmgr[575]: C64801D013A8: from=<andrea.porcelli@creditsafe.it>, size=102894, nrcpt=1 (queue active)
Oct 8 09:57:44 mailgw postfix/qmgr[575]: 4522E1D01418: from=<andrea.porcelli@creditsafe.it>, size=103626, nrcpt=1 (queue active)
++++++++++++++++++++++++++++
Daily Spam Report for 'daniela@trafil.it' - 2020-10-15 | |
| Monitoring@creditsafe.com | 2020-10-15 05:05:45 |
| SPAM: monitoraggio concorrenti | |
| Monitoring@creditsafe.com | 2020-10-15 05:49:23 |
| SPAM: Default Portfolio |
grepping only for the recipient domain won't show you the complete picture - either post the complete log for the timeframe - or use the Tracking center
if you match for a 'domain' as WHO object then only the domain is matched (no subdomain) - additionally the smtp-envelop address is matched and not the From header...
* add a 'What' object (Match Field - field 'From', value '.*@creditsafe.com' to the rule
* and/or match for a regular expression in the Who Object as well ('.*creditsafe.com')
if you match for a 'domain' as WHO object then only the domain is matched (no subdomain) - additionally the smtp-envelop address is matched and not the From header...
* add a 'What' object (Match Field - field 'From', value '.*@creditsafe.com' to the rule
* and/or match for a regular expression in the Who Object as well ('.*creditsafe.com')
Check the reference documentation:
https://pmg.proxmox.com/pmg-docs/pmg-admin-guide.html#chapter_mailfilter
the Match Field Objects match a header (in that case I assume you want the 'From' header) via regular expression
https://pmg.proxmox.com/pmg-docs/pmg-admin-guide.html#pmg_mailfilter_regex
(add the expression, then add what you want to match and click on test)
I hope this helps!
https://pmg.proxmox.com/pmg-docs/pmg-admin-guide.html#chapter_mailfilter
the Match Field Objects match a header (in that case I assume you want the 'From' header) via regular expression
https://pmg.proxmox.com/pmg-docs/pmg-admin-guide.html#pmg_mailfilter_regex
(add the expression, then add what you want to match and click on test)
I hope this helps!
If I may interject.
From the documentation if I want to whitelist senders ( from: bob@abc123.com )
I can add a who object->E-Mail->bob@abc123.com (whitelist that user) -OR-
I can add a who object->domain->abc123.com (whitelist any-user@abc123.com)
If the mail log shows the from as that domain/email address it will whitelist.
However in my case, and in this persons case it does not.
How would you recommend to configure this in my example sender situation which will fix tcsis issue as well as mine.
Thank you.
One other question, in postfix in most config files if you want to receive anything at a domain the config file looks like:
@abc123.com OK
or for a user
bob@abc123.com OK
So if you're entering a domain in who->whitelist->domain, that should domain should look like my first example.
From the documentation if I want to whitelist senders ( from: bob@abc123.com )
I can add a who object->E-Mail->bob@abc123.com (whitelist that user) -OR-
I can add a who object->domain->abc123.com (whitelist any-user@abc123.com)
If the mail log shows the from as that domain/email address it will whitelist.
However in my case, and in this persons case it does not.
How would you recommend to configure this in my example sender situation which will fix tcsis issue as well as mine.
Thank you.
One other question, in postfix in most config files if you want to receive anything at a domain the config file looks like:
@abc123.com OK
or for a user
bob@abc123.com OK
So if you're entering a domain in who->whitelist->domain, that should domain should look like my first example.
Last edited:
Attachments
Hello @hata_ph I did, you are helping me in my other post, and its simply not working...
So today I did some more digging and have this post which may help find the answer https://forum.proxmox.com/threads/postfix-configuration-files-and-proxmox-white-black-lists.77896/