[SOLVED] Whitelist but domain in Junk!

[nothingelse]

Hello everyone,

OS: Proxmox Mail Gateway 6.0-4
I configured Mail Proxy/Whitelist --> domain maildomain.com . I sent from user@maildomain.com to Proxmox Mail Gateway and email in Junk. How to configure email in Inbox.

Thanks for your help,

 

[Stoiko Ivanov]

you can add it to the global-whitelist in 'Mail Filter'-> 'Who Object'->'Whitelist' - depending on your rules the mail should get delivered

maybe also find out why a mail is considered spam (the /var/log/mail.log should provide a hint)

I hope this helps!

 

[nothingelse]

I added Mail Filter'-> 'Who Object'->'Whitelist' : domain.com
I sent from abc@domain.com to user06@test.domain.com and email inbox user06@test.domain.com always junk.
And my log:
Sep 13 15:51:25 pmg postfix/postscreen[1282]: CONNECT from [x.x.x.x]:50986 to [x.x.x.52]:25
Sep 13 15:51:25 pmg postfix/postscreen[1282]: PASS OLD [x.x.x.x]:50986
Sep 13 15:51:26 pmg postfix/smtpd[1285]: connect from mta.domain.com[x.x.x.x]
Sep 13 15:51:26 pmg postfix/smtpd[1285]: Anonymous TLS connection established from mta.domain.com[x.x.x.x]: TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)
Sep 13 15:51:26 pmg postfix/smtpd[1285]: 05CAC42297: client=mta.domain.com[x.x.x.x]
Sep 13 15:51:26 pmg postfix/cleanup[1289]: 05CAC42297: message-id=<000501d56a10$6d35a1b0$47a0e510$@domain.com>
Sep 13 15:51:26 pmg postfix/qmgr[830]: 05CAC42297: from=<abc@domain.com>, size=5047, nrcpt=1 (queue active)
Sep 13 15:51:26 pmg postfix/smtpd[1285]: disconnect from mta.domain.com[x.x.x.x] ehlo=2 starttls=1 mail=1 rcpt=1 data=1 quit=1 commands=7
Sep 13 15:51:26 pmg pmg-smtp-filter[1060]: 2019/09/13-15:51:26 CONNECT TCP Peer: "[127.0.0.1]:44028" Local: "[127.0.0.1]:10024"
Sep 13 15:51:26 pmg pmg-smtp-filter[1060]: reloading configuration Proxmox_ruledb
Sep 13 15:51:26 pmg pmg-smtp-filter[1060]: 229E55D7B588E197C6: new mail message-id=<000501d56a10$6d35a1b0$47a0e510$@domain.com>#012
Sep 13 15:51:27 pmg pmg-smtp-filter[1060]: 229E55D7B588E197C6: SA score=0/5 time=1.646 bayes=undefined autolearn=no autolearn_force=no hits=DKIM_SIGNED(0.1),DKIM_VALID(0.1),DKIM_VALID_AU(-0.3),DKIM_VALID_EF(-0.1),FROM_EXCESS_BASE64(2.5),HTML_MESSAGE(1),KAM_NUMSUBJECT(0.5),SPF_HELO_NONE(0.001),SPF_PASS(-0.001),URIBL_BLOCKED(2),USER_IN_WHITELIST(-100)
Sep 13 15:51:27 pmg postfix/smtpd[1295]: connect from localhost.localdomain[127.0.0.1]
Sep 13 15:51:27 pmg postfix/smtpd[1295]: C0E0742298: client=localhost.localdomain[127.0.0.1], orig_client=mta.domain.com[x.x.x.x]
Sep 13 15:51:27 pmg postfix/cleanup[1289]: C0E0742298: message-id=<000501d56a10$6d35a1b0$47a0e510$@domain.com>
Sep 13 15:51:27 pmg postfix/qmgr[830]: C0E0742298: from=<abc@domain.com>, size=5253, nrcpt=1 (queue active)
Sep 13 15:51:27 pmg pmg-smtp-filter[1060]: 229E55D7B588E197C6: accept mail to <user06@test.domain.com> (C0E0742298) (rule: Whitelist)
Sep 13 15:51:27 pmg postfix/smtpd[1295]: disconnect from localhost.localdomain[127.0.0.1] ehlo=1 xforward=1 mail=1 rcpt=1 data=1 commands=5
Sep 13 15:51:27 pmg pmg-smtp-filter[1060]: 229E55D7B588E197C6: processing time: 1.734 seconds (1.646, 0.016, 0)
Sep 13 15:51:27 pmg postfix/lmtp[1290]: 05CAC42297: to=<user06@test.domain.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=1.8, delays=0/0/0.08/1.7, dsn=2.5.0, status=sent (250 2.5.0 OK (229E55D7B588E197C6))
Sep 13 15:51:27 pmg postfix/qmgr[830]: 05CAC42297: removed
Sep 13 15:51:27 pmg postfix/smtp[1296]: Anonymous TLS connection established to x.x.x.48[x.x.x.48]:25: TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)
Sep 13 15:51:28 pmg postfix/smtp[1296]: C0E0742298: to=<user06@test.domain.com>, relay=x.x.x.48[x.x.x.48]:25, delay=0.26, delays=0.05/0/0.05/0.16, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 08D9560A8C75)
Sep 13 15:51:28 pmg postfix/qmgr[830]: C0E0742298: removed
Sep 13 15:52:07 pmg pmg-smtp-filter[1031]: starting database maintainance
Sep 13 15:52:07 pmg pmg-smtp-filter[1031]: end database maintainance (23 ms)

Thanks for your answer,

 

[Stoiko Ivanov]

URIBL_BLOCKED(2),

This is really odd? - the standard score for this rule is (for good reason) is between 0 and 0.001 (it indicates that your DNS-server has reached the rate-limit at uribl - see https://cwiki.apache.org/confluence/display/spamassassin/DnsBlocklists and make sure to configure a dedicated DNS-server for your PMG - otherwise spamdetection won't be too good)

FROM_EXCESS_BASE64(2.5)

This might be an indicator that the sending entity has a problem in their mail-client configuration

in any case - PMG delivered the mail without changing it too much (apart from adding the spam-check headers probably) - I would check at the receivers client, why the mail gets sorted into the junk-folder (PMG does deliver via SMTP - the moving into folders happens on the downstream server)

I hope this helps!

 

[nothingelse]

URIBL_BLOCKED(2),

IP domain domain.com listed SORBS - Spam Sources

And I config core spamassasin mail server. Everything done. Thanks for your help!

This might be an indicator that the sending entity has a problem in their mail-client configuration

What you mean? I use mail-client configuration MS Outlook 2016 SMTP TLS 587.

 

[Stoiko Ivanov]

What you mean? I use mail-client configuration MS Outlook 2016 SMTP TLS 587.

The rule 'FROM_EXCESS_BASE64' triggers because the from header of the mail is encoded in base64, although this would not be necessary.

However on my system (which has no modifications) this rule has a score between 0 and 0.979 - so do you have some custom spamassassin configuration?

 

[nothingelse]

Dear Stoiko Ivanov,
I am so sorry, I was late answer. I solved.
Thanks for your help.

 

[Stoiko Ivanov]

Glad you resolved your issue!
if possible please share for the community how you solved it and mark the thread as solved - it might help others.

Thanks!