[SOLVED] Whitelist (no spam check) by From:

M

Miro_I

Member
Apr 2, 2021
25
2
8
42
Hello,

I have Proxmox Mail Gateway 7.3-8. This server receives important notifications from sender but they are captured as spam.
I added What object "Whitelisted From" with this rule:

Also tried as value safetyeasy@ab-cube.com and some others but nothing works, the emails always end in spam quarantine.
The email headers are:


It is not reliable to whitelist by envelope from as it is mailing list.
Any idea how to whitelist by From: header?
 
Miro_I said:
Any idea how to whitelist by From: header?
Click to expand...
add it as a 'Match Field' What object

The Who objects always match the envelope addresses - not the header-values

I hope this explains it!
 
Miro_I said:
It is added in What objects as mentioned in opening post. But does not work.
Click to expand...
sorry for missing that part

* please show your rulesystem (pmgdb dump, or screenshots)
* please show the logs for such a mail
 
Stoiko Ivanov said:
sorry for missing that part

* please show your rulesystem (pmgdb dump, or screenshots)
* please show the logs for such a mail
Click to expand...

Code: 
Found RULE 4 (prio: 98, in, active): Blacklist
  FOUND FROM GROUP 2: Blacklist
    OBJECT 86: dominicianic.com
    OBJECT 91: methodist.org.uk
    OBJECT 72: mycust.iaddedapps.com
  FOUND ACTION GROUP 18: Block
    OBJECT 31: block message
Found RULE 3 (prio: 96, out, active): Virus Alert
  FOUND WHAT GROUP 9: Virus
    OBJECT 22: active
  FOUND ACTION GROUP 18: Block
    OBJECT 31: block message
  FOUND ACTION GROUP 20: Notify Admin
    OBJECT 33: notify __ADMIN__
  FOUND ACTION GROUP 21: Notify Sender
    OBJECT 34: notify __SENDER__
Found RULE 2 (prio: 96, in, active): Block Viruses
  FOUND WHAT GROUP 9: Virus
    OBJECT 22: active
  FOUND ACTION GROUP 19: Quarantine
    OBJECT 32: Move to quarantine.
  FOUND ACTION GROUP 20: Notify Admin
    OBJECT 33: notify __ADMIN__
Found RULE 1 (prio: 93, in, active): Block Dangerous Files
  FOUND WHAT GROUP 8: Dangerous Content
    OBJECT 16: content-type=application/javascript
    OBJECT 17: content-type=application/x-executable
    OBJECT 15: content-type=application/x-java
    OBJECT 14: content-type=application/x-ms-dos-executable
    OBJECT 18: content-type=application/x-ms-dos-executable
    OBJECT 19: content-type=message/partial
    OBJECT 20: filename=.*\.(vbs|pif|lnk|shs|shb)
    OBJECT 21: filename=.*\.\{.+\}
  FOUND ACTION GROUP 15: Remove attachments
    OBJECT 28: remove matching attachments
Found RULE 18 (prio: 91, in, inactive): Quarantine Freemail
  FOUND FROM GROUP 30: Freemail
    OBJECT 70: gmail.com
    OBJECT 71: yahoo.com
  FOUND ACTION GROUP 19: Quarantine
    OBJECT 32: Move to quarantine.
  FOUND ACTION GROUP 20: Notify Admin
    OBJECT 33: notify __ADMIN__
Found RULE 5 (prio: 90, in, active): Add Spam Info
  FOUND ACTION GROUP 13: Modify Spam Level
    OBJECT 26: modify field: X-SPAM-LEVEL:__SPAM_INFO__
Found RULE 13 (prio: 89, in, inactive): Quarantine Office Files
  FOUND WHAT GROUP 7: Office Files
    OBJECT 9: content-type=application/msword
    OBJECT 7: content-type=application/vnd\.ms-excel
    OBJECT 8: content-type=application/vnd\.ms-powerpoint
    OBJECT 11: content-type=application/vnd\.oasis\.opendocument\..*
    OBJECT 10: content-type=application/vnd\.openxmlformats-officedocument\..*
    OBJECT 12: content-type=application/vnd\.stardivision\..*
    OBJECT 13: content-type=application/vnd\.sun\.xml\..*
  FOUND ACTION GROUP 23: Attachment Quarantine (remove matching)
    OBJECT 36: remove matching attachments
Found RULE 12 (prio: 87, in+out, inactive): Block Multimedia Files
  FOUND WHAT GROUP 6: Multimedia
    OBJECT 5: content-type=audio/.*
    OBJECT 6: content-type=video/.*
  FOUND ACTION GROUP 15: Remove attachments
    OBJECT 28: remove matching attachments
Found RULE 15 (prio: 87, in, active): Add Spam Score
  FOUND ACTION GROUP 27: X-Spam-Score
    OBJECT 39: modify field: X-Spam-Score:__SPAMLEVEL__
Found RULE 14 (prio: 86, in, active): Add Spam Flag
  FOUND WHAT GROUP 11: Spam (Level 5)
    OBJECT 24: Level 5
  FOUND ACTION GROUP 25: X-Spam-Flag
    OBJECT 38: modify field: X-Spam-Flag:Disabled
Found RULE 17 (prio: 85, in, active): Quarantine (Level 2) Distributed mailboxes
  FOUND TO GROUP 28: Distribution
    OBJECT 59: macopv@domain.com
    OBJECT 60: onxeopv@domain.com
    OBJECT 57: vectanspv@domain.com
  FOUND WHAT GROUP 29: Spam (Level 2)
    OBJECT 58: Level 2
  FOUND WHAT GROUP 32: Spam keywords
    OBJECT 73: From=e?Mail System Administrator
  FOUND ACTION GROUP 19: Quarantine
    OBJECT 32: Move to quarantine.
  FOUND ACTION GROUP 20: Notify Admin
    OBJECT 33: notify __ADMIN__
Found RULE 6 (prio: 84, in, active): Whitelist
  FOUND FROM GROUP 3: Whitelist
    OBJECT 113: ********@csod.com
    OBJECT 94: *******@hotmail.com
    OBJECT 78: *******@gmail.com
    OBJECT 79: *******@hotmail.com
    OBJECT 111: *******@orange.fr
    OBJECT 100: postmaster@aphp.fr
    OBJECT 110: *******@outlook.fr
    OBJECT 89: ab-cube.com
    OBJECT 90: argenx.com
    OBJECT 81: deciphera.com
    OBJECT 83: ebexco.com
    OBJECT 93: ema.europa.eu
    OBJECT 92: eumail.docusign.net
    OBJECT 85: excelya.com
    OBJECT 80: grupo-alter.com
    OBJECT 98: grupoalter.onmicrosoft.com
    OBJECT 99: ivigee.com
    OBJECT 76: macopharma.com
    OBJECT 66: mail01.ergomedplc.com
    OBJECT 67: mail02.ergomedplc.com
    OBJECT 68: mail03.ergomedplc.com
    OBJECT 69: mail05.ergomedplc.com
    OBJECT 97: mhra.gov.uk
    OBJECT 84: pharmaconsulta.com
    OBJECT 61: primevigilance.com
    OBJECT 82: ubc.com
    OBJECT 74: vrtx.com
  FOUND WHAT GROUP 33: Whitelisted From
    OBJECT 112: From=.*<safetyeasy@ab-cube.com>
  FOUND ACTION GROUP 17: Accept
    OBJECT 30: accept message
Found RULE 9 (prio: 82, in, active): Block Spam (Level 10)
  FOUND WHAT GROUP 12: Spam (Level 10)
    OBJECT 25: Level 10
  FOUND ACTION GROUP 18: Block
    OBJECT 31: block message
Found RULE 8 (prio: 81, in, active): Quarantine/Mark Spam (Level 5)
  FOUND WHAT GROUP 11: Spam (Level 5)
    OBJECT 24: Level 5
  FOUND ACTION GROUP 19: Quarantine
    OBJECT 32: Move to quarantine.
  FOUND ACTION GROUP 20: Notify Admin
    OBJECT 33: notify __ADMIN__
  FOUND ACTION GROUP 14: Modify Spam Subject
    OBJECT 27: modify field: subject:__SUBJECT__
Found RULE 7 (prio: 80, in, inactive): Quarantine/Mark Spam (Level 3)
  FOUND WHAT GROUP 10: Spam (Level 3)
    OBJECT 23: Level 3
  FOUND ACTION GROUP 19: Quarantine
    OBJECT 32: Move to quarantine.
  FOUND ACTION GROUP 14: Modify Spam Subject
    OBJECT 27: modify field: subject:__SUBJECT__
Found RULE 10 (prio: 70, out, inactive): Block outgoing Spam
  FOUND WHAT GROUP 10: Spam (Level 3)
    OBJECT 23: Level 3
  FOUND ACTION GROUP 18: Block
    OBJECT 31: block message
  FOUND ACTION GROUP 20: Notify Admin
    OBJECT 33: notify __ADMIN__
  FOUND ACTION GROUP 21: Notify Sender
    OBJECT 34: notify __SENDER__
Found RULE 11 (prio: 60, out, inactive): Add Disclaimer
  FOUND ACTION GROUP 22: Disclaimer
    OBJECT 35: disclaimer


Code: 
Aug 16 01:30:17 mx1 postfix/smtpd[3689]: 9BC7321794: client=o124.p8.mailjet.com[87.253.233.124]
Aug 16 01:30:17 mx1 postfix/cleanup[3694]: 9BC7321794: message-id=<51158901.AUUAACHbznoAAAAAAAAAAAOQ6A0AAAAAX7IAAAAAAB0ARwBk3AqB@mailjet.com>
Aug 16 01:30:17 mx1 postfix/qmgr[936]: 9BC7321794: from=<51158901.AUUAACHbznoAAAAAAAAAAAOQ6A0AAAAAX7IAAAAAAB0ARwBk3AqB@a1900615.bnc3.mailjet.com>, size=5972, nrcpt=1 (queue active)
Aug 16 01:30:17 mx1 pmg-smtp-filter[960]: 2023/08/16-01:30:17 CONNECT TCP Peer: "[127.0.0.1]:39476" Local: "[127.0.0.1]:10024"
Aug 16 01:30:17 mx1 pmg-smtp-filter[960]: 2182664DC0A89AFA57: new mail message-id=<51158901.AUUAACHbznoAAAAAAAAAAAOQ6A0AAAAAX7IAAAAAAB0ARwBk3AqB@mailjet.com>#012
Aug 16 01:30:17 mx1 pmgpolicy[2890]: reloading configuration Proxmox_ruledb
Aug 16 01:30:17 mx1 pmgpolicy[2890]: SPF says pass
Aug 16 01:30:17 mx1 postfix/smtpd[3687]: F09B321B6E: client=o124.p8.mailjet.com[87.253.233.124]
Aug 16 01:30:18 mx1 postfix/cleanup[3694]: F09B321B6E: message-id=<d0cbba1c.AW0AACNc0AMAAAAAAAAAAATg2_cAAAAAX7IAAAAAAB0ARwBk3AqB@mailjet.com>
Aug 16 01:30:18 mx1 postfix/qmgr[936]: F09B321B6E: from=<d0cbba1c.AW0AACNc0AMAAAAAAAAAAATg2_cAAAAAX7IAAAAAAB0ARwBk3AqB@a1900615.bnc3.mailjet.com>, size=5300, nrcpt=1 (queue active)
Aug 16 01:30:18 mx1 pmg-smtp-filter[875]: Starting "1" children
Aug 16 01:30:18 mx1 pmg-smtp-filter[2318]: 2023/08/16-01:30:18 CONNECT TCP Peer: "[127.0.0.1]:39486" Local: "[127.0.0.1]:10024"
Aug 16 01:30:18 mx1 pmg-smtp-filter[2318]: 21B7764DC0A8A12729: new mail message-id=<d0cbba1c.AW0AACNc0AMAAAAAAAAAAATg2_cAAAAAX7IAAAAAAB0ARwBk3AqB@mailjet.com>#012
Aug 16 01:30:20 mx1 pmg-smtp-filter[2318]: 21B7764DC0A8A12729: SA score=5/5 time=2.267 bayes=undefined autolearn=disabled hits=DEAR_SOMETHING(1.731),DKIM_SIGNED(0.1),DKIM_VALID(-0.1),DKIM_VALID_AU(-0.1),DMARC_PASS(-0.1),HEADER_FROM_DIFFERENT_DOMAINS(0.25),HTML_IMAGE_ONLY_24(1.282),HTML_MESSAGE(0.001),KAM_FROM_MARKETINGBL_PCCC(0.001),KAM_MARKETINGBL_PCCC(1),RCVD_IN_DNSWL_NONE(-0.0001),RCVD_IN_MSPIKE_H2(-0.001),SPF_HELO_PASS(-0.001),SPF_PASS(-0.001),T_REMOTE_IMAGE(0.01),URIBL_GREY(1.084)
Aug 16 01:30:20 mx1 postfix/smtpd[3713]: connect from localhost.localdomain[127.0.0.1]
Aug 16 01:30:20 mx1 postfix/smtpd[3713]: 5DF4C21B88: client=localhost.localdomain[127.0.0.1]
Aug 16 01:30:20 mx1 postfix/cleanup[3694]: 5DF4C21B88: message-id=<20230815233020.5DF4C21B88@mx1.domain.com>
Aug 16 01:30:20 mx1 postfix/qmgr[936]: 5DF4C21B88: from=<postmaster@mx1.domain.com>, size=4101, nrcpt=1 (queue active)
Aug 16 01:30:20 mx1 pmg-smtp-filter[2318]: 21B7764DC0A8A12729: notify <miro*****@domain.com> (rule: Quarantine/Mark Spam (Level 5), 5DF4C21B88)
Aug 16 01:30:20 mx1 postfix/smtpd[3713]: disconnect from localhost.localdomain[127.0.0.1] ehlo=1 mail=1 rcpt=1 data=1 commands=4
Aug 16 01:30:20 mx1 pmg-smtp-filter[2318]: 21B7764DC0A8A12729: moved mail for <*******@domain.com> to spam quarantine - 21BAD64DC0A8C69039 (rule: Quarantine/Mark Spam (Level 5))
Aug 16 01:30:20 mx1 pmg-smtp-filter[2318]: 21B7764DC0A8A12729: processing time: 2.363 seconds (2.267, 0.02, 0)
Aug 16 01:30:20 mx1 postfix/lmtp[3704]: F09B321B6E: to=<*******@domain.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=3.3, delays=0.9/0.02/0.05/2.4, dsn=2.5.0, status=sent (250 2.5.0 OK (21B7764DC0A8A12729))
Aug 16 01:30:20 mx1 postfix/qmgr[936]: F09B321B6E: removed
Aug 16 01:30:20 mx1 postfix/smtp[3714]: 5DF4C21B88: to=<miro******@domain.com>, relay=mail-web-nova.vlan10.domain.com[192.168.10.11]:25, delay=0.14, delays=0.05/0.01/0.07/0.01, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 7EB8E114002D)
Aug 16 01:30:20 mx1 postfix/qmgr[936]: 5DF4C21B88: removed
Aug 16 01:30:22 mx1 pmg-smtp-filter[960]: 2182664DC0A89AFA57: SA score=4/5 time=4.352 bayes=undefined autolearn=disabled hits=DEAR_SOMETHING(1.731),DKIM_SIGNED(0.1),DKIM_VALID(-0.1),DKIM_VALID_AU(-0.1),DMARC_PASS(-0.1),HEADER_FROM_DIFFERENT_DOMAINS(0.25),HTML_IMAGE_ONLY_28(0.726),HTML_MESSAGE(0.001),KAM_FROM_MARKETINGBL_PCCC(0.001),KAM_MARKETINGBL_PCCC(1),RCVD_IN_DNSWL_NONE(-0.0001),RCVD_IN_MSPIKE_H2(-0.001),SPF_HELO_PASS(-0.001),SPF_PASS(-0.001),T_REMOTE_IMAGE(0.01),URIBL_GREY(1.084)
Aug 16 01:30:22 mx1 pmg-smtp-filter[960]: 2182664DC0A89AFA57: sender in user (*********@domain.com) welcomelist
Aug 16 01:30:22 mx1 postfix/smtpd[3713]: connect from localhost.localdomain[127.0.0.1]
Aug 16 01:30:22 mx1 postfix/smtpd[3713]: 1A0E221B6E: client=localhost.localdomain[127.0.0.1], orig_client=o124.p8.mailjet.com[87.253.233.124]
Aug 16 01:30:22 mx1 postfix/cleanup[3694]: 1A0E221B6E: message-id=<51158901.AUUAACHbznoAAAAAAAAAAAOQ6A0AAAAAX7IAAAAAAB0ARwBk3AqB@mailjet.com>
Aug 16 01:30:22 mx1 postfix/qmgr[936]: 1A0E221B6E: from=<51158901.AUUAACHbznoAAAAAAAAAAAOQ6A0AAAAAX7IAAAAAAB0ARwBk3AqB@a1900615.bnc3.mailjet.com>, size=7484, nrcpt=1 (queue active)
Aug 16 01:30:22 mx1 postfix/smtpd[3713]: disconnect from localhost.localdomain[127.0.0.1] ehlo=1 xforward=1 mail=1 rcpt=1 data=1 commands=5
Aug 16 01:30:22 mx1 pmg-smtp-filter[960]: 2182664DC0A89AFA57: accept mail to <***********@domain.com> (1A0E221B6E) (rule: default-accept)
Aug 16 01:30:22 mx1 pmg-smtp-filter[960]: 2182664DC0A89AFA57: processing time: 4.435 seconds (4.352, 0.02, 0)
Aug 16 01:30:22 mx1 postfix/lmtp[3695]: 9BC7321794: to=<*********@domain.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=5.1, delays=0.65/0.01/0.04/4.4, dsn=2.5.0, status=sent (250 2.5.0 OK (2182664DC0A89AFA57))
Aug 16 01:30:22 mx1 postfix/qmgr[936]: 9BC7321794: removed
Aug 16 01:30:22 mx1 postfix/smtp[3714]: 1A0E221B6E: to=<*********@domain.com>, relay=mail-web-nova.vlan10.domain.com[192.168.10.11]:25, delay=0.06, delays=0.05/0/0.01/0, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 29514114002D)
 
Do I read this correct - you have the from object and the what-object in the same rule?
this is not how this works - the rule should match only mails that match both the from (envelope) and the what (from-header)

- create 2 rules - one with the from object and your desired action and a separate one with the what object and your desired action...

i hope this helps!
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back