[SOLVED] Whitelist (no spam check) by From:

M

Miro_I

Member
Apr 2, 2021
30
3
13
44
Hello,

I have Proxmox Mail Gateway 7.3-8. This server receives important notifications from sender but they are captured as spam.
I added What object "Whitelisted From" with this rule:

Also tried as value safetyeasy@ab-cube.com and some others but nothing works, the emails always end in spam quarantine.
The email headers are:


It is not reliable to whitelist by envelope from as it is mailing list.
Any idea how to whitelist by From: header?
 
Miro_I said:
Any idea how to whitelist by From: header?
Click to expand...
add it as a 'Match Field' What object

The Who objects always match the envelope addresses - not the header-values

I hope this explains it!
 
Miro_I said:
It is added in What objects as mentioned in opening post. But does not work.
Click to expand...
sorry for missing that part

* please show your rulesystem (pmgdb dump, or screenshots)
* please show the logs for such a mail
 
Stoiko Ivanov said:
sorry for missing that part

* please show your rulesystem (pmgdb dump, or screenshots)
* please show the logs for such a mail
Click to expand...

Code: 
Found RULE 4 (prio: 98, in, active): Blacklist
  FOUND FROM GROUP 2: Blacklist
    OBJECT 86: dominicianic.com
    OBJECT 91: methodist.org.uk
    OBJECT 72: mycust.iaddedapps.com
  FOUND ACTION GROUP 18: Block
    OBJECT 31: block message
Found RULE 3 (prio: 96, out, active): Virus Alert
  FOUND WHAT GROUP 9: Virus
    OBJECT 22: active
  FOUND ACTION GROUP 18: Block
    OBJECT 31: block message
  FOUND ACTION GROUP 20: Notify Admin
    OBJECT 33: notify __ADMIN__
  FOUND ACTION GROUP 21: Notify Sender
    OBJECT 34: notify __SENDER__
Found RULE 2 (prio: 96, in, active): Block Viruses
  FOUND WHAT GROUP 9: Virus
    OBJECT 22: active
  FOUND ACTION GROUP 19: Quarantine
    OBJECT 32: Move to quarantine.
  FOUND ACTION GROUP 20: Notify Admin
    OBJECT 33: notify __ADMIN__
Found RULE 1 (prio: 93, in, active): Block Dangerous Files
  FOUND WHAT GROUP 8: Dangerous Content
    OBJECT 16: content-type=application/javascript
    OBJECT 17: content-type=application/x-executable
    OBJECT 15: content-type=application/x-java
    OBJECT 14: content-type=application/x-ms-dos-executable
    OBJECT 18: content-type=application/x-ms-dos-executable
    OBJECT 19: content-type=message/partial
    OBJECT 20: filename=.*\.(vbs|pif|lnk|shs|shb)
    OBJECT 21: filename=.*\.\{.+\}
  FOUND ACTION GROUP 15: Remove attachments
    OBJECT 28: remove matching attachments
Found RULE 18 (prio: 91, in, inactive): Quarantine Freemail
  FOUND FROM GROUP 30: Freemail
    OBJECT 70: gmail.com
    OBJECT 71: yahoo.com
  FOUND ACTION GROUP 19: Quarantine
    OBJECT 32: Move to quarantine.
  FOUND ACTION GROUP 20: Notify Admin
    OBJECT 33: notify __ADMIN__
Found RULE 5 (prio: 90, in, active): Add Spam Info
  FOUND ACTION GROUP 13: Modify Spam Level
    OBJECT 26: modify field: X-SPAM-LEVEL:__SPAM_INFO__
Found RULE 13 (prio: 89, in, inactive): Quarantine Office Files
  FOUND WHAT GROUP 7: Office Files
    OBJECT 9: content-type=application/msword
    OBJECT 7: content-type=application/vnd\.ms-excel
    OBJECT 8: content-type=application/vnd\.ms-powerpoint
    OBJECT 11: content-type=application/vnd\.oasis\.opendocument\..*
    OBJECT 10: content-type=application/vnd\.openxmlformats-officedocument\..*
    OBJECT 12: content-type=application/vnd\.stardivision\..*
    OBJECT 13: content-type=application/vnd\.sun\.xml\..*
  FOUND ACTION GROUP 23: Attachment Quarantine (remove matching)
    OBJECT 36: remove matching attachments
Found RULE 12 (prio: 87, in+out, inactive): Block Multimedia Files
  FOUND WHAT GROUP 6: Multimedia
    OBJECT 5: content-type=audio/.*
    OBJECT 6: content-type=video/.*
  FOUND ACTION GROUP 15: Remove attachments
    OBJECT 28: remove matching attachments
Found RULE 15 (prio: 87, in, active): Add Spam Score
  FOUND ACTION GROUP 27: X-Spam-Score
    OBJECT 39: modify field: X-Spam-Score:__SPAMLEVEL__
Found RULE 14 (prio: 86, in, active): Add Spam Flag
  FOUND WHAT GROUP 11: Spam (Level 5)
    OBJECT 24: Level 5
  FOUND ACTION GROUP 25: X-Spam-Flag
    OBJECT 38: modify field: X-Spam-Flag:Disabled
Found RULE 17 (prio: 85, in, active): Quarantine (Level 2) Distributed mailboxes
  FOUND TO GROUP 28: Distribution
    OBJECT 59: macopv@domain.com
    OBJECT 60: onxeopv@domain.com
    OBJECT 57: vectanspv@domain.com
  FOUND WHAT GROUP 29: Spam (Level 2)
    OBJECT 58: Level 2
  FOUND WHAT GROUP 32: Spam keywords
    OBJECT 73: From=e?Mail System Administrator
  FOUND ACTION GROUP 19: Quarantine
    OBJECT 32: Move to quarantine.
  FOUND ACTION GROUP 20: Notify Admin
    OBJECT 33: notify __ADMIN__
Found RULE 6 (prio: 84, in, active): Whitelist
  FOUND FROM GROUP 3: Whitelist
    OBJECT 113: ********@csod.com
    OBJECT 94: *******@hotmail.com
    OBJECT 78: *******@gmail.com
    OBJECT 79: *******@hotmail.com
    OBJECT 111: *******@orange.fr
    OBJECT 100: postmaster@aphp.fr
    OBJECT 110: *******@outlook.fr
    OBJECT 89: ab-cube.com
    OBJECT 90: argenx.com
    OBJECT 81: deciphera.com
    OBJECT 83: ebexco.com
    OBJECT 93: ema.europa.eu
    OBJECT 92: eumail.docusign.net
    OBJECT 85: excelya.com
    OBJECT 80: grupo-alter.com
    OBJECT 98: grupoalter.onmicrosoft.com
    OBJECT 99: ivigee.com
    OBJECT 76: macopharma.com
    OBJECT 66: mail01.ergomedplc.com
    OBJECT 67: mail02.ergomedplc.com
    OBJECT 68: mail03.ergomedplc.com
    OBJECT 69: mail05.ergomedplc.com
    OBJECT 97: mhra.gov.uk
    OBJECT 84: pharmaconsulta.com
    OBJECT 61: primevigilance.com
    OBJECT 82: ubc.com
    OBJECT 74: vrtx.com
  FOUND WHAT GROUP 33: Whitelisted From
    OBJECT 112: From=.*<safetyeasy@ab-cube.com>
  FOUND ACTION GROUP 17: Accept
    OBJECT 30: accept message
Found RULE 9 (prio: 82, in, active): Block Spam (Level 10)
  FOUND WHAT GROUP 12: Spam (Level 10)
    OBJECT 25: Level 10
  FOUND ACTION GROUP 18: Block
    OBJECT 31: block message
Found RULE 8 (prio: 81, in, active): Quarantine/Mark Spam (Level 5)
  FOUND WHAT GROUP 11: Spam (Level 5)
    OBJECT 24: Level 5
  FOUND ACTION GROUP 19: Quarantine
    OBJECT 32: Move to quarantine.
  FOUND ACTION GROUP 20: Notify Admin
    OBJECT 33: notify __ADMIN__
  FOUND ACTION GROUP 14: Modify Spam Subject
    OBJECT 27: modify field: subject:__SUBJECT__
Found RULE 7 (prio: 80, in, inactive): Quarantine/Mark Spam (Level 3)
  FOUND WHAT GROUP 10: Spam (Level 3)
    OBJECT 23: Level 3
  FOUND ACTION GROUP 19: Quarantine
    OBJECT 32: Move to quarantine.
  FOUND ACTION GROUP 14: Modify Spam Subject
    OBJECT 27: modify field: subject:__SUBJECT__
Found RULE 10 (prio: 70, out, inactive): Block outgoing Spam
  FOUND WHAT GROUP 10: Spam (Level 3)
    OBJECT 23: Level 3
  FOUND ACTION GROUP 18: Block
    OBJECT 31: block message
  FOUND ACTION GROUP 20: Notify Admin
    OBJECT 33: notify __ADMIN__
  FOUND ACTION GROUP 21: Notify Sender
    OBJECT 34: notify __SENDER__
Found RULE 11 (prio: 60, out, inactive): Add Disclaimer
  FOUND ACTION GROUP 22: Disclaimer
    OBJECT 35: disclaimer


Code: 
Aug 16 01:30:17 mx1 postfix/smtpd[3689]: 9BC7321794: client=o124.p8.mailjet.com[87.253.233.124]
Aug 16 01:30:17 mx1 postfix/cleanup[3694]: 9BC7321794: message-id=<51158901.AUUAACHbznoAAAAAAAAAAAOQ6A0AAAAAX7IAAAAAAB0ARwBk3AqB@mailjet.com>
Aug 16 01:30:17 mx1 postfix/qmgr[936]: 9BC7321794: from=<51158901.AUUAACHbznoAAAAAAAAAAAOQ6A0AAAAAX7IAAAAAAB0ARwBk3AqB@a1900615.bnc3.mailjet.com>, size=5972, nrcpt=1 (queue active)
Aug 16 01:30:17 mx1 pmg-smtp-filter[960]: 2023/08/16-01:30:17 CONNECT TCP Peer: "[127.0.0.1]:39476" Local: "[127.0.0.1]:10024"
Aug 16 01:30:17 mx1 pmg-smtp-filter[960]: 2182664DC0A89AFA57: new mail message-id=<51158901.AUUAACHbznoAAAAAAAAAAAOQ6A0AAAAAX7IAAAAAAB0ARwBk3AqB@mailjet.com>#012
Aug 16 01:30:17 mx1 pmgpolicy[2890]: reloading configuration Proxmox_ruledb
Aug 16 01:30:17 mx1 pmgpolicy[2890]: SPF says pass
Aug 16 01:30:17 mx1 postfix/smtpd[3687]: F09B321B6E: client=o124.p8.mailjet.com[87.253.233.124]
Aug 16 01:30:18 mx1 postfix/cleanup[3694]: F09B321B6E: message-id=<d0cbba1c.AW0AACNc0AMAAAAAAAAAAATg2_cAAAAAX7IAAAAAAB0ARwBk3AqB@mailjet.com>
Aug 16 01:30:18 mx1 postfix/qmgr[936]: F09B321B6E: from=<d0cbba1c.AW0AACNc0AMAAAAAAAAAAATg2_cAAAAAX7IAAAAAAB0ARwBk3AqB@a1900615.bnc3.mailjet.com>, size=5300, nrcpt=1 (queue active)
Aug 16 01:30:18 mx1 pmg-smtp-filter[875]: Starting "1" children
Aug 16 01:30:18 mx1 pmg-smtp-filter[2318]: 2023/08/16-01:30:18 CONNECT TCP Peer: "[127.0.0.1]:39486" Local: "[127.0.0.1]:10024"
Aug 16 01:30:18 mx1 pmg-smtp-filter[2318]: 21B7764DC0A8A12729: new mail message-id=<d0cbba1c.AW0AACNc0AMAAAAAAAAAAATg2_cAAAAAX7IAAAAAAB0ARwBk3AqB@mailjet.com>#012
Aug 16 01:30:20 mx1 pmg-smtp-filter[2318]: 21B7764DC0A8A12729: SA score=5/5 time=2.267 bayes=undefined autolearn=disabled hits=DEAR_SOMETHING(1.731),DKIM_SIGNED(0.1),DKIM_VALID(-0.1),DKIM_VALID_AU(-0.1),DMARC_PASS(-0.1),HEADER_FROM_DIFFERENT_DOMAINS(0.25),HTML_IMAGE_ONLY_24(1.282),HTML_MESSAGE(0.001),KAM_FROM_MARKETINGBL_PCCC(0.001),KAM_MARKETINGBL_PCCC(1),RCVD_IN_DNSWL_NONE(-0.0001),RCVD_IN_MSPIKE_H2(-0.001),SPF_HELO_PASS(-0.001),SPF_PASS(-0.001),T_REMOTE_IMAGE(0.01),URIBL_GREY(1.084)
Aug 16 01:30:20 mx1 postfix/smtpd[3713]: connect from localhost.localdomain[127.0.0.1]
Aug 16 01:30:20 mx1 postfix/smtpd[3713]: 5DF4C21B88: client=localhost.localdomain[127.0.0.1]
Aug 16 01:30:20 mx1 postfix/cleanup[3694]: 5DF4C21B88: message-id=<20230815233020.5DF4C21B88@mx1.domain.com>
Aug 16 01:30:20 mx1 postfix/qmgr[936]: 5DF4C21B88: from=<postmaster@mx1.domain.com>, size=4101, nrcpt=1 (queue active)
Aug 16 01:30:20 mx1 pmg-smtp-filter[2318]: 21B7764DC0A8A12729: notify <miro*****@domain.com> (rule: Quarantine/Mark Spam (Level 5), 5DF4C21B88)
Aug 16 01:30:20 mx1 postfix/smtpd[3713]: disconnect from localhost.localdomain[127.0.0.1] ehlo=1 mail=1 rcpt=1 data=1 commands=4
Aug 16 01:30:20 mx1 pmg-smtp-filter[2318]: 21B7764DC0A8A12729: moved mail for <*******@domain.com> to spam quarantine - 21BAD64DC0A8C69039 (rule: Quarantine/Mark Spam (Level 5))
Aug 16 01:30:20 mx1 pmg-smtp-filter[2318]: 21B7764DC0A8A12729: processing time: 2.363 seconds (2.267, 0.02, 0)
Aug 16 01:30:20 mx1 postfix/lmtp[3704]: F09B321B6E: to=<*******@domain.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=3.3, delays=0.9/0.02/0.05/2.4, dsn=2.5.0, status=sent (250 2.5.0 OK (21B7764DC0A8A12729))
Aug 16 01:30:20 mx1 postfix/qmgr[936]: F09B321B6E: removed
Aug 16 01:30:20 mx1 postfix/smtp[3714]: 5DF4C21B88: to=<miro******@domain.com>, relay=mail-web-nova.vlan10.domain.com[192.168.10.11]:25, delay=0.14, delays=0.05/0.01/0.07/0.01, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 7EB8E114002D)
Aug 16 01:30:20 mx1 postfix/qmgr[936]: 5DF4C21B88: removed
Aug 16 01:30:22 mx1 pmg-smtp-filter[960]: 2182664DC0A89AFA57: SA score=4/5 time=4.352 bayes=undefined autolearn=disabled hits=DEAR_SOMETHING(1.731),DKIM_SIGNED(0.1),DKIM_VALID(-0.1),DKIM_VALID_AU(-0.1),DMARC_PASS(-0.1),HEADER_FROM_DIFFERENT_DOMAINS(0.25),HTML_IMAGE_ONLY_28(0.726),HTML_MESSAGE(0.001),KAM_FROM_MARKETINGBL_PCCC(0.001),KAM_MARKETINGBL_PCCC(1),RCVD_IN_DNSWL_NONE(-0.0001),RCVD_IN_MSPIKE_H2(-0.001),SPF_HELO_PASS(-0.001),SPF_PASS(-0.001),T_REMOTE_IMAGE(0.01),URIBL_GREY(1.084)
Aug 16 01:30:22 mx1 pmg-smtp-filter[960]: 2182664DC0A89AFA57: sender in user (*********@domain.com) welcomelist
Aug 16 01:30:22 mx1 postfix/smtpd[3713]: connect from localhost.localdomain[127.0.0.1]
Aug 16 01:30:22 mx1 postfix/smtpd[3713]: 1A0E221B6E: client=localhost.localdomain[127.0.0.1], orig_client=o124.p8.mailjet.com[87.253.233.124]
Aug 16 01:30:22 mx1 postfix/cleanup[3694]: 1A0E221B6E: message-id=<51158901.AUUAACHbznoAAAAAAAAAAAOQ6A0AAAAAX7IAAAAAAB0ARwBk3AqB@mailjet.com>
Aug 16 01:30:22 mx1 postfix/qmgr[936]: 1A0E221B6E: from=<51158901.AUUAACHbznoAAAAAAAAAAAOQ6A0AAAAAX7IAAAAAAB0ARwBk3AqB@a1900615.bnc3.mailjet.com>, size=7484, nrcpt=1 (queue active)
Aug 16 01:30:22 mx1 postfix/smtpd[3713]: disconnect from localhost.localdomain[127.0.0.1] ehlo=1 xforward=1 mail=1 rcpt=1 data=1 commands=5
Aug 16 01:30:22 mx1 pmg-smtp-filter[960]: 2182664DC0A89AFA57: accept mail to <***********@domain.com> (1A0E221B6E) (rule: default-accept)
Aug 16 01:30:22 mx1 pmg-smtp-filter[960]: 2182664DC0A89AFA57: processing time: 4.435 seconds (4.352, 0.02, 0)
Aug 16 01:30:22 mx1 postfix/lmtp[3695]: 9BC7321794: to=<*********@domain.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=5.1, delays=0.65/0.01/0.04/4.4, dsn=2.5.0, status=sent (250 2.5.0 OK (2182664DC0A89AFA57))
Aug 16 01:30:22 mx1 postfix/qmgr[936]: 9BC7321794: removed
Aug 16 01:30:22 mx1 postfix/smtp[3714]: 1A0E221B6E: to=<*********@domain.com>, relay=mail-web-nova.vlan10.domain.com[192.168.10.11]:25, delay=0.06, delays=0.05/0/0.01/0, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 29514114002D)
 
Do I read this correct - you have the from object and the what-object in the same rule?
this is not how this works - the rule should match only mails that match both the from (envelope) and the what (from-header)

- create 2 rules - one with the from object and your desired action and a separate one with the what object and your desired action...

i hope this helps!
 
You must log in or register to reply here.
Top Bottom