Whitelist useless?

[masterx]

Hi

today I had two mails which were sent from a whitelisted IP (192.168.26.35) address delivered into my spam quarantine. I recently upgraded from 6.something to the most recent 7.something release and this is the first time, something like that happened.
Is there something that could override the whitelist? I'd like to think that the whitelist overrides anything else

This is the original header of the mail which got delivered into spam quarantine:

Received: from whitelistedserver.domain.local (whitelistedserver.domain.local [192.168.26.35])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by pmg01.nnet.local (Proxmox) with ESMTPS
for <hostmaster@mydomain.com>; Sun, 20 Feb 2022 11:07:24 +0100 (CET)
Received: from whitelistedserver.domain.local (whitelistedserver.domain.local [127.0.0.1])
by whitelistedserver.domain.local (8.15.2/8.15.2) with ESMTPS id 21KA7ObB057702
(version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=NO)
for <hostmaster@mydomain.com>; Sun, 20 Feb 2022 11:07:24 +0100
Received: (from root@localhost)
by whitelistedserver.domain.local (8.15.2/8.15.2/Submit) id 21KA6iXa057476;
Sun, 20 Feb 2022 11:06:44 +0100

Any clue?

Thanks

 

[hata_ph]

Your whitelist setting is under Mail Proxy or Mail filter?

 

[masterx]

Mail proxy

 

[hata_ph]

What is your whitelist mail rules priority?
Pls show syslog of the 2 quarantine mail.

 

[masterx]

I have attached a screenshot of my rules + the syslog of one of the quarantined mails.

Feb 20 11:07:24 pmg01 postfix/postscreen[50014]: CONNECT from [192.168.26.35]:32812 to [192.168.26.11]:25
Feb 20 11:07:24 pmg01 postfix/postscreen[50014]: WHITELISTED [192.168.26.35]:32812
Feb 20 11:07:24 pmg01 postfix/postscreen[50014]: CONNECT from [192.168.26.35]:32814 to [192.168.26.11]:25
Feb 20 11:07:24 pmg01 postfix/postscreen[50014]: WHITELISTED [192.168.26.35]:32814
Feb 20 11:07:24 pmg01 postfix/smtpd[50015]: connect from whitelistedserver.mydomain.local[192.168.26.35]
Feb 20 11:07:24 pmg01 postfix/smtpd[50017]: connect from whitelistedserver.mydomain.local[192.168.26.35]
Feb 20 11:07:24 pmg01 postfix/smtpd[50015]: Anonymous TLS connection established from whitelistedserver.mydomain.local[192.168.26.35]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (2
56/256 bits)

...skipping 1 line
Feb 20 11:07:24 pmg01 postfix/smtpd[50015]: NOQUEUE: client=whitelistedserver.mydomain.local[192.168.26.35]
Feb 20 11:07:24 pmg01 pmg-smtp-filter[45314]: 2022/02/20-11:07:24 CONNECT TCP Peer: "[127.0.0.1]:60992" Local: "[127.0.0.1]:10024"
Feb 20 11:07:24 pmg01 postfix/smtpd[50017]: NOQUEUE: client=whitelistedserver.mydomain.local[192.168.26.35]
Feb 20 11:07:24 pmg01 pmg-smtp-filter[985]: Starting "1" children
Feb 20 11:07:24 pmg01 pmg-smtp-filter[8665]: 2022/02/20-11:07:24 CONNECT TCP Peer: "[127.0.0.1]:60994" Local: "[127.0.0.1]:10024"
Feb 20 11:07:24 pmg01 pmg-smtp-filter[8665]: 208F0621212DCAE2DB: new mail message-id=<202202201006.21KA6iFx057474@whitelistedserver.mydomain.local>#012
Feb 20 11:07:24 pmg01 pmg-smtp-filter[45314]: 208C2621212DCAE099: new mail message-id=<202202201006.21KA6iXa057476@whitelistedserver.mydomain.local>#012
Feb 20 11:07:24 pmg01 clamd[855]: SelfCheck: Database status OK.
Feb 20 11:07:24 pmg01 clamd[855]: SelfCheck: Database status OK.
Feb 20 11:07:26 pmg01 pmg-smtp-filter[45314]: 208C2621212DCAE099: SA score=3/5 time=1.151 bayes=undefined autolearn=no autolearn_force=no hits=ALL_TRUSTED(-1),AWL(-1.
705),BASE64_LENGTH_79_INF(2.019),ENA_SUBJ_ODD_CASE(3.2),HTML_MESSAGE(0.001),HTML_MIME_NO_HTML_TAG(0.635),KAM_DMARC_STATUS(0.01),MIME_HTML_ONLY(0.1),T_SCC_BODY_TEXT_LINE
(-0.01)
Feb 20 11:07:26 pmg01 pmg-smtp-filter[45314]: 208C2621212DCAE099: moved mail for <hostmaster@mydomain.com> to spam quarantine - 208F3621212DE5A660 (rule: Quarantine/Ma
rk Spam (Level 3))
Feb 20 11:07:26 pmg01 pmg-smtp-filter[45314]: 208C2621212DCAE099: processing time: 1.75 seconds (1.151, 0.077, 0)
Feb 20 11:07:26 pmg01 postfix/smtpd[50015]: proxy-accept: END-OF-MESSAGE: 250 2.5.0 OK (208C2621212DCAE099); from=<vc@mydomain.com> to=<hostmaster@mydomain.com> proto=E
SMTP helo=<whitelistedserver.mydomain.local>

 

[Matthias.]

Hi,

if you are using the whitelist under Mail Proxy, that's the SMTP whitelist. To quote the docs,

4.4.1. SMTP Whitelist​

The SMTP Whitelist is responsible for disabling greylisting, as well as SPF and DNSBL checks. These are done during the SMTP dialogue.

However, the rules still apply.
To unconditionally access any mails from your domain, you should add/edit the correspondig rule. E.g. Who -> Whitelist -> Add to modify the what object the predefined Whitelist rule uses.

 

[masterx]

ok, thanks. interesting, that this didn't strike earlier. I've been using this for years like that and never got any mail into SPAM quarantine like that.

 

[leksand]

Hi,

if you are using the whitelist under Mail Proxy, that's the SMTP whitelist. To quote the docs,

However, the rules still apply.
To unconditionally access any mails from your domain, you should add/edit the correspondig rule. E.g. Who -> Whitelist -> Add to modify the what object the predefined Whitelist rule uses.

Please specify or better add to the manual:
1) Where exactly to add exclusion domains: mail proxy or who whitelist.
2) What is the processing order:
- rules the higher the number, the higher the priority or vice versa
- mail proxy whitelist and mail filter (who whitelist) - who takes priority.
3) How and where to add the domain so that the DKIM and SPF checks are preserved.
4) How to understand as well as SPF and DNSBL check in 4.4.1 - checks are disabled?
5) If I added a domain to the mail proxy whitelist - do I need to remove them from there?

PS: I honestly tried to find the answer in the manual, then on the forum - I found your answer, but not immediately.