Whitelisting doesn't work
- Thread starter Andrei9385
- Start date
Hi,
I am having a problem with whitelisting a domain for a client. I have added this domain to the user whitelist. I have added this domain to the global whitelist and I have added this domain to the mail proxy >> whitelist. However this domain is still being blocked by bl.spamcop.net.
It was suggested to Read the documentation, and everyone should check there first.
The documentation says that:
Exclude senders from SMTP blocking. To prevent all SMTP checks(Greylisting, Receiver Verification, SPF and DNSBL)
So this domain should not be being blocked. This is a person sending mail to US. so I list them as a sender in the smtp whitlisting, just making sure about this. they are to us from outlook.com, which is a super spammy network so i am not whitelisting the ip.
I am having a problem with whitelisting a domain for a client. I have added this domain to the user whitelist. I have added this domain to the global whitelist and I have added this domain to the mail proxy >> whitelist. However this domain is still being blocked by bl.spamcop.net.
It was suggested to Read the documentation, and everyone should check there first.
The documentation says that:
Exclude senders from SMTP blocking. To prevent all SMTP checks(Greylisting, Receiver Verification, SPF and DNSBL)
So this domain should not be being blocked. This is a person sending mail to US. so I list them as a sender in the smtp whitlisting, just making sure about this. they are to us from outlook.com, which is a super spammy network so i am not whitelisting the ip.
Attachments
Last edited:
no, you need a 'who' object for the @goeml.com address and a 'what' object with from field for the usoft.ru
the rbls will be checked before even looking at the sender/domain, so only the ip of the sending server will be checked. if you want to whitelist that server, you have to do so by ip...
Thank you for the reply. Might I add that this is a terrible way to whitelist rbls. For future consideration, places like outlook.com, gmail.com yahoo.com have many many IP addresses. All of them shoudl be blocked, but upon request from a customer, we should be able to whitelist that customers client regardless of the ip that they come from.
I am not sure why the mail proxy >> whitelist exists, That whitelist shows I can whitelist an email, a domain, network etc, The documentation says that this will bypass the dnsBL's, but it doesn't. Not trying to be difficult here, but there is no way to bypass these rbl's even though the documentation says so? I have had to remove spamcop in the short term due to this issue. Someone might need to update that documentation.
Outlook.com is a HUGE source of spam. Gmail, even worse. Sadly, customers of mine have their customers who use these services. I cannot block them outright, (wish i could) so I need a solution here that doesn't include writing a new rule for each client who needs an allowance for their sender.
Thanks very much for you time.
the issue is that dnsbl only works with ip addresses, so at that point, there is not a mail/domain yet only the ip addresses.
also the docs say this very explicitely:
you can disable dnsbl and use the rulesystem instead if you need whitelisting per client that is on a dnsbl list
also the docs say this very explicitely:
source: https://pmg.proxmox.com/pmg-docs/pmg-admin-guide.html#pmgconfig_mailproxy_whitelist
you can disable dnsbl and use the rulesystem instead if you need whitelisting per client that is on a dnsbl list
Good Afternoon,
I appreciate your time, and I am not new to the proxmox email gateway. I have purchased the updating part for a number of years now. So although the docs may say the above very explicitly, they also say this very explicitly:
-----------------------------------------
SMTP Whitelist
Exclude senders from SMTP blocking. To prevent all SMTP checks(Greylisting, Receiver Verification, SPF and DNSBL) and accept allemails for analysis in the filter rule system, you can add thefollowing to this list: Domains (Sender/Receiver), Mail address(Sender/Receiver), Regular Expression (Sender/Receiver), IP address(Sender), IP network (Sender).
and
4.4.1. SMTP Whitelist
The SMTP Whitelist is responsible for disablinggreylisting, as well as SPF and DNSBL checks. These are done during the SMTPdialogue.All SMTP checks are disabled for those entries (e.g. Greylisting,SPF, DNSBL, …)
DNSBL checks are done by postscreen, which works on IP addresses and networks.This means it can only make use of the IP Address and IP Network entries. <this actually works to whitelist an IP that is on a block list>
-------------------------------------------------
So now the question has to be asked, why can I put email addresses in there if it can only process through the IP?
This seems very ambiguous.
Please don't get me wrong, I love the Proxmox server, and I do not expect it to be perfect. For the price of even the basic subscription, this server does the work of much more expensive solutions like the barracuda spam firewall. I have had one of those and its a MUCH more expensive solution.
The point isn't relevant because neither of these actually whitelist the address in question. As I posted initially, I have whitelisted the domain globally, I have whitelisted the domain in the clients whitelist and I have whitelisted the domain in the smtp section above. In all cases the domain was being caught in the spamcop rbl after being whitelisted.
For me, all of this banter aside, I am just looking or a way to whitelist an email or a domain that is being blocked by bl.spamcop. I like using this rbl because it's very effective with large email providers who have hundreds of smtp servers. I don't want to whitelist the ip because this ISP has hundreds of servers which spam regularly. Gmail is also like this, hundreds of servers, and I only want to make exception for one domain.
Thanks very much for your time.
dnsbl checks are not the only thing done in postscreen, like it's written:
e.g. spf checks can use domain/emails whitelist entries since that information is already there
but that's exactly the issue, there isn't an email or domain blocked by spamcop but only the ips, so you can only whitelist the ips for that (as there is not more info there yet)
You can simply test the domains and see which one are blocking.
I don't think it's as difficult as you think, use a simple mailtester and with that you can target the problem.
I don't think it's as difficult as you think, use a simple mailtester and with that you can target the problem.
Hello all,
I just whitelisted a domain for a customer. I found that the whitelist as it is now is too simple and so it is dangerous.
Let me explain: let's say I want to whitelist acme.com. Apart from listing the domain, I would like to be able to have check boxes for checks that I require to be valid. One of those checks could be SPF verification. With such a checkbox (that would indicate SPF has to pass), I could be certain that the email comes from authorized ip addresses , but have it delivered even if it is listed in a blacklist of any sort.
I understand that postscreen might reject it before SMTP commands tell us mail from, but could it be possible to configure postscreen to not block but simply add a big spam score, then when sender is known, if whitelisted and SPF pass, accept and deliver, otherwise, if spam score is too high, reject (SMTP can reject right after the MAIL FROM is known.
p.s.: I am a newbie so please forgive me if I ask dumb questions.
I just whitelisted a domain for a customer. I found that the whitelist as it is now is too simple and so it is dangerous.
Let me explain: let's say I want to whitelist acme.com. Apart from listing the domain, I would like to be able to have check boxes for checks that I require to be valid. One of those checks could be SPF verification. With such a checkbox (that would indicate SPF has to pass), I could be certain that the email comes from authorized ip addresses , but have it delivered even if it is listed in a blacklist of any sort.
I understand that postscreen might reject it before SMTP commands tell us mail from, but could it be possible to configure postscreen to not block but simply add a big spam score, then when sender is known, if whitelisted and SPF pass, accept and deliver, otherwise, if spam score is too high, reject (SMTP can reject right after the MAIL FROM is known.
p.s.: I am a newbie so please forgive me if I ask dumb questions.