Who & What Rules not blocking senders

Sep 17, 2020
315
20
38
Hello All,

I'm trying to figure out how to get PMG to block senders, even though I applied multiple techniques shared here on the forum, spam mail still flows.

In my example, I have created both from rules with WHAT objects, as well as WHO objects, but the message flows.

Another note is when I go to tracking, use both the sender and recipient it times out, I then tried it from the command line with nothing coming back.
I also tried it from tracking center with "include empty senders" filtered it down to a 24 hour window from the sent time, nothing.
Since I can't pull the data from the tracking, I have the outlook headers attached.

Trying to block any sender @spwow365.com

Any direction appreciated.



Who Object

1612799575580.png

What Object

1612799609046.png

Mail Filter rules showing both sets of object rules.

1612799634424.png
 

Attachments

Last edited:
The regular expression you're using seems a bit complicated - and also potentially wrong...
If you want to match anything which contains @spwow365.com in the from header (or as a sender (= envelope from)) try:
Code:
.+@spwow365\.com

and also use the regular expression tester when creating the objects

I hope this helps!
 
(\W|^)[\w.+\-]{0,50}@spwow365\.com(\W|$)
Why?
this matches either non-word characters (e.g. spaces) or the beginning of the string, followed by 0-50 word-characters (including . + -), followed by @spwow365.com, followed by one non-word character or the end of string.
So this won't for example match:
Code:
"Joel Oleson MVP" <joel.oleson@spwow365.com>
(which contains word characters, but also '<', and '"' and a space) ...
In general try to keep the regular expressions as simple as possible - everything else causes just more confusion than it helps
 
  • Like
Reactions: fluxX04
Why?
this matches either non-word characters (e.g. spaces) or the beginning of the string, followed by 0-50 word-characters (including . + -), followed by @spwow365.com, followed by one non-word character or the end of string.
So this won't for example match:
Code:
"Joel Oleson MVP" <joel.oleson@spwow365.com>
(which contains word characters, but also '<', and '"' and a space) ...
In general try to keep the regular expressions as simple as possible - everything else causes just more confusion than it helps
Test string work for "Joel Oleson MVP" <joel.oleson@spwow365.com>

1612944622208.png
 
Test string work for "Joel Oleson MVP" <joel.oleson@spwow365.com>
Yes - you're right - however PMG has a few places where the regular expressions get anchored (i.e. '^<regex>$') - and then it won't match anymore.

Especially in cases where it seems that a regular expression is not matching, although it should I would really suggest to keep the regex as simple as possible!

Making it more specific and tight and performant is something I would do, if a problem occurs (e.g. if a false positive happens)
 
Yes - you're right - however PMG has a few places where the regular expressions get anchored (i.e. '^<regex>$') - and then it won't match anymore.

Especially in cases where it seems that a regular expression is not matching, although it should I would really suggest to keep the regex as simple as possible!

Making it more specific and tight and performant is something I would do, if a problem occurs (e.g. if a false positive happens)
noted
 
Hello and thanks for the responses, I had previously used hata_ph regex, replacing it with my own, which I verified works ( regex wise ) and have noted that on previous posts.
I will revise all of my regex to the suggested and update you.

In respect to the object type, where is the proper place to put this in if I'm rejecting any email address reference to the domain:
what->match field->from or
what->match field->sender or
who->regex or
who->domain

Or is it as checking anywhere in the header for that domain, which kills multiple things, assuming that's possible.

I would love to get this working and remove duplicate rules attempting to block things and keep it in the proper place.


Thanks

FYI this is the site I use to test my regex
https://regex101.com/
 
Last edited:
For a domain match, and not an email match, is
.+Domain.\com

The recommended method for matching anything that domain?
Or should I have
.+\.Domain.\com

Also in this case what if nothing is in front, thats why I used my previous regex.

Thanks
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!