Make sure PMG not send any outgoing email

[Squiggle]

Hi everyone,

We currently use PMG for anti-spam and virus protection before messages reach our mail server. However, I'm concerned that PMG might be sending out emails unintentionally. This could happen due to an unknown bug or a potential attacker exploiting PMG.

Specifically, I've observed PMG attempting to send emails to a remote MX server that appears to be spam-related (from field domain your-server.be is not our domain).

Can you advise on how to investigate this further and prevent PMG from sending unauthorized emails?

 

[Squiggle]

My "Configuration: Mail Proxy / Networks / Trust Network" is empy, PMG version: 7.3-11
Don't know how these messages can go to PMG queue?

 

[Stoiko Ivanov]

The screenshots you shared do not show where the emails from info@your-server.be came from - so it's not possible to see where the issue is.
Please post the logs of the initial submission of such a mail - as plaintext and not as screenshot

 

[Squiggle]

The screenshots you shared do not show where the emails from info@your-server.be came from - so it's not possible to see where the issue is.
Please post the logs of the initial submission of such a mail - as plaintext and not as screenshot

Hello,

These are some logs from file /var/log/syslog, I had replace some private server info.

root@mail:~# head -n20000 /var/log/syslog | grep info@your-server.be

Output:

root@mail:~# head -n20000 /var/log/syslog | grep info@your-server.be

Mar 25 05:12:29 mail postfix/qmgr[32238]: 3C044141888: from=<info@your-server.be>, size=694, nrcpt=1 (queue active)

Mar 25 05:12:29 mail postfix/qmgr[32238]: 3E9D6141902: from=<info@your-server.be>, size=696, nrcpt=1 (queue active)

Mar 25 05:12:29 mail postfix/qmgr[32238]: 51303141906: from=<info@your-server.be>, size=700, nrcpt=1 (queue active)

Mar 25 05:12:29 mail postfix/qmgr[32238]: 559DC14190B: from=<info@your-server.be>, size=700, nrcpt=1 (queue active)

Mar 25 05:12:29 mail postfix/qmgr[32238]: 64D7B141930: from=<info@your-server.be>, size=698, nrcpt=1 (queue active)

Mar 25 05:12:29 mail postfix/qmgr[32238]: 59C7014190D: from=<info@your-server.be>, size=696, nrcpt=1 (queue active)

Mar 25 05:12:31 mail postfix/qmgr[32238]: 8CB48141938: from=<info@your-server.be>, size=1465, nrcpt=1 (queue active)

Mar 25 05:12:31 mail postfix/qmgr[32238]: 925C914193B: from=<info@your-server.be>, size=1552, nrcpt=1 (queue active)

Mar 25 05:12:31 mail postfix/qmgr[32238]: 9802E14193C: from=<info@your-server.be>, size=1468, nrcpt=1 (queue active)

Mar 25 05:12:31 mail postfix/qmgr[32238]: 9A9A0141937: from=<info@your-server.be>, size=1459, nrcpt=1 (queue active)

Mar 25 05:12:31 mail postfix/qmgr[32238]: 9D9F9141930: from=<info@your-server.be>, size=1462, nrcpt=1 (queue active)

Mar 25 05:12:32 mail postfix/qmgr[32238]: 8116C141902: from=<info@your-server.be>, size=1462, nrcpt=1 (queue active)

Mar 25 05:12:38 mail postfix/smtp[147168]: CD11E14190B: to=<info@your-server.be>, relay=mail.your-server.be[185.18.148.150]:25, delay=3.6, delays=0.01/0/3/0.57, dsn=2.0.0, status=sent (250 OK id=1roW4z-00000000oVw-40cH)

Mar 25 05:12:38 mail postfix/smtp[147219]: 421EF141906: to=<info@your-server.be>, relay=mail.your-server.be[185.18.148.150]:25, delay=4.2, delays=0.01/0/3.6/0.6, dsn=2.0.0, status=sent (250 OK id=1roW50-00000000oVx-08bR)

Mar 25 05:13:07 mail postfix/qmgr[32238]: CD047141888: from=<info@your-server.be>, size=55892, nrcpt=1 (queue active)

Mar 25 05:13:07 mail postfix/qmgr[32238]: CD8AF141906: from=<info@your-server.be>, size=55894, nrcpt=1 (queue active)

Mar 25 05:13:07 mail postfix/qmgr[32238]: CD11E141902: from=<info@your-server.be>, size=55895, nrcpt=1 (queue active)

Mar 25 05:13:07 mail postfix/qmgr[32238]: DDE4B14190B: from=<info@your-server.be>, size=55892, nrcpt=1 (queue active)

Mar 25 05:13:07 mail postfix/qmgr[32238]: E202B141930: from=<info@your-server.be>, size=55898, nrcpt=1 (queue active)

Mar 25 05:13:07 mail postfix/qmgr[32238]: DDF0114190D: from=<info@your-server.be>, size=55896, nrcpt=1 (queue active)

Mar 25 05:13:08 mail postfix/qmgr[32238]: AE5AF141938: from=<info@your-server.be>, size=57174, nrcpt=1 (queue active)

Mar 25 05:13:09 mail postfix/qmgr[32238]: 2C500141934: from=<info@your-server.be>, size=57176, nrcpt=1 (queue active)

Mar 25 05:13:09 mail postfix/qmgr[32238]: 3AB41141935: from=<info@your-server.be>, size=57172, nrcpt=1 (queue active)

Mar 25 05:13:09 mail postfix/qmgr[32238]: 4E8D0141902: from=<info@your-server.be>, size=57180, nrcpt=1 (queue active)

Mar 25 05:13:09 mail postfix/qmgr[32238]: 8E43F14190B: from=<info@your-server.be>, size=57171, nrcpt=1 (queue active)

Mar 25 05:13:10 mail postfix/qmgr[32238]: 1F79D141888: from=<info@your-server.be>, size=57178, nrcpt=1 (queue active)

Mar 25 05:13:13 mail postfix/smtp[147225]: 5387514190D: to=<info@your-server.be>, relay=mail.your-server.be[185.18.148.150]:25, delay=2.6, delays=0.01/0/2/0.57, dsn=2.0.0, status=sent (250 OK id=1roW5Z-00000000oWI-298j)

Mar 25 05:13:15 mail postfix/smtp[147220]: 5B737141930: to=<info@your-server.be>, relay=mail.your-server.be[185.18.148.150]:25, delay=2.7, delays=0.01/0/2.1/0.59, dsn=2.0.0, status=sent (250 OK id=1roW5a-00000000oWJ-2ZW6)

Mar 25 05:14:12 mail postfix/qmgr[32238]: 7D23E141888: from=<info@your-server.be>, size=55908, nrcpt=1 (queue active)

...

root@mail:~# head -n20000 /var/log/syslog | grep "Mar 25 05:12:28"

Output:

Mar 25 05:12:28 mail postfix/smtpd[147122]: 3C044141888: client=our-mail.server.name[local-ip-of-proxmox]
Mar 25 05:12:28 mail postfix/smtpd[147123]: 3E9D6141902: client=our-mail.server.name[local-ip-of-proxmox]
Mar 25 05:12:28 mail postfix/smtpd[147178]: 51303141906: client=our-mail.server.name[local-ip-of-proxmox]
Mar 25 05:12:28 mail postfix/smtpd[147179]: 559DC14190B: client=our-mail.server.name[local-ip-of-proxmox]
Mar 25 05:12:28 mail postfix/smtpd[147180]: 59C7014190D: client=our-mail.server.name[local-ip-of-proxmox]
Mar 25 05:12:28 mail postfix/smtpd[147181]: 64D7B141930: client=our-mail.server.name[local-ip-of-proxmox]

root@mail:~# head -n20000 /var/log/syslog | grep "3C044141888"

Output:

Mar 25 05:12:28 mail postfix/smtpd[147122]: 3C044141888: client=our-mail.server.name[local-ip-of-proxmox]
Mar 25 05:12:29 mail postfix/cleanup[147130]: 3C044141888: message-id=<20240324151225.682400357AEDCEE5@your-server.be>
Mar 25 05:12:29 mail postfix/qmgr[32238]: 3C044141888: from=<info@your-server.be>, size=694, nrcpt=1 (queue active)
Mar 25 05:12:31 mail postfix/lmtp[147133]: 3C044141888: to=<sat-faissal@web.de>, relay=127.0.0.1[127.0.0.1]:10024, delay=3.8, delays=1.3/0/0.05/2.4, dsn=2.5.0, status=sent (250 2.5.0 OK (1419336600A54D46C4E))
Mar 25 05:12:31 mail postfix/qmgr[32238]: 3C044141888: removed

root@mail:~# head -n20000 /var/log/syslog | grep "Mar 25 05:12:29"

Output:

Mar 25 05:12:29 mail postfix/cleanup[147130]: 3C044141888: message-id=<20240324151225.682400357AEDCEE5@your-server.be>
Mar 25 05:12:29 mail postfix/qmgr[32238]: 3C044141888: from=<info@your-server.be>, size=694, nrcpt=1 (queue active)
Mar 25 05:12:29 mail pmg-smtp-filter[147135]: 2024/03/25-05:12:29 CONNECT TCP Peer: "[127.0.0.1]:59912" Local: "[127.0.0.1]:10024"
Mar 25 05:12:29 mail postfix/cleanup[147132]: 3E9D6141902: message-id=<20240324151225.3DB190F7D23057B1@your-server.be>
Mar 25 05:12:29 mail postfix/qmgr[32238]: 3E9D6141902: from=<info@your-server.be>, size=696, nrcpt=1 (queue active)
Mar 25 05:12:29 mail pmg-smtp-filter[144739]: Starting "1" children
Mar 25 05:12:29 mail pmg-smtp-filter[147068]: 2024/03/25-05:12:29 CONNECT TCP Peer: "[127.0.0.1]:59924" Local: "[127.0.0.1]:10024"
Mar 25 05:12:29 mail pmg-smtp-filter[147135]: 1419336600A54D46C4E: new mail message-id=<20240324151225.682400357AEDCEE5@your-server.be>#012
Mar 25 05:12:29 mail postfix/cleanup[147182]: 51303141906: message-id=<20240324151225.59B4A375916414CD@your-server.be>
Mar 25 05:12:29 mail pmg-smtp-filter[147068]: 1419346600A54D47CE7: new mail message-id=<20240324151225.3DB190F7D23057B1@your-server.be>#012
Mar 25 05:12:29 mail postfix/qmgr[32238]: 51303141906: from=<info@your-server.be>, size=700, nrcpt=1 (queue active)
Mar 25 05:12:29 mail postfix/cleanup[147183]: 559DC14190B: message-id=<20240324151225.133756B7AC72561C@your-server.be>
Mar 25 05:12:29 mail postfix/qmgr[32238]: 559DC14190B: from=<info@your-server.be>, size=700, nrcpt=1 (queue active)
Mar 25 05:12:29 mail postfix/cleanup[147185]: 64D7B141930: message-id=<20240324151225.025011ED93FDF484@your-server.be>
Mar 25 05:12:29 mail postfix/cleanup[147184]: 59C7014190D: message-id=<20240324151225.628421A835EA5FAC@your-server.be>
Mar 25 05:12:29 mail postfix/qmgr[32238]: 64D7B141930: from=<info@your-server.be>, size=698, nrcpt=1 (queue active)
Mar 25 05:12:29 mail postfix/qmgr[32238]: 59C7014190D: from=<info@your-server.be>, size=696, nrcpt=1 (queue active)
Mar 25 05:12:29 mail pmg-smtp-filter[147186]: 2024/03/25-05:12:29 CONNECT TCP Peer: "[127.0.0.1]:59934" Local: "[127.0.0.1]:10024"
Mar 25 05:12:29 mail pmg-smtp-filter[144739]: Starting "1" children
Mar 25 05:12:29 mail pmg-smtp-filter[147186]: 1419356600A54D7AAE4: new mail message-id=<20240324151225.59B4A375916414CD@your-server.be>#012
Mar 25 05:12:29 mail pmg-smtp-filter[147197]: 2024/03/25-05:12:29 CONNECT TCP Peer: "[127.0.0.1]:59948" Local: "[127.0.0.1]:10024"
Mar 25 05:12:29 mail pmg-smtp-filter[144739]: Starting "1" children
Mar 25 05:12:29 mail pmg-smtp-filter[147197]: 1419366600A54DA898F: new mail message-id=<20240324151225.133756B7AC72561C@your-server.be>#012
Mar 25 05:12:29 mail pmg-smtp-filter[147201]: 2024/03/25-05:12:29 CONNECT TCP Peer: "[127.0.0.1]:59950" Local: "[127.0.0.1]:10024"
Mar 25 05:12:29 mail pmg-smtp-filter[144739]: Starting "1" children
Mar 25 05:12:29 mail postfix/smtpd[147122]: disconnect from our-mail.server.name[local-ip-of-proxmox] ehlo=1 mail=1 rcpt=1 data=1 commands=4
Mar 25 05:12:29 mail postfix/smtpd[147179]: disconnect from our-mail.server.name[local-ip-of-proxmox] ehlo=1 mail=1 rcpt=1 data=1 commands=4
Mar 25 05:12:29 mail pmg-smtp-filter[147201]: 1419376600A54DD66FF: new mail message-id=<20240324151225.025011ED93FDF484@your-server.be>#012
Mar 25 05:12:29 mail postfix/smtpd[147180]: disconnect from our-mail.server.name[local-ip-of-proxmox] ehlo=1 mail=1 rcpt=1 data=1 commands=4
Mar 25 05:12:29 mail postfix/smtpd[147181]: disconnect from our-mail.server.name[local-ip-of-proxmox] ehlo=1 mail=1 rcpt=1 data=1 commands=4
Mar 25 05:12:29 mail postfix/smtpd[147123]: disconnect from our-mail.server.name[local-ip-of-proxmox] ehlo=1 mail=1 rcpt=1 data=1 commands=4
Mar 25 05:12:29 mail postfix/smtpd[147178]: disconnect from our-mail.server.name[local-ip-of-proxmox] ehlo=1 mail=1 rcpt=1 data=1 commands=4

 

[Stoiko Ivanov]

Mar 25 05:12:28 mail postfix/smtpd[147122]: 3C044141888: client=our-mail.server.name[local-ip-of-proxmox]

is your PMG our-mail.server.name? - else I don't understand local-ip-of-proxmox in this context.
Also it's odd for the system to log mails originating from it with it's public ip-address..

 

[Squiggle]

is your PMG our-mail.server.name? - else I don't understand local-ip-of-proxmox in this context.
Also it's odd for the system to log mails originating from it with it's public ip-address..

Yes, i replace the real server name value in log with our-mail.server.name, the local IP (LAN) in log with local-ip-of-proxmox, the public IP with public-ip-of-proxmox

Some more logs. Seen remote attacker from IP 185.18.148.150

root@mail:~# head -n30000 /var/log/syslog | grep "185.18.148.150"

Output:

Mar 25 05:12:38 mail postfix/smtp[147168]: CD11E14190B: to=<info@your-server.be>, relay=mail.your-server.be[185.18.148.150]:25, delay=3.6, delays=0.01/0/3/0.57, dsn=2.0.0, status=sent (250 OK id=1roW4z-00000000oVw-40cH)
Mar 25 05:12:38 mail postfix/smtp[147219]: 421EF141906: to=<info@your-server.be>, relay=mail.your-server.be[185.18.148.150]:25, delay=4.2, delays=0.01/0/3.6/0.6, dsn=2.0.0, status=sent (250 OK id=1roW50-00000000oVx-08bR)
Mar 25 05:13:13 mail postfix/smtp[147225]: 5387514190D: to=<info@your-server.be>, relay=mail.your-server.be[185.18.148.150]:25, delay=2.6, delays=0.01/0/2/0.57, dsn=2.0.0, status=sent (250 OK id=1roW5Z-00000000oWI-298j)
Mar 25 05:13:15 mail postfix/smtp[147220]: 5B737141930: to=<info@your-server.be>, relay=mail.your-server.be[185.18.148.150]:25, delay=2.7, delays=0.01/0/2.1/0.59, dsn=2.0.0, status=sent (250 OK id=1roW5a-00000000oWJ-2ZW6)
Mar 25 05:14:19 mail postfix/smtp[147225]: 6CBD214193C: to=<info@your-server.be>, relay=mail.your-server.be[185.18.148.150]:25, delay=2.7, delays=0/0/2.1/0.58, dsn=2.0.0, status=sent (250 OK id=1roW6c-00000000oXE-2joF)
Mar 25 05:14:19 mail postfix/smtp[147223]: 73590141A3D: to=<info@your-server.be>, relay=mail.your-server.be[185.18.148.150]:25, delay=2.7, delays=0.01/0/2.1/0.58, dsn=2.0.0, status=sent (250 OK id=1roW6c-00000000oXF-2r1A)
Mar 25 05:14:19 mail postfix/smtp[147219]: BEE40141979: to=<info@your-server.be>, relay=mail.your-server.be[185.18.148.150]:25, delay=2.7, delays=0/0/2.1/0.6, dsn=2.0.0, status=sent (250 OK id=1roW6d-00000000oXG-08QK)
Mar 25 05:14:21 mail postfix/smtp[147395]: 4522B14193D: to=<info@your-server.be>, relay=mail.your-server.be[185.18.148.150]:25, delay=2.8, delays=0.01/0.05/2.1/0.6, dsn=2.0.0, status=sent (250 OK id=1roW6e-00000000oXH-2UxB)
Mar 25 05:14:21 mail postfix/smtp[147357]: 705F4141961: to=<info@your-server.be>, relay=mail.your-server.be[185.18.148.150]:25, delay=2.8, delays=0.01/0/2.1/0.6, dsn=2.0.0, status=sent (250 OK id=1roW6e-00000000oXI-33Ru)
Mar 25 05:14:21 mail postfix/smtp[147225]: 01FBF141A4D: to=<info@your-server.be>, relay=mail.your-server.be[185.18.148.150]:25, delay=2.8, delays=0.01/0.13/2/0.58, dsn=2.0.0, status=sent (250 OK id=1roW6f-00000000oXb-1H8U)
Mar 25 05:14:21 mail postfix/smtp[147385]: 7260D141902: to=<info@your-server.be>, relay=mail.your-server.be[185.18.148.150]:25, delay=3.3, delays=0.01/0.64/2.1/0.58, dsn=2.0.0, status=sent (250 OK id=1roW6f-00000000oXZ-1H9I)
Mar 25 05:14:21 mail postfix/smtp[147387]: D5EF3141A0F: to=<info@your-server.be>, relay=mail.your-server.be[185.18.148.150]:25, delay=2.9, delays=0.01/0.24/2.1/0.59, dsn=2.0.0, status=sent (250 OK id=1roW6f-00000000oXa-1NZM)
Mar 25 05:14:21 mail postfix/smtp[147389]: ECE94141A4C: to=<info@your-server.be>, relay=mail.your-server.be[185.18.148.150]:25, delay=2.9, delays=0.01/0.17/2.1/0.6, dsn=2.0.0, status=sent (250 OK id=1roW6f-00000000oXc-1eKo)
Mar 25 05:14:22 mail postfix/smtp[147223]: B30DD141A4B: to=<info@your-server.be>, relay=mail.your-server.be[185.18.148.150]:25, delay=2.7, delays=0.01/0/2.1/0.6, dsn=2.0.0, status=sent (250 OK id=1roW6f-00000000oXd-47gW)
Mar 25 05:14:22 mail postfix/smtp[147219]: E6933141A68: to=<info@your-server.be>, relay=mail.your-server.be[185.18.148.150]:25, delay=2.7, delays=0/0/2.1/0.58, dsn=2.0.0, status=sent (250 OK id=1roW6g-00000000oXe-0ZEZ)
Mar 25 05:14:23 mail postfix/smtp[147163]: 39CB1141AA7: to=<info@your-server.be>, relay=mail.your-server.be[185.18.148.150]:25, delay=3.5, delays=0.01/0.83/2/0.57, dsn=2.0.0, status=sent (250 OK id=1roW6h-00000000oXp-114A)
Mar 25 05:14:23 mail postfix/smtp[147220]: 695C914190D: to=<info@your-server.be>, relay=mail.your-server.be[185.18.148.150]:25, delay=3.3, delays=0.01/0.64/2.1/0.59, dsn=2.0.0, status=sent (250 OK id=1roW6h-00000000oXq-1Cpf)
Mar 25 05:14:24 mail postfix/smtp[147395]: 94B45141AB0: to=<info@your-server.be>, relay=mail.your-server.be[185.18.148.150]:25, delay=2.6, delays=0/0/2.1/0.58, dsn=2.0.0, status=sent (250 OK id=1roW6h-00000000oYB-3IXJ)
Mar 25 05:14:24 mail postfix/smtp[147168]: 4934E14195A: to=<info@your-server.be>, relay=mail.your-server.be[185.18.148.150]:25, delay=2.6, delays=0.01/0/2/0.58, dsn=2.0.0, status=sent (250 OK id=1roW6i-00000000oYO-1vAw)
Mar 25 05:14:24 mail postfix/smtp[147354]: 4169A141ABB: to=<info@your-server.be>, relay=mail.your-server.be[185.18.148.150]:25, delay=2.7, delays=0.03/0/2.1/0.59, dsn=2.0.0, status=sent (250 OK id=1roW6i-00000000oYM-261l)
Mar 25 05:14:25 mail postfix/smtp[147355]: 4B771141946: to=<info@your-server.be>, relay=mail.your-server.be[185.18.148.150]:25, delay=2.7, delays=0.01/0/2.1/0.59, dsn=2.0.0, status=sent (250 OK id=1roW6i-00000000oYP-2EEd)
Mar 25 05:14:25 mail postfix/smtp[147385]: 43789141AB9: to=<info@your-server.be>, relay=mail.your-server.be[185.18.148.150]:25, delay=2.8, delays=0.02/0.01/2.1/0.61, dsn=2.0.0, status=sent (250 OK id=1roW6i-00000000oYN-2F8m)
Mar 25 05:14:25 mail postfix/smtp[147393]: C73EE141A68: to=<info@your-server.be>, relay=mail.your-server.be[185.18.148.150]:25, delay=2.7, delays=0.01/0/2.1/0.6, dsn=2.0.0, status=sent (250 OK id=1roW6j-00000000oYQ-0Hx8)
...

root@mail:~# head -n20000 /var/log/syslog | grep "Mar 25 05:14:25"

Output:

Mar 25 05:14:25 mail postfix/smtp[147355]: 4B771141946: to=<info@your-server.be>, relay=mail.your-server.be[185.18.148.150]:25, delay=2.7, delays=0.01/0/2.1/0.59, dsn=2.0.0, status=sent (250 OK id=1roW6i-00000000oYP-2EEd)
Mar 25 05:14:25 mail postfix/qmgr[32238]: 4B771141946: removed
Mar 25 05:14:25 mail postfix/qmgr[32238]: 0B1F6141A74: from=<info@your-server.be>, size=55907, nrcpt=1 (queue active)
Mar 25 05:14:25 mail pmg-smtp-filter[147314]: 2024/03/25-05:14:25 CONNECT TCP Peer: "[127.0.0.1]:41860" Local: "[127.0.0.1]:10024"
Mar 25 05:14:25 mail postfix/smtp[147385]: 43789141AB9: to=<info@your-server.be>, relay=mail.your-server.be[185.18.148.150]:25, delay=2.8, delays=0.02/0.01/2.1/0.61, dsn=2.0.0, status=sent (250 OK id=1roW6i-00000000oYN-2F8m)
Mar 25 05:14:25 mail postfix/qmgr[32238]: 43789141AB9: removed
Mar 25 05:14:25 mail pmg-smtp-filter[147305]: 14193C6600A5C0F29B4: new mail message-id=<20240324151402.B6699E8400CC8F3C@your-server.be>#012
Mar 25 05:14:25 mail pmg-smtp-filter[147282]: 141A7B6600A5C0F2C79: new mail message-id=<20240324151402.B94720C73858AE03@your-server.be>#012
Mar 25 05:14:25 mail pmg-smtp-filter[147314]: 1419466600A5C10F227: new mail message-id=<20240324151402.0CD2E9B8D2ABBC71@your-server.be>#012
Mar 25 05:14:25 mail postfix/smtpd[147179]: 65EEC141A82: client=our-mail.server.name[local-ip-of-proxmox]
Mar 25 05:14:25 mail postfix/smtp[147163]: C3D7F141AAC: to=<ziyawa@gmail.com>, relay=gmail-smtp-in.l.google.com[64.233.188.26]:25, delay=1.6, delays=0.05/0/0.8/0.78, dsn=5.7.26, status=bounced (host gmail-smtp-in.l.google.com[64.233.188.26] said: 550-5.7.26 This mail has been blocked because the sender is unauthenticated. 550-5.7.26 Gmail requires all senders to authenticate with either SPF or DKIM. 550-5.7.26  550-5.7.26  Authentication results: 550-5.7.26  DKIM = did not pass 550-5.7.26  SPF [your-server.be] with ip: [public-ip-of-proxmox] = did not pass 550-5.7.26  550-5.7.26  For instructions on setting up authentication, go to 550 5.7.26  https://support.google.com/mail/answer/81126#authentication h7-20020a170902680700b001dffbdeaae3si3738051plk.262 - gsmtp (in reply to end of DATA command))
Mar 25 05:14:25 mail postfix/cleanup[147182]: 69E27141AB2: message-id=<20240324221425.69E27141AB2@our-mail.server.name>
Mar 25 05:14:25 mail postfix/bounce[147397]: C3D7F141AAC: sender non-delivery notification: 69E27141AB2
Mar 25 05:14:25 mail postfix/qmgr[32238]: C3D7F141AAC: removed
Mar 25 05:14:25 mail postfix/qmgr[32238]: 69E27141AB2: from=<>, size=4521, nrcpt=1 (queue active)
Mar 25 05:14:25 mail postfix/smtp[147393]: C73EE141A68: to=<info@your-server.be>, relay=mail.your-server.be[185.18.148.150]:25, delay=2.7, delays=0.01/0/2.1/0.6, dsn=2.0.0, status=sent (250 OK id=1roW6j-00000000oYQ-0Hx8)
Mar 25 05:14:25 mail postfix/qmgr[32238]: C73EE141A68: removed
Mar 25 05:14:25 mail postfix/smtpd[147181]: A46B2141A68: client=our-mail.server.name[local-ip-of-proxmox]
Mar 25 05:14:25 mail postfix/smtpd[147122]: B2369141AAC: client=our-mail.server.name[local-ip-of-proxmox]
Mar 25 05:14:25 mail postfix/smtp[147389]: 36F92141AB8: to=<lucas-67118@hotmail.fr>, relay=eur.olc.protection.outlook.com[104.47.18.225]:25, delay=3.5, delays=0.07/0.01/2.4/1, dsn=2.6.0, status=sent (250 2.6.0 <20240324151402.B22C2DA8EA3B69FC@your-server.be> [InternalId=54799487732630, Hostname=AS2PR08MB10155.eurprd08.prod.outlook.com] 65139 bytes in 0.176, 360.728 KB/sec Queued mail for delivery -> 250 2.1.5)
Mar 25 05:14:25 mail postfix/qmgr[32238]: 36F92141AB8: removed
Mar 25 05:14:25 mail pmg-smtp-filter[147331]: 1419026600A5C071852: SA score=3/5 time=1.251 bayes=0.47 autolearn=no autolearn_force=no hits=AC_BR_BONANZA(0.001),ALL_TRUSTED(-1),AWL(-0.351),BAYES_50(0.8),CBJ_GiveMeABreak(1.75),HTML_MESSAGE(0.001),KAM_DMARC_STATUS(0.01),MIME_HTML_MOSTLY(0.1),SUBJ_END_SP_CHAR(1),TOO_POLITE(1)
Mar 25 05:14:25 mail pmg-smtp-filter[147331]: 1419026600A5C071852: added disclaimer (rule: Add Sender Address To Body)
Mar 25 05:14:25 mail pmg-smtp-filter[147331]: 1419026600A5C071852: added disclaimer (rule: Add Sender Address To Body)
Mar 25 05:14:25 mail pmg-smtp-filter[147331]: 1419026600A5C071852: moved mail for <piktograma@inbox.ru> to spam quarantine - 141AB06600A5C1C286D (rule: Quarantine/Mark Spam (Level 3))
Mar 25 05:14:25 mail pmg-smtp-filter[147331]: 1419026600A5C071852: processing time: 1.335 seconds (1.251, 0.056, 0)
Mar 25 05:14:25 mail postfix/lmtp[147341]: 7505A141906: to=<piktograma@inbox.ru>, relay=127.0.0.1[127.0.0.1]:10024, delay=2.7, delays=1.3/0/0.04/1.3, dsn=2.5.0, status=sent (250 2.5.0 OK (1419026600A5C071852))
Mar 25 05:14:25 mail postfix/qmgr[32238]: 7505A141906: removed
Mar 25 05:14:25 mail postfix/smtpd[147123]: C529B141902: client=our-mail.server.name[local-ip-of-proxmox]
Mar 25 05:14:25 mail postfix/smtp[147357]: 2DBD8141AAD: to=<painter8@hotmail.com>, relay=hotmail-com.olc.protection.outlook.com[104.47.18.97]:25, delay=1.7, delays=0.05/0/1.5/0.18, dsn=5.7.1, status=bounced (host hotmail-com.olc.protection.outlook.com[104.47.18.97] said: 550 5.7.1 Unfortunately, messages from [public-ip-of-proxmox] weren't sent. Please contact your Internet service provider since part of their network is on our block list (S3150). You can also refer your provider to http://mail.live.com/mail/troubleshooting.aspx#errors. [AM6EUR05FT023.eop-eur05.prod.protection.outlook.com 2024-03-24T22:14:25.782Z 08DC4B130434F372] (in reply to MAIL FROM command))
Mar 25 05:14:25 mail postfix/smtp[147357]: 2DBD8141AAD: lost connection with hotmail-com.olc.protection.outlook.com[104.47.18.97] while sending RCPT TO
Mar 25 05:14:25 mail postfix/cleanup[147183]: D9E31141AB3: message-id=<20240324221425.D9E31141AB3@our-mail.server.name>
Mar 25 05:14:25 mail postfix/bounce[147397]: 2DBD8141AAD: sender non-delivery notification: D9E31141AB3
Mar 25 05:14:25 mail postfix/qmgr[32238]: D9E31141AB3: from=<>, size=4231, nrcpt=1 (queue active)
Mar 25 05:14:25 mail postfix/qmgr[32238]: 2DBD8141AAD: removed
Mar 25 05:14:25 mail postfix/smtp[147387]: 5689F141979: to=<trikzgaming10@gmail.com>, relay=gmail-smtp-in.l.google.com[64.233.188.26]:25, delay=1.6, delays=0.06/0/0.76/0.8, dsn=5.7.26, status=bounced (host gmail-smtp-in.l.google.com[64.233.188.26] said: 550-5.7.26 This mail has been blocked because the sender is unauthenticated. 550-5.7.26 Gmail requires all senders to authenticate with either SPF or DKIM. 550-5.7.26  550-5.7.26  Authentication results: 550-5.7.26  DKIM = did not pass 550-5.7.26  SPF [your-server.be] with ip: [public-ip-of-proxmox] = did not pass 550-5.7.26  550-5.7.26  For instructions on setting up authentication, go to 550 5.7.26  https://support.google.com/mail/answer/81126#authentication s35-20020a056a0017a300b006e6a3c94feesi3546026pfg.374 - gsmtp (in reply to end of DATA command))
Mar 25 05:14:25 mail postfix/cleanup[147268]: EDAB4141AAD: message-id=<20240324221425.EDAB4141AAD@our-mail.server.name>
Mar 25 05:14:25 mail postfix/bounce[147397]: 5689F141979: sender non-delivery notification: EDAB4141AAD
Mar 25 05:14:25 mail postfix/qmgr[32238]: 5689F141979: removed
Mar 25 05:14:25 mail postfix/qmgr[32238]: EDAB4141AAD: from=<>, size=4565, nrcpt=1 (queue active)
Mar 25 05:14:25 mail postfix/smtpd[147266]: EEF90141906: client=our-mail.server.name[local-ip-of-proxmox]
Mar 25 05:14:25 mail postfix/smtpd[147264]: EF1A2141979: client=our-mail.server.name[local-ip-of-proxmox]
Mar 25 05:14:25 mail postfix/smtpd[147180]: EF772141AB5: client=our-mail.server.name[local-ip-of-proxmox]
Mar 25 05:14:25 mail postfix/smtpd[147178]: EFCF1141AB6: client=our-mail.server.name[local-ip-of-proxmox]

 

[Stoiko Ivanov]

Mar 25 05:12:38 mail postfix/smtp[147168]: CD11E14190B: to=<info@your-server.be>, relay=mail.your-server.be[185.18.148.150]:25, delay=3.6, delays=0.01/0/3/0.57, dsn=2.0.0, status=sent (250 OK id=1roW4z-00000000oVw-40cH)

This describes an oubound message (postfix/smtp is the smtp client) - here your PMG successfully sent an email to mail.your-server.be

I would suggest to clear the queue with all the deferred mail (make sure you only remove the spam-messages) - then maybe you see better where the mails originally come from

Else:
* make sure your internal port is not publicly accessible
* make sure you only have listed trusted IPs in the trusted networks (the local-network of PMG is automatically added there)
* look for messages from postscreen and smtpd that show where the messages originally come from

 

[Squiggle]

This describes an oubound message (postfix/smtp is the smtp client) - here your PMG successfully sent an email to mail.your-server.be

I would suggest to clear the queue with all the deferred mail (make sure you only remove the spam-messages) - then maybe you see better where the mails originally come from

Else:
* make sure your internal port is not publicly accessible
* make sure you only have listed trusted IPs in the trusted networks (the local-network of PMG is automatically added there)
* look for messages from postscreen and smtpd that show where the messages originally come from

Thanks, after detect PMG server is spamming, I have done follow configs:

• Try to remove LAN_network.0/24 as show in postfix.mynetworks but can not find the way to do, so in PMG, I create a rule to block all IP in trust network except IPs of PMG and Mail server (follow this post) can send outbound message.
• Block outbound port 25 on Firewall from all LAN IP except IP of our mail server (PMG only for incomming email)
• Schedule check postfix mailq in PMG to detect any message queues exists and send notify to me

but I sill not know the root cause of this issue...

 

[Stoiko Ivanov]

Try to remove LAN_network.0/24 as show in postfix.mynetworks but can not find the way to do, so in PMG, I create a rule to block all IP in trust network except IPs of PMG and Mail server (follow this post) can send outbound message.

as said PMG automatically adds it's local network - you need to adapt the main.cf.in template and not use the variable for this:
https://pmg.proxmox.com/pmg-docs/pmg-admin-guide.html#pmgconfig_template_engine

but I sill not know the root cause of this issue...

you also did not post the relvant logs where the messages first came in (mostly only logs from the mails on the queue being rescheduled for deliver)

look through all your logs for the first mention of one of the target-addresses - use the tracking center to get the relevant information for this

 

[Squiggle]

@Stoiko Ivanov I try dig in log files but found nothing special...


Today, the rat come back again, here are some logs I have.

Note: the private informations was replaced as follow:

• PMG Domain name change to: mail.domain.name
• PMG LAN Ip address change to: local-ip-of-proxmox
• PMG Public Ip address change to: public-ip-of-proxmox

Command root@mail:~# grep "642DB153BE6" /var/log/syslog

Mar 28 19:41:49 mail postfix/postscreen[56727]: CONNECT from [local-ip-of-proxmox]:39294 to [local-ip-of-proxmox]:25
Mar 28 19:41:49 mail postfix/postscreen[56727]: WHITELISTED [local-ip-of-proxmox]:39294
Mar 28 19:41:49 mail postfix/smtpd[56728]: connect from mail.domain.name[local-ip-of-proxmox]
Mar 28 19:41:49 mail postfix/smtpd[56728]: NOQUEUE: client=mail.domain.name[local-ip-of-proxmox]
Mar 28 19:41:49 mail pmg-smtp-filter[54715]: 2024/03/28-19:41:49 CONNECT TCP Peer: "[127.0.0.1]:58972" Local: "[127.0.0.1]:10024"
Mar 28 19:41:49 mail pmg-smtp-filter[54715]: 1419F56605658D75A89: new mail message-id=
Mar 28 19:41:56 mail pmg-smtp-filter[54715]: 1419F56605658D75A89: SA score=1/5 time=6.743 bayes=0.64 autolearn=no autolearn_force=no hits=ALL_TRUSTED(-1),AWL(-0.850),BAYES_60(1.5),FREEMAIL_FROM(0.001),HTML_MESSAGE(0.001),HTML_MIME_NO_HTML_TAG(0.377),KAM_DMARC_STATUS(0.01),MIME_HTML_ONLY(0.1),MISSING_MID(0.497),SUBJ_END_SP_CHAR(1)
Mar 28 19:41:56 mail pmg-smtp-filter[54715]: 1419F56605658D75A89: added disclaimer (rule: Add Sender Address To Body)
Mar 28 19:41:56 mail postfix/smtpd[56736]: connect from localhost.localdomain[127.0.0.1]
Mar 28 19:41:56 mail postfix/smtpd[56736]: 642DB153BE6: client=localhost.localdomain[127.0.0.1], orig_client=mail.domain.name[local-ip-of-proxmox]
Mar 28 19:41:56 mail postfix/cleanup[56737]: 642DB153BE6: message-id=<20240328124156.642DB153BE6@mail.domain.name>
Mar 28 19:41:56 mail pmg-smtp-filter[54715]: 1419F56605658D75A89: accept mail to <edward.david0044@yahoo.com> (642DB153BE6) (rule: default-accept)
Mar 28 19:41:56 mail pmg-smtp-filter[54715]: 1419F56605658D75A89: accept mail to <edward_david0044@hotmail.com> (642DB153BE6) (rule: default-accept)
Mar 28 19:41:56 mail pmg-smtp-filter[54715]: 1419F56605658D75A89: accept mail to <graphic.designer3@aol.com> (642DB153BE6) (rule: default-accept)
Mar 28 19:41:56 mail pmg-smtp-filter[54715]: 1419F56605658D75A89: accept mail to <vincentcollins212@gmail.com> (642DB153BE6) (rule: default-accept)
Mar 28 19:41:56 mail pmg-smtp-filter[54715]: 1419F56605658D75A89: accept mail to <howardkay147@gmail.com> (642DB153BE6) (rule: default-accept)
Mar 28 19:41:56 mail postfix/qmgr[1081]: 642DB153BE6: from=<test@mail.com>, size=1666, nrcpt=5 (queue active)
Mar 28 19:42:57 mail postfix/smtp[56740]: 642DB153BE6: to=<edward_david0044@hotmail.com>, relay=none, delay=61, delays=0.09/0.14/61/0, dsn=4.4.1, status=deferred (connect to hotmail-com.olc.protection.outlook.com[104.47.51.33]:25: Connection timed out)
Mar 28 19:43:27 mail postfix/smtp[56739]: 642DB153BE6: to=<howardkay147@gmail.com>, relay=none, delay=91, delays=0.09/0.1/91/0, dsn=4.4.1, status=deferred (connect to alt2.gmail-smtp-in.l.google.com[142.250.141.27]:25: Connection timed out)
Mar 28 19:43:27 mail postfix/smtp[56739]: 642DB153BE6: to=<vincentcollins212@gmail.com>, relay=none, delay=91, delays=0.09/0.1/91/0, dsn=4.4.1, status=deferred (connect to alt2.gmail-smtp-in.l.google.com[142.250.141.27]:25: Connection timed out)
Mar 28 19:44:27 mail postfix/smtp[56738]: 642DB153BE6: to=<graphic.designer3@aol.com>, relay=none, delay=151, delays=0.09/0.05/151/0, dsn=4.4.1, status=deferred (connect to mx-aol.mail.gm0.yahoodns.net[67.195.228.86]:25: Connection timed out)
Mar 28 19:44:27 mail postfix/smtp[56741]: 642DB153BE6: to=<edward.david0044@yahoo.com>, relay=none, delay=151, delays=0.09/0.19/151/0, dsn=4.4.1, status=deferred (connect to mta5.am0.yahoodns.net[98.136.96.91]:25: Connection timed out)
Mar 28 19:54:15 mail postfix/qmgr[1081]: 642DB153BE6: from=<test@mail.com>, size=1666, nrcpt=5 (queue active)
Mar 28 19:55:16 mail postfix/smtp[56935]: 642DB153BE6: to=<edward_david0044@hotmail.com>, relay=none, delay=800, delays=739/0.17/61/0, dsn=4.4.1, status=deferred (connect to hotmail-com.olc.protection.outlook.com[104.47.17.97]:25: Connection timed out)
Mar 28 19:55:46 mail postfix/smtp[56934]: 642DB153BE6: to=<howardkay147@gmail.com>, relay=none, delay=830, delays=739/0.12/91/0, dsn=4.4.1, status=deferred (connect to alt2.gmail-smtp-in.l.google.com[142.250.141.26]:25: Connection timed out)
Mar 28 19:55:46 mail postfix/smtp[56934]: 642DB153BE6: to=<vincentcollins212@gmail.com>, relay=none, delay=830, delays=739/0.12/91/0, dsn=4.4.1, status=deferred (connect to alt2.gmail-smtp-in.l.google.com[142.250.141.26]:25: Connection timed out)
Mar 28 19:56:45 mail postfix/smtp[56933]: 642DB153BE6: to=<graphic.designer3@aol.com>, relay=none, delay=889, delays=739/0.07/150/0, dsn=4.4.1, status=deferred (connect to mx-aol.mail.gm0.yahoodns.net[98.136.96.92]:25: Connection timed out)
Mar 28 19:56:45 mail postfix/smtp[56936]: 642DB153BE6: to=<edward.david0044@yahoo.com>, relay=none, delay=890, delays=739/0.21/150/0, dsn=4.4.1, status=deferred (connect to mta5.am0.yahoodns.net[67.195.228.110]:25: Connection timed out)
Mar 28 20:14:15 mail postfix/qmgr[1081]: 642DB153BE6: from=<test@mail.com>, size=1666, nrcpt=5 (queue active)
Mar 28 20:14:17 mail postfix/smtp[57345]: 642DB153BE6: host gmail-smtp-in.l.google.com[64.233.188.27] said: 421-4.7.28 Gmail has detected an unusual rate of unsolicited mail. To protect 421-4.7.28 our users from spam, mail has been temporarily rate limited. For 421-4.7.28 more information, go to 421-4.7.28  https://support.google.com/mail/?p=UnsolicitedRateLimitError to 421 4.7.28 review our Bulk Email Senders Guidelines. u69-20020a637948000000b005e83f34efa0si1405747pgc.185 - gsmtp (in reply to end of DATA command)
Mar 28 20:14:17 mail postfix/smtp[57344]: 642DB153BE6: to=<graphic.designer3@aol.com>, relay=mx-aol.mail.gm0.yahoodns.net[67.195.228.86]:25, delay=1942, delays=1939/0.05/1.7/0.71, dsn=5.7.9, status=bounced (host mx-aol.mail.gm0.yahoodns.net[67.195.228.86] said: 554 5.7.9 Message not accepted for policy reasons. See https://senders.yahooinc.com/error-codes (in reply to end of DATA command))
Mar 28 20:14:18 mail postfix/smtp[57346]: 642DB153BE6: to=<edward_david0044@hotmail.com>, relay=hotmail-com.olc.protection.outlook.com[104.47.18.225]:25, delay=1942, delays=1939/0.14/2.3/0.18, dsn=5.7.1, status=bounced (host hotmail-com.olc.protection.outlook.com[104.47.18.225] said: 550 5.7.1 Unfortunately, messages from [public-ip-of-proxmox] weren't sent. Please contact your Internet service provider since part of their network is on our block list (S3150). You can also refer your provider to http://mail.live.com/mail/troubleshooting.aspx#errors. [VI1EUR06FT027.eop-eur06.prod.protection.outlook.com 2024-03-28T13:14:17.958Z 08DC4DC8C19A1466] (in reply to MAIL FROM command))
Mar 28 20:14:18 mail postfix/smtp[57346]: 642DB153BE6: lost connection with hotmail-com.olc.protection.outlook.com[104.47.18.225] while sending RCPT TO
Mar 28 20:14:19 mail postfix/smtp[57347]: 642DB153BE6: to=<edward.david0044@yahoo.com>, relay=mta6.am0.yahoodns.net[98.136.96.76]:25, delay=1943, delays=1939/0.19/2.6/1.1, dsn=5.7.9, status=bounced (host mta6.am0.yahoodns.net[98.136.96.76] said: 554 5.7.9 Message not accepted for policy reasons. See https://senders.yahooinc.com/error-codes (in reply to end of DATA command))
Mar 28 20:14:19 mail postfix/smtp[57345]: 642DB153BE6: to=<howardkay147@gmail.com>, relay=alt1.gmail-smtp-in.l.google.com[173.194.65.26]:25, delay=1943, delays=1939/0.1/3.7/0.6, dsn=4.7.28, status=deferred (host alt1.gmail-smtp-in.l.google.com[173.194.65.26] said: 421-4.7.28 Gmail has detected an unusual rate of unsolicited mail. To protect 421-4.7.28 our users from spam, mail has been temporarily rate limited. For 421-4.7.28 more information, go to 421-4.7.28  https://support.google.com/mail/?p=UnsolicitedRateLimitError to 421 4.7.28 review our Bulk Email Senders Guidelines. m2-20020a170902c44200b001dc3dfe9f86si1314434plm.220 - gsmtp (in reply to end of DATA command))
Mar 28 20:14:19 mail postfix/smtp[57345]: 642DB153BE6: to=<vincentcollins212@gmail.com>, relay=alt1.gmail-smtp-in.l.google.com[173.194.65.26]:25, delay=1943, delays=1939/0.1/3.7/0.6, dsn=4.7.28, status=deferred (host alt1.gmail-smtp-in.l.google.com[173.194.65.26] said: 421-4.7.28 Gmail has detected an unusual rate of unsolicited mail. To protect 421-4.7.28 our users from spam, mail has been temporarily rate limited. For 421-4.7.28 more information, go to 421-4.7.28  https://support.google.com/mail/?p=UnsolicitedRateLimitError to 421 4.7.28 review our Bulk Email Senders Guidelines. m2-20020a170902c44200b001dc3dfe9f86si1314434plm.220 - gsmtp (in reply to end of DATA command))
Mar 28 20:14:19 mail postfix/bounce[57348]: 642DB153BE6: sender non-delivery notification: C75F9153BF1
Mar 28 20:49:15 mail postfix/qmgr[1081]: 642DB153BE6: from=<test@mail.com>, size=1666, nrcpt=5 (queue active)
Mar 28 20:49:17 mail postfix/smtp[57736]: 642DB153BE6: host gmail-smtp-in.l.google.com[64.233.188.27] said: 421-4.7.28 Gmail has detected an unusual rate of unsolicited mail. To protect 421-4.7.28 our users from spam, mail has been temporarily rate limited. For 421-4.7.28 more information, go to 421-4.7.28  https://support.google.com/mail/?p=UnsolicitedRateLimitError to 421 4.7.28 review our Bulk Email Senders Guidelines. x18-20020aa784d2000000b006ea700ee5c7si1473954pfn.393 - gsmtp (in reply to end of DATA command)
Mar 28 20:49:19 mail postfix/smtp[57736]: 642DB153BE6: to=<howardkay147@gmail.com>, relay=alt1.gmail-smtp-in.l.google.com[173.194.65.27]:25, delay=4043, delays=4039/0.05/3.9/0.6, dsn=4.7.28, status=deferred (host alt1.gmail-smtp-in.l.google.com[173.194.65.27] said: 421-4.7.28 Gmail has detected an unusual rate of unsolicited mail. To protect 421-4.7.28 our users from spam, mail has been temporarily rate limited. For 421-4.7.28 more information, go to 421-4.7.28  https://support.google.com/mail/?p=UnsolicitedRateLimitError to 421 4.7.28 review our Bulk Email Senders Guidelines. e8-20020a17090ab38800b0029dd816e84fsi3542569pjr.180 - gsmtp (in reply to end of DATA command))
Mar 28 20:49:19 mail postfix/smtp[57736]: 642DB153BE6: to=<vincentcollins212@gmail.com>, relay=alt1.gmail-smtp-in.l.google.com[173.194.65.27]:25, delay=4043, delays=4039/0.05/3.9/0.6, dsn=4.7.28, status=deferred (host alt1.gmail-smtp-in.l.google.com[173.194.65.27] said: 421-4.7.28 Gmail has detected an unusual rate of unsolicited mail. To protect 421-4.7.28 our users from spam, mail has been temporarily rate limited. For 421-4.7.28 more information, go to 421-4.7.28  https://support.google.com/mail/?p=UnsolicitedRateLimitError to 421 4.7.28 review our Bulk Email Senders Guidelines. e8-20020a17090ab38800b0029dd816e84fsi3542569pjr.180 - gsmtp (in reply to end of DATA command))

 

[Squiggle]

Command root@mail:~# grep "610BD153BEB" /var/log/syslog

Mar 28 19:55:37 mail postfix/postscreen[56939]: CONNECT from [local-ip-of-proxmox]:59264 to [local-ip-of-proxmox]:25
Mar 28 19:55:37 mail postfix/postscreen[56939]: WHITELISTED [local-ip-of-proxmox]:59264
Mar 28 19:55:37 mail postfix/smtpd[56983]: connect from mail.domain.name[local-ip-of-proxmox]
Mar 28 19:55:37 mail postfix/smtpd[56983]: NOQUEUE: client=mail.domain.name[local-ip-of-proxmox]
Mar 28 19:55:37 mail pmg-smtp-filter[56600]: 2024/03/28-19:55:37 CONNECT TCP Peer: "[127.0.0.1]:34148" Local: "[127.0.0.1]:10024"
Mar 28 19:55:37 mail pmg-smtp-filter[42102]: starting database maintenance
Mar 28 19:55:37 mail pmg-smtp-filter[42102]: end database maintenance (44 ms)
Mar 28 19:55:37 mail pmg-smtp-filter[56600]: 1419F5660568C97A6E0: new mail message-id=
Mar 28 19:55:41 mail pmg-smtp-filter[56600]: 1419F5660568C97A6E0: SA score=1/5 time=3.783 bayes=0.64 autolearn=no autolearn_force=no hits=ALL_TRUSTED(-1),AWL(-0.567),BAYES_60(1.5),FREEMAIL_FROM(0.001),HTML_MESSAGE(0.001),HTML_MIME_NO_HTML_TAG(0.377),KAM_DMARC_STATUS(0.01),MIME_HTML_ONLY(0.1),MISSING_MID(0.497),SUBJ_END_SP_CHAR(1)
Mar 28 19:55:41 mail pmg-smtp-filter[56600]: 1419F5660568C97A6E0: added disclaimer (rule: Add Sender Address To Body)
Mar 28 19:55:41 mail postfix/smtpd[56993]: connect from localhost.localdomain[127.0.0.1]
Mar 28 19:55:41 mail postfix/smtpd[56993]: 610BD153BEB: client=localhost.localdomain[127.0.0.1], orig_client=mail.domain.name[local-ip-of-proxmox]
Mar 28 19:55:41 mail postfix/cleanup[56994]: 610BD153BEB: message-id=<20240328125541.610BD153BEB@mail.domain.name>
Mar 28 19:55:41 mail pmg-smtp-filter[56600]: 1419F5660568C97A6E0: accept mail to <edward.david0044@yahoo.com> (610BD153BEB) (rule: default-accept)
Mar 28 19:55:41 mail pmg-smtp-filter[56600]: 1419F5660568C97A6E0: accept mail to <edward_david0044@hotmail.com> (610BD153BEB) (rule: default-accept)
Mar 28 19:55:41 mail pmg-smtp-filter[56600]: 1419F5660568C97A6E0: accept mail to <graphic.designer3@aol.com> (610BD153BEB) (rule: default-accept)
Mar 28 19:55:41 mail pmg-smtp-filter[56600]: 1419F5660568C97A6E0: accept mail to <vincentcollins212@gmail.com> (610BD153BEB) (rule: default-accept)
Mar 28 19:55:41 mail pmg-smtp-filter[56600]: 1419F5660568C97A6E0: accept mail to <howardkay147@gmail.com> (610BD153BEB) (rule: default-accept)
Mar 28 19:55:41 mail postfix/qmgr[1081]: 610BD153BEB: from=<test@mail.com>, size=1666, nrcpt=5 (queue active)
Mar 28 19:56:41 mail postfix/smtp[57002]: 610BD153BEB: to=<howardkay147@gmail.com>, relay=none, delay=60, delays=0.06/0.05/60/0, dsn=4.4.1, status=deferred (connect to alt2.gmail-smtp-in.l.google.com[2607:f8b0:4023:c0b::1b]:25: Network is unreachable)
Mar 28 19:56:41 mail postfix/smtp[57002]: 610BD153BEB: to=<vincentcollins212@gmail.com>, relay=none, delay=60, delays=0.06/0.05/60/0, dsn=4.4.1, status=deferred (connect to alt2.gmail-smtp-in.l.google.com[2607:f8b0:4023:c0b::1b]:25: Network is unreachable)
Mar 28 19:56:42 mail postfix/smtp[57003]: 610BD153BEB: to=<edward_david0044@hotmail.com>, relay=none, delay=61, delays=0.06/0.09/61/0, dsn=4.4.1, status=deferred (connect to hotmail-com.olc.protection.outlook.com[104.47.18.97]:25: Connection timed out)
Mar 28 19:58:11 mail postfix/smtp[56935]: 610BD153BEB: to=<graphic.designer3@aol.com>, relay=none, delay=150, delays=0.06/0/150/0, dsn=4.4.1, status=deferred (connect to mx-aol.mail.gm0.yahoodns.net[67.195.228.84]:25: Connection timed out)
Mar 28 19:58:11 mail postfix/smtp[57004]: 610BD153BEB: to=<edward.david0044@yahoo.com>, relay=none, delay=150, delays=0.06/0.13/150/0, dsn=4.4.1, status=deferred (connect to mta5.am0.yahoodns.net[67.195.228.109]:25: Connection timed out)
Mar 28 20:04:15 mail postfix/qmgr[1081]: 610BD153BEB: from=<test@mail.com>, size=1666, nrcpt=5 (queue active)
Mar 28 20:04:17 mail postfix/smtp[57144]: 610BD153BEB: host gmail-smtp-in.l.google.com[64.233.188.27] said: 421-4.7.28 Gmail has detected an unusual rate of unsolicited mail. To protect 421-4.7.28 our users from spam, mail has been temporarily rate limited. For 421-4.7.28 more information, go to 421-4.7.28  https://support.google.com/mail/?p=UnsolicitedRateLimitError to 421 4.7.28 review our Bulk Email Senders Guidelines. i63-20020a62c142000000b006eabdbccd99si1439778pfg.174 - gsmtp (in reply to end of DATA command)
Mar 28 20:04:18 mail postfix/smtp[57143]: 610BD153BEB: to=<graphic.designer3@aol.com>, relay=mx-aol.mail.gm0.yahoodns.net[67.195.204.80]:25, delay=517, delays=514/0.07/2.2/0.7, dsn=5.7.9, status=bounced (host mx-aol.mail.gm0.yahoodns.net[67.195.204.80] said: 554 5.7.9 Message not accepted for policy reasons. See https://senders.yahooinc.com/error-codes (in reply to end of DATA command))
Mar 28 20:04:18 mail postfix/smtp[57146]: 610BD153BEB: to=<edward.david0044@yahoo.com>, relay=mta6.am0.yahoodns.net[67.195.228.110]:25, delay=517, delays=514/0.21/2.2/0.66, dsn=5.7.9, status=bounced (host mta6.am0.yahoodns.net[67.195.228.110] said: 554 5.7.9 Message not accepted for policy reasons. See https://senders.yahooinc.com/error-codes (in reply to end of DATA command))
Mar 28 20:04:18 mail postfix/smtp[57145]: 610BD153BEB: to=<edward_david0044@hotmail.com>, relay=hotmail-com.olc.protection.outlook.com[104.47.55.161]:25, delay=517, delays=514/0.16/3.2/0.23, dsn=5.7.1, status=bounced (host hotmail-com.olc.protection.outlook.com[104.47.55.161] said: 550 5.7.1 Unfortunately, messages from [public-ip-of-proxmox] weren't sent. Please contact your Internet service provider since part of their network is on our block list (S3150). You can also refer your provider to http://mail.live.com/mail/troubleshooting.aspx#errors. [BN8NAM12FT038.eop-nam12.prod.protection.outlook.com 2024-03-28T13:04:18.717Z 08DC4D3E3A72748B] (in reply to MAIL FROM command))
Mar 28 20:04:18 mail postfix/smtp[57145]: 610BD153BEB: lost connection with hotmail-com.olc.protection.outlook.com[104.47.55.161] while sending RCPT TO
Mar 28 20:04:20 mail postfix/smtp[57144]: 610BD153BEB: to=<howardkay147@gmail.com>, relay=alt1.gmail-smtp-in.l.google.com[173.194.65.26]:25, delay=519, delays=514/0.12/4.6/0.64, dsn=4.7.28, status=deferred (host alt1.gmail-smtp-in.l.google.com[173.194.65.26] said: 421-4.7.28 Gmail has detected an unusual rate of unsolicited mail. To protect 421-4.7.28 our users from spam, mail has been temporarily rate limited. For 421-4.7.28 more information, go to 421-4.7.28  https://support.google.com/mail/?p=UnsolicitedRateLimitError to 421 4.7.28 review our Bulk Email Senders Guidelines. t6-20020a17090ad14600b002a08fd2c322si3629643pjw.116 - gsmtp (in reply to end of DATA command))
Mar 28 20:04:20 mail postfix/smtp[57144]: 610BD153BEB: to=<vincentcollins212@gmail.com>, relay=alt1.gmail-smtp-in.l.google.com[173.194.65.26]:25, delay=519, delays=514/0.12/4.6/0.64, dsn=4.7.28, status=deferred (host alt1.gmail-smtp-in.l.google.com[173.194.65.26] said: 421-4.7.28 Gmail has detected an unusual rate of unsolicited mail. To protect 421-4.7.28 our users from spam, mail has been temporarily rate limited. For 421-4.7.28 more information, go to 421-4.7.28  https://support.google.com/mail/?p=UnsolicitedRateLimitError to 421 4.7.28 review our Bulk Email Senders Guidelines. t6-20020a17090ad14600b002a08fd2c322si3629643pjw.116 - gsmtp (in reply to end of DATA command))
Mar 28 20:04:20 mail postfix/bounce[57147]: 610BD153BEB: sender non-delivery notification: A78D7153BEF
Mar 28 20:14:15 mail postfix/qmgr[1081]: 610BD153BEB: from=<test@mail.com>, size=1666, nrcpt=5 (queue active)
Mar 28 20:14:17 mail postfix/smtp[57339]: 610BD153BEB: host gmail-smtp-in.l.google.com[64.233.188.26] said: 421-4.7.28 Gmail has detected an unusual rate of unsolicited mail. To protect 421-4.7.28 our users from spam, mail has been temporarily rate limited. For 421-4.7.28 more information, go to 421-4.7.28  https://support.google.com/mail/?p=UnsolicitedRateLimitError to 421 4.7.28 review our Bulk Email Senders Guidelines. q60-20020a17090a754200b002a07ba484e8si1557794pjk.46 - gsmtp (in reply to end of DATA command)
Mar 28 20:14:19 mail postfix/smtp[57339]: 610BD153BEB: to=<howardkay147@gmail.com>, relay=alt1.gmail-smtp-in.l.google.com[173.194.65.26]:25, delay=1118, delays=1114/0.01/3.7/0.61, dsn=4.7.28, status=deferred (host alt1.gmail-smtp-in.l.google.com[173.194.65.26] said: 421-4.7.28 Gmail has detected an unusual rate of unsolicited mail. To protect 421-4.7.28 our users from spam, mail has been temporarily rate limited. For 421-4.7.28 more information, go to 421-4.7.28  https://support.google.com/mail/?p=UnsolicitedRateLimitError to 421 4.7.28 review our Bulk Email Senders Guidelines. o9-20020a656a49000000b005ce030a6460si1566079pgu.71 - gsmtp (in reply to end of DATA command))
Mar 28 20:14:19 mail postfix/smtp[57339]: 610BD153BEB: to=<vincentcollins212@gmail.com>, relay=alt1.gmail-smtp-in.l.google.com[173.194.65.26]:25, delay=1118, delays=1114/0.01/3.7/0.61, dsn=4.7.28, status=deferred (host alt1.gmail-smtp-in.l.google.com[173.194.65.26] said: 421-4.7.28 Gmail has detected an unusual rate of unsolicited mail. To protect 421-4.7.28 our users from spam, mail has been temporarily rate limited. For 421-4.7.28 more information, go to 421-4.7.28  https://support.google.com/mail/?p=UnsolicitedRateLimitError to 421 4.7.28 review our Bulk Email Senders Guidelines. o9-20020a656a49000000b005ce030a6460si1566079pgu.71 - gsmtp (in reply to end of DATA command))
Mar 28 20:34:15 mail postfix/qmgr[1081]: 610BD153BEB: from=<test@mail.com>, size=1666, nrcpt=5 (queue active)
Mar 28 20:34:17 mail postfix/smtp[57520]: 610BD153BEB: host gmail-smtp-in.l.google.com[64.233.188.27] said: 421-4.7.28 Gmail has detected an unusual rate of unsolicited mail. To protect 421-4.7.28 our users from spam, mail has been temporarily rate limited. For 421-4.7.28 more information, go to 421-4.7.28  https://support.google.com/mail/?p=UnsolicitedRateLimitError to 421 4.7.28 review our Bulk Email Senders Guidelines. s35-20020a635263000000b005dc7e971180si1480182pgl.543 - gsmtp (in reply to end of DATA command)
Mar 28 20:34:19 mail postfix/smtp[57520]: 610BD153BEB: to=<howardkay147@gmail.com>, relay=alt1.gmail-smtp-in.l.google.com[173.194.65.27]:25, delay=2318, delays=2314/0.07/3.7/0.7, dsn=4.7.28, status=deferred (host alt1.gmail-smtp-in.l.google.com[173.194.65.27] said: 421-4.7.28 Gmail has detected an unusual rate of unsolicited mail. To protect 421-4.7.28 our users from spam, mail has been temporarily rate limited. For 421-4.7.28 more information, go to 421-4.7.28  https://support.google.com/mail/?p=UnsolicitedRateLimitError to 421 4.7.28 review our Bulk Email Senders Guidelines. e8-20020a170902ef4800b001e102feb4adsi1529547plx.403 - gsmtp (in reply to end of DATA command))
Mar 28 20:34:19 mail postfix/smtp[57520]: 610BD153BEB: to=<vincentcollins212@gmail.com>, relay=alt1.gmail-smtp-in.l.google.com[173.194.65.27]:25, delay=2318, delays=2314/0.07/3.7/0.7, dsn=4.7.28, status=deferred (host alt1.gmail-smtp-in.l.google.com[173.194.65.27] said: 421-4.7.28 Gmail has detected an unusual rate of unsolicited mail. To protect 421-4.7.28 our users from spam, mail has been temporarily rate limited. For 421-4.7.28 more information, go to 421-4.7.28  https://support.google.com/mail/?p=UnsolicitedRateLimitError to 421 4.7.28 review our Bulk Email Senders Guidelines. e8-20020a170902ef4800b001e102feb4adsi1529547plx.403 - gsmtp (in reply to end of DATA command))
Mar 28 21:14:15 mail postfix/qmgr[1081]: 610BD153BEB: from=<test@mail.com>, size=1666, nrcpt=5 (queue active)
Mar 28 21:15:16 mail postfix/smtp[58168]: 610BD153BEB: to=<howardkay147@gmail.com>, relay=none, delay=4775, delays=4714/0.01/61/0, dsn=4.4.1, status=deferred (connect to alt2.gmail-smtp-in.l.google.com[2607:f8b0:4023:c0b::1b]:25: Network is unreachable)
Mar 28 21:15:16 mail postfix/smtp[58168]: 610BD153BEB: to=<vincentcollins212@gmail.com>, relay=none, delay=4775, delays=4714/0.01/61/0, dsn=4.4.1, status=deferred (connect to alt2.gmail-smtp-in.l.google.com[2607:f8b0:4023:c0b::1b]:25: Network is unreachable)

 

[Squiggle]

Some logs in tracking center, filter sender: test@mail.com

Mar 28 19:41:49 mail postfix/smtpd[56728]: connect from mail.domain.name[local-ip-of-proxmox]
Mar 28 19:41:49 mail postfix/smtpd[56728]: NOQUEUE: client=mail.domain.name[local-ip-of-proxmox]
Mar 28 19:41:49 mail pmg-smtp-filter[54715]: 1419F56605658D75A89: new mail message-id=
Mar 28 19:41:56 mail pmg-smtp-filter[54715]: 1419F56605658D75A89: SA score=1/5 time=6.743 bayes=0.64 autolearn=no autolearn_force=no hits=ALL_TRUSTED(-1),AWL(-0.850),BAYES_60(1.5),FREEMAIL_FROM(0.001),HTML_MESSAGE(0.001),HTML_MIME_NO_HTML_TAG(0.377),KAM_DMARC_STATUS(0.01),MIME_HTML_ONLY(0.1),MISSING_MID(0.497),SUBJ_END_SP_CHAR(1)
Mar 28 19:41:56 mail pmg-smtp-filter[54715]: 1419F56605658D75A89: added disclaimer (rule: Add Sender Address To Body)
Mar 28 19:41:56 mail postfix/smtpd[56736]: connect from localhost.localdomain[127.0.0.1]
Mar 28 19:41:56 mail postfix/smtpd[56736]: 642DB153BE6: client=localhost.localdomain[127.0.0.1], orig_client=mail.domain.name[local-ip-of-proxmox]
Mar 28 19:41:56 mail postfix/cleanup[56737]: 642DB153BE6: message-id=<20240328124156.642DB153BE6@mail.domain.name>
Mar 28 19:41:56 mail postfix/smtpd[56736]: disconnect from localhost.localdomain[127.0.0.1] ehlo=1 xforward=1 mail=1 rcpt=5 data=1 commands=9
Mar 28 19:41:56 mail pmg-smtp-filter[54715]: 1419F56605658D75A89: accept mail to <edward.david0044@yahoo.com> (642DB153BE6) (rule: default-accept)
Mar 28 19:41:56 mail pmg-smtp-filter[54715]: 1419F56605658D75A89: accept mail to <edward_david0044@hotmail.com> (642DB153BE6) (rule: default-accept)
Mar 28 19:41:56 mail pmg-smtp-filter[54715]: 1419F56605658D75A89: accept mail to <graphic.designer3@aol.com> (642DB153BE6) (rule: default-accept)
Mar 28 19:41:56 mail pmg-smtp-filter[54715]: 1419F56605658D75A89: accept mail to <vincentcollins212@gmail.com> (642DB153BE6) (rule: default-accept)
Mar 28 19:41:56 mail pmg-smtp-filter[54715]: 1419F56605658D75A89: accept mail to <howardkay147@gmail.com> (642DB153BE6) (rule: default-accept)
Mar 28 19:41:56 mail postfix/qmgr[1081]: 642DB153BE6: from=<test@mail.com>, size=1666, nrcpt=5 (queue active)
Mar 28 19:41:56 mail pmg-smtp-filter[54715]: 1419F56605658D75A89: processing time: 6.988 seconds (6.743, 0.094, 0)
Mar 28 19:41:56 mail postfix/smtpd[56728]: proxy-accept: END-OF-MESSAGE: 250 2.5.0 OK (1419F56605658D75A89); from=<test@mail.com> to=<edward.david0044@yahoo.com> proto=ESMTP helo=<WIN-BPN93HA3NON>
Mar 28 19:41:56 mail postfix/smtpd[56728]: disconnect from mail.domain.name[local-ip-of-proxmox] ehlo=1 mail=1 rcpt=5 data=1 rset=1 quit=1 commands=10
Mar 28 19:42:57 mail postfix/smtp[56740]: 642DB153BE6: to=<edward_david0044@hotmail.com>, relay=none, delay=61, delays=0.09/0.14/61/0, dsn=4.4.1, status=deferred (connect to hotmail-com.olc.protection.outlook.com[104.47.51.33]:25: Connection timed out)
Mar 28 19:43:27 mail postfix/smtp[56739]: 642DB153BE6: to=<howardkay147@gmail.com>, relay=none, delay=91, delays=0.09/0.1/91/0, dsn=4.4.1, status=deferred (connect to alt2.gmail-smtp-in.l.google.com[142.250.141.27]:25: Connection timed out)
Mar 28 19:43:27 mail postfix/smtp[56739]: 642DB153BE6: to=<vincentcollins212@gmail.com>, relay=none, delay=91, delays=0.09/0.1/91/0, dsn=4.4.1, status=deferred (connect to alt2.gmail-smtp-in.l.google.com[142.250.141.27]:25: Connection timed out)
Mar 28 19:44:27 mail postfix/smtp[56738]: 642DB153BE6: to=<graphic.designer3@aol.com>, relay=none, delay=151, delays=0.09/0.05/151/0, dsn=4.4.1, status=deferred (connect to mx-aol.mail.gm0.yahoodns.net[67.195.228.86]:25: Connection timed out)
Mar 28 19:44:27 mail postfix/smtp[56741]: 642DB153BE6: to=<edward.david0044@yahoo.com>, relay=none, delay=151, delays=0.09/0.19/151/0, dsn=4.4.1, status=deferred (connect to mta5.am0.yahoodns.net[98.136.96.91]:25: Connection timed out)
Mar 28 19:54:15 mail postfix/qmgr[1081]: 642DB153BE6: from=<test@mail.com>, size=1666, nrcpt=5 (queue active)
Mar 28 19:55:16 mail postfix/smtp[56935]: 642DB153BE6: to=<edward_david0044@hotmail.com>, relay=none, delay=800, delays=739/0.17/61/0, dsn=4.4.1, status=deferred (connect to hotmail-com.olc.protection.outlook.com[104.47.17.97]:25: Connection timed out)
Mar 28 19:55:46 mail postfix/smtp[56934]: 642DB153BE6: to=<howardkay147@gmail.com>, relay=none, delay=830, delays=739/0.12/91/0, dsn=4.4.1, status=deferred (connect to alt2.gmail-smtp-in.l.google.com[142.250.141.26]:25: Connection timed out)
Mar 28 19:55:46 mail postfix/smtp[56934]: 642DB153BE6: to=<vincentcollins212@gmail.com>, relay=none, delay=830, delays=739/0.12/91/0, dsn=4.4.1, status=deferred (connect to alt2.gmail-smtp-in.l.google.com[142.250.141.26]:25: Connection timed out)
Mar 28 19:56:45 mail postfix/smtp[56933]: 642DB153BE6: to=<graphic.designer3@aol.com>, relay=none, delay=889, delays=739/0.07/150/0, dsn=4.4.1, status=deferred (connect to mx-aol.mail.gm0.yahoodns.net[98.136.96.92]:25: Connection timed out)
Mar 28 19:56:45 mail postfix/smtp[56936]: 642DB153BE6: to=<edward.david0044@yahoo.com>, relay=none, delay=890, delays=739/0.21/150/0, dsn=4.4.1, status=deferred (connect to mta5.am0.yahoodns.net[67.195.228.110]:25: Connection timed out)
Mar 28 20:14:15 mail postfix/qmgr[1081]: 642DB153BE6: from=<test@mail.com>, size=1666, nrcpt=5 (queue active)
Mar 28 20:14:17 mail postfix/smtp[57345]: 642DB153BE6: host gmail-smtp-in.l.google.com[64.233.188.27] said: 421-4.7.28 Gmail has detected an unusual rate of unsolicited mail. To protect 421-4.7.28 our users from spam, mail has been temporarily rate limited. For 421-4.7.28 more information, go to 421-4.7.28 https://support.google.com/mail/?p=UnsolicitedRateLimitError to 421 4.7.28 review our Bulk Email Senders Guidelines. u69-20020a637948000000b005e83f34efa0si1405747pgc.185 - gsmtp (in reply to end of DATA command)
Mar 28 20:14:17 mail postfix/smtp[57344]: 642DB153BE6: to=<graphic.designer3@aol.com>, relay=mx-aol.mail.gm0.yahoodns.net[67.195.228.86]:25, delay=1942, delays=1939/0.05/1.7/0.71, dsn=5.7.9, status=bounced (host mx-aol.mail.gm0.yahoodns.net[67.195.228.86] said: 554 5.7.9 Message not accepted for policy reasons. See https://senders.yahooinc.com/error-codes (in reply to end of DATA command))
Mar 28 20:14:18 mail postfix/smtp[57346]: 642DB153BE6: to=<edward_david0044@hotmail.com>, relay=hotmail-com.olc.protection.outlook.com[104.47.18.225]:25, delay=1942, delays=1939/0.14/2.3/0.18, dsn=5.7.1, status=bounced (host hotmail-com.olc.protection.outlook.com[104.47.18.225] said: 550 5.7.1 Unfortunately, messages from [public-ip-of-proxmox] weren't sent. Please contact your Internet service provider since part of their network is on our block list (S3150). You can also refer your provider to http://mail.live.com/mail/troubleshooting.aspx#errors. [VI1EUR06FT027.eop-eur06.prod.protection.outlook.com 2024-03-28T13:14:17.958Z 08DC4DC8C19A1466] (in reply to MAIL FROM command))
Mar 28 20:14:18 mail postfix/smtp[57346]: 642DB153BE6: lost connection with hotmail-com.olc.protection.outlook.com[104.47.18.225] while sending RCPT TO
Mar 28 20:14:19 mail postfix/smtp[57347]: 642DB153BE6: to=<edward.david0044@yahoo.com>, relay=mta6.am0.yahoodns.net[98.136.96.76]:25, delay=1943, delays=1939/0.19/2.6/1.1, dsn=5.7.9, status=bounced (host mta6.am0.yahoodns.net[98.136.96.76] said: 554 5.7.9 Message not accepted for policy reasons. See https://senders.yahooinc.com/error-codes (in reply to end of DATA command))
Mar 28 20:14:19 mail postfix/smtp[57345]: 642DB153BE6: to=<howardkay147@gmail.com>, relay=alt1.gmail-smtp-in.l.google.com[173.194.65.26]:25, delay=1943, delays=1939/0.1/3.7/0.6, dsn=4.7.28, status=deferred (host alt1.gmail-smtp-in.l.google.com[173.194.65.26] said: 421-4.7.28 Gmail has detected an unusual rate of unsolicited mail. To protect 421-4.7.28 our users from spam, mail has been temporarily rate limited. For 421-4.7.28 more information, go to 421-4.7.28 https://support.google.com/mail/?p=UnsolicitedRateLimitError to 421 4.7.28 review our Bulk Email Senders Guidelines. m2-20020a170902c44200b001dc3dfe9f86si1314434plm.220 - gsmtp (in reply to end of DATA command))
Mar 28 20:14:19 mail postfix/smtp[57345]: 642DB153BE6: to=<vincentcollins212@gmail.com>, relay=alt1.gmail-smtp-in.l.google.com[173.194.65.26]:25, delay=1943, delays=1939/0.1/3.7/0.6, dsn=4.7.28, status=deferred (host alt1.gmail-smtp-in.l.google.com[173.194.65.26] said: 421-4.7.28 Gmail has detected an unusual rate of unsolicited mail. To protect 421-4.7.28 our users from spam, mail has been temporarily rate limited. For 421-4.7.28 more information, go to 421-4.7.28 https://support.google.com/mail/?p=UnsolicitedRateLimitError to 421 4.7.28 review our Bulk Email Senders Guidelines. m2-20020a170902c44200b001dc3dfe9f86si1314434plm.220 - gsmtp (in reply to end of DATA command))
Mar 28 20:49:15 mail postfix/qmgr[1081]: 642DB153BE6: from=<test@mail.com>, size=1666, nrcpt=5 (queue active)
Mar 28 20:49:17 mail postfix/smtp[57736]: 642DB153BE6: host gmail-smtp-in.l.google.com[64.233.188.27] said: 421-4.7.28 Gmail has detected an unusual rate of unsolicited mail. To protect 421-4.7.28 our users from spam, mail has been temporarily rate limited. For 421-4.7.28 more information, go to 421-4.7.28 https://support.google.com/mail/?p=UnsolicitedRateLimitError to 421 4.7.28 review our Bulk Email Senders Guidelines. x18-20020aa784d2000000b006ea700ee5c7si1473954pfn.393 - gsmtp (in reply to end of DATA command)
Mar 28 20:49:19 mail postfix/smtp[57736]: 642DB153BE6: to=<howardkay147@gmail.com>, relay=alt1.gmail-smtp-in.l.google.com[173.194.65.27]:25, delay=4043, delays=4039/0.05/3.9/0.6, dsn=4.7.28, status=deferred (host alt1.gmail-smtp-in.l.google.com[173.194.65.27] said: 421-4.7.28 Gmail has detected an unusual rate of unsolicited mail. To protect 421-4.7.28 our users from spam, mail has been temporarily rate limited. For 421-4.7.28 more information, go to 421-4.7.28 https://support.google.com/mail/?p=UnsolicitedRateLimitError to 421 4.7.28 review our Bulk Email Senders Guidelines. e8-20020a17090ab38800b0029dd816e84fsi3542569pjr.180 - gsmtp (in reply to end of DATA command))
Mar 28 20:49:19 mail postfix/smtp[57736]: 642DB153BE6: to=<vincentcollins212@gmail.com>, relay=alt1.gmail-smtp-in.l.google.com[173.194.65.27]:25, delay=4043, delays=4039/0.05/3.9/0.6, dsn=4.7.28, status=deferred (host alt1.gmail-smtp-in.l.google.com[173.194.65.27] said: 421-4.7.28 Gmail has detected an unusual rate of unsolicited mail. To protect 421-4.7.28 our users from spam, mail has been temporarily rate limited. For 421-4.7.28 more information, go to 421-4.7.28 https://support.google.com/mail/?p=UnsolicitedRateLimitError to 421 4.7.28 review our Bulk Email Senders Guidelines. e8-20020a17090ab38800b0029dd816e84fsi3542569pjr.180 - gsmtp (in reply to end of DATA command))
Mar 28 22:00:43 mail postfix/qmgr[58848]: 642DB153BE6: from=<test@mail.com>, size=1666, nrcpt=5 (queue active)
Mar 28 22:02:15 mail postfix/smtp[59168]: 642DB153BE6: to=<howardkay147@gmail.com>, relay=none, delay=8419, delays=8327/0.07/91/0, dsn=4.4.1, status=deferred (connect to alt2.gmail-smtp-in.l.google.com[142.250.141.27]:25: Connection timed out)
Mar 28 22:02:15 mail postfix/smtp[59168]: 642DB153BE6: to=<vincentcollins212@gmail.com>, relay=none, delay=8419, delays=8327/0.07/91/0, dsn=4.4.1, status=deferred (connect to alt2.gmail-smtp-in.l.google.com[142.250.141.27]:25: Connection timed out)

 

[Squiggle]

Mar 28 19:55:37 mail postfix/smtpd[56983]: connect from mail.domain.name[local-ip-of-proxmox]
Mar 28 19:55:37 mail postfix/smtpd[56983]: NOQUEUE: client=mail.domain.name[local-ip-of-proxmox]
Mar 28 19:55:37 mail pmg-smtp-filter[56600]: 1419F5660568C97A6E0: new mail message-id=
Mar 28 19:55:41 mail pmg-smtp-filter[56600]: 1419F5660568C97A6E0: SA score=1/5 time=3.783 bayes=0.64 autolearn=no autolearn_force=no hits=ALL_TRUSTED(-1),AWL(-0.567),BAYES_60(1.5),FREEMAIL_FROM(0.001),HTML_MESSAGE(0.001),HTML_MIME_NO_HTML_TAG(0.377),KAM_DMARC_STATUS(0.01),MIME_HTML_ONLY(0.1),MISSING_MID(0.497),SUBJ_END_SP_CHAR(1)
Mar 28 19:55:41 mail pmg-smtp-filter[56600]: 1419F5660568C97A6E0: added disclaimer (rule: Add Sender Address To Body)
Mar 28 19:55:41 mail postfix/smtpd[56993]: connect from localhost.localdomain[127.0.0.1]
Mar 28 19:55:41 mail postfix/smtpd[56993]: 610BD153BEB: client=localhost.localdomain[127.0.0.1], orig_client=mail.domain.name[local-ip-of-proxmox]
Mar 28 19:55:41 mail postfix/cleanup[56994]: 610BD153BEB: message-id=<20240328125541.610BD153BEB@mail.domain.name>
Mar 28 19:55:41 mail postfix/smtpd[56993]: disconnect from localhost.localdomain[127.0.0.1] ehlo=1 xforward=1 mail=1 rcpt=5 data=1 commands=9
Mar 28 19:55:41 mail pmg-smtp-filter[56600]: 1419F5660568C97A6E0: accept mail to <edward.david0044@yahoo.com> (610BD153BEB) (rule: default-accept)
Mar 28 19:55:41 mail pmg-smtp-filter[56600]: 1419F5660568C97A6E0: accept mail to <edward_david0044@hotmail.com> (610BD153BEB) (rule: default-accept)
Mar 28 19:55:41 mail pmg-smtp-filter[56600]: 1419F5660568C97A6E0: accept mail to <graphic.designer3@aol.com> (610BD153BEB) (rule: default-accept)
Mar 28 19:55:41 mail pmg-smtp-filter[56600]: 1419F5660568C97A6E0: accept mail to <vincentcollins212@gmail.com> (610BD153BEB) (rule: default-accept)
Mar 28 19:55:41 mail pmg-smtp-filter[56600]: 1419F5660568C97A6E0: accept mail to <howardkay147@gmail.com> (610BD153BEB) (rule: default-accept)
Mar 28 19:55:41 mail postfix/qmgr[1081]: 610BD153BEB: from=<test@mail.com>, size=1666, nrcpt=5 (queue active)
Mar 28 19:55:41 mail pmg-smtp-filter[56600]: 1419F5660568C97A6E0: processing time: 3.954 seconds (3.783, 0.065, 0)
Mar 28 19:55:41 mail postfix/smtpd[56983]: proxy-accept: END-OF-MESSAGE: 250 2.5.0 OK (1419F5660568C97A6E0); from=<test@mail.com> to=<edward.david0044@yahoo.com> proto=ESMTP helo=<WIN-BPN93HA3NON>
Mar 28 19:55:41 mail postfix/smtpd[56983]: disconnect from mail.domain.name[local-ip-of-proxmox] ehlo=1 mail=1 rcpt=5 data=1 rset=1 quit=1 commands=10
Mar 28 19:56:41 mail postfix/smtp[57002]: 610BD153BEB: to=<howardkay147@gmail.com>, relay=none, delay=60, delays=0.06/0.05/60/0, dsn=4.4.1, status=deferred (connect to alt2.gmail-smtp-in.l.google.com[2607:f8b0:4023:c0b::1b]:25: Network is unreachable)
Mar 28 19:56:41 mail postfix/smtp[57002]: 610BD153BEB: to=<vincentcollins212@gmail.com>, relay=none, delay=60, delays=0.06/0.05/60/0, dsn=4.4.1, status=deferred (connect to alt2.gmail-smtp-in.l.google.com[2607:f8b0:4023:c0b::1b]:25: Network is unreachable)
Mar 28 19:56:42 mail postfix/smtp[57003]: 610BD153BEB: to=<edward_david0044@hotmail.com>, relay=none, delay=61, delays=0.06/0.09/61/0, dsn=4.4.1, status=deferred (connect to hotmail-com.olc.protection.outlook.com[104.47.18.97]:25: Connection timed out)
Mar 28 19:58:11 mail postfix/smtp[56935]: 610BD153BEB: to=<graphic.designer3@aol.com>, relay=none, delay=150, delays=0.06/0/150/0, dsn=4.4.1, status=deferred (connect to mx-aol.mail.gm0.yahoodns.net[67.195.228.84]:25: Connection timed out)
Mar 28 19:58:11 mail postfix/smtp[57004]: 610BD153BEB: to=<edward.david0044@yahoo.com>, relay=none, delay=150, delays=0.06/0.13/150/0, dsn=4.4.1, status=deferred (connect to mta5.am0.yahoodns.net[67.195.228.109]:25: Connection timed out)
Mar 28 20:04:15 mail postfix/qmgr[1081]: 610BD153BEB: from=<test@mail.com>, size=1666, nrcpt=5 (queue active)
Mar 28 20:04:17 mail postfix/smtp[57144]: 610BD153BEB: host gmail-smtp-in.l.google.com[64.233.188.27] said: 421-4.7.28 Gmail has detected an unusual rate of unsolicited mail. To protect 421-4.7.28 our users from spam, mail has been temporarily rate limited. For 421-4.7.28 more information, go to 421-4.7.28 https://support.google.com/mail/?p=UnsolicitedRateLimitError to 421 4.7.28 review our Bulk Email Senders Guidelines. i63-20020a62c142000000b006eabdbccd99si1439778pfg.174 - gsmtp (in reply to end of DATA command)
Mar 28 20:04:18 mail postfix/smtp[57143]: 610BD153BEB: to=<graphic.designer3@aol.com>, relay=mx-aol.mail.gm0.yahoodns.net[67.195.204.80]:25, delay=517, delays=514/0.07/2.2/0.7, dsn=5.7.9, status=bounced (host mx-aol.mail.gm0.yahoodns.net[67.195.204.80] said: 554 5.7.9 Message not accepted for policy reasons. See https://senders.yahooinc.com/error-codes (in reply to end of DATA command))
Mar 28 20:04:18 mail postfix/smtp[57146]: 610BD153BEB: to=<edward.david0044@yahoo.com>, relay=mta6.am0.yahoodns.net[67.195.228.110]:25, delay=517, delays=514/0.21/2.2/0.66, dsn=5.7.9, status=bounced (host mta6.am0.yahoodns.net[67.195.228.110] said: 554 5.7.9 Message not accepted for policy reasons. See https://senders.yahooinc.com/error-codes (in reply to end of DATA command))
Mar 28 20:04:18 mail postfix/smtp[57145]: 610BD153BEB: to=<edward_david0044@hotmail.com>, relay=hotmail-com.olc.protection.outlook.com[104.47.55.161]:25, delay=517, delays=514/0.16/3.2/0.23, dsn=5.7.1, status=bounced (host hotmail-com.olc.protection.outlook.com[104.47.55.161] said: 550 5.7.1 Unfortunately, messages from [public-ip-of-proxmox] weren't sent. Please contact your Internet service provider since part of their network is on our block list (S3150). You can also refer your provider to http://mail.live.com/mail/troubleshooting.aspx#errors. [BN8NAM12FT038.eop-nam12.prod.protection.outlook.com 2024-03-28T13:04:18.717Z 08DC4D3E3A72748B] (in reply to MAIL FROM command))
Mar 28 20:04:18 mail postfix/smtp[57145]: 610BD153BEB: lost connection with hotmail-com.olc.protection.outlook.com[104.47.55.161] while sending RCPT TO
Mar 28 20:04:20 mail postfix/smtp[57144]: 610BD153BEB: to=<howardkay147@gmail.com>, relay=alt1.gmail-smtp-in.l.google.com[173.194.65.26]:25, delay=519, delays=514/0.12/4.6/0.64, dsn=4.7.28, status=deferred (host alt1.gmail-smtp-in.l.google.com[173.194.65.26] said: 421-4.7.28 Gmail has detected an unusual rate of unsolicited mail. To protect 421-4.7.28 our users from spam, mail has been temporarily rate limited. For 421-4.7.28 more information, go to 421-4.7.28 https://support.google.com/mail/?p=UnsolicitedRateLimitError to 421 4.7.28 review our Bulk Email Senders Guidelines. t6-20020a17090ad14600b002a08fd2c322si3629643pjw.116 - gsmtp (in reply to end of DATA command))
Mar 28 20:04:20 mail postfix/smtp[57144]: 610BD153BEB: to=<vincentcollins212@gmail.com>, relay=alt1.gmail-smtp-in.l.google.com[173.194.65.26]:25, delay=519, delays=514/0.12/4.6/0.64, dsn=4.7.28, status=deferred (host alt1.gmail-smtp-in.l.google.com[173.194.65.26] said: 421-4.7.28 Gmail has detected an unusual rate of unsolicited mail. To protect 421-4.7.28 our users from spam, mail has been temporarily rate limited. For 421-4.7.28 more information, go to 421-4.7.28 https://support.google.com/mail/?p=UnsolicitedRateLimitError to 421 4.7.28 review our Bulk Email Senders Guidelines. t6-20020a17090ad14600b002a08fd2c322si3629643pjw.116 - gsmtp (in reply to end of DATA command))
Mar 28 20:14:15 mail postfix/qmgr[1081]: 610BD153BEB: from=<test@mail.com>, size=1666, nrcpt=5 (queue active)
Mar 28 20:14:17 mail postfix/smtp[57339]: 610BD153BEB: host gmail-smtp-in.l.google.com[64.233.188.26] said: 421-4.7.28 Gmail has detected an unusual rate of unsolicited mail. To protect 421-4.7.28 our users from spam, mail has been temporarily rate limited. For 421-4.7.28 more information, go to 421-4.7.28 https://support.google.com/mail/?p=UnsolicitedRateLimitError to 421 4.7.28 review our Bulk Email Senders Guidelines. q60-20020a17090a754200b002a07ba484e8si1557794pjk.46 - gsmtp (in reply to end of DATA command)
Mar 28 20:14:19 mail postfix/smtp[57339]: 610BD153BEB: to=<howardkay147@gmail.com>, relay=alt1.gmail-smtp-in.l.google.com[173.194.65.26]:25, delay=1118, delays=1114/0.01/3.7/0.61, dsn=4.7.28, status=deferred (host alt1.gmail-smtp-in.l.google.com[173.194.65.26] said: 421-4.7.28 Gmail has detected an unusual rate of unsolicited mail. To protect 421-4.7.28 our users from spam, mail has been temporarily rate limited. For 421-4.7.28 more information, go to 421-4.7.28 https://support.google.com/mail/?p=UnsolicitedRateLimitError to 421 4.7.28 review our Bulk Email Senders Guidelines. o9-20020a656a49000000b005ce030a6460si1566079pgu.71 - gsmtp (in reply to end of DATA command))
Mar 28 20:14:19 mail postfix/smtp[57339]: 610BD153BEB: to=<vincentcollins212@gmail.com>, relay=alt1.gmail-smtp-in.l.google.com[173.194.65.26]:25, delay=1118, delays=1114/0.01/3.7/0.61, dsn=4.7.28, status=deferred (host alt1.gmail-smtp-in.l.google.com[173.194.65.26] said: 421-4.7.28 Gmail has detected an unusual rate of unsolicited mail. To protect 421-4.7.28 our users from spam, mail has been temporarily rate limited. For 421-4.7.28 more information, go to 421-4.7.28 https://support.google.com/mail/?p=UnsolicitedRateLimitError to 421 4.7.28 review our Bulk Email Senders Guidelines. o9-20020a656a49000000b005ce030a6460si1566079pgu.71 - gsmtp (in reply to end of DATA command))
Mar 28 20:34:15 mail postfix/qmgr[1081]: 610BD153BEB: from=<test@mail.com>, size=1666, nrcpt=5 (queue active)
Mar 28 20:34:17 mail postfix/smtp[57520]: 610BD153BEB: host gmail-smtp-in.l.google.com[64.233.188.27] said: 421-4.7.28 Gmail has detected an unusual rate of unsolicited mail. To protect 421-4.7.28 our users from spam, mail has been temporarily rate limited. For 421-4.7.28 more information, go to 421-4.7.28 https://support.google.com/mail/?p=UnsolicitedRateLimitError to 421 4.7.28 review our Bulk Email Senders Guidelines. s35-20020a635263000000b005dc7e971180si1480182pgl.543 - gsmtp (in reply to end of DATA command)
Mar 28 20:34:19 mail postfix/smtp[57520]: 610BD153BEB: to=<howardkay147@gmail.com>, relay=alt1.gmail-smtp-in.l.google.com[173.194.65.27]:25, delay=2318, delays=2314/0.07/3.7/0.7, dsn=4.7.28, status=deferred (host alt1.gmail-smtp-in.l.google.com[173.194.65.27] said: 421-4.7.28 Gmail has detected an unusual rate of unsolicited mail. To protect 421-4.7.28 our users from spam, mail has been temporarily rate limited. For 421-4.7.28 more information, go to 421-4.7.28 https://support.google.com/mail/?p=UnsolicitedRateLimitError to 421 4.7.28 review our Bulk Email Senders Guidelines. e8-20020a170902ef4800b001e102feb4adsi1529547plx.403 - gsmtp (in reply to end of DATA command))
Mar 28 20:34:19 mail postfix/smtp[57520]: 610BD153BEB: to=<vincentcollins212@gmail.com>, relay=alt1.gmail-smtp-in.l.google.com[173.194.65.27]:25, delay=2318, delays=2314/0.07/3.7/0.7, dsn=4.7.28, status=deferred (host alt1.gmail-smtp-in.l.google.com[173.194.65.27] said: 421-4.7.28 Gmail has detected an unusual rate of unsolicited mail. To protect 421-4.7.28 our users from spam, mail has been temporarily rate limited. For 421-4.7.28 more information, go to 421-4.7.28 https://support.google.com/mail/?p=UnsolicitedRateLimitError to 421 4.7.28 review our Bulk Email Senders Guidelines. e8-20020a170902ef4800b001e102feb4adsi1529547plx.403 - gsmtp (in reply to end of DATA command))
Mar 28 21:14:15 mail postfix/qmgr[1081]: 610BD153BEB: from=<test@mail.com>, size=1666, nrcpt=5 (queue active)
Mar 28 21:15:16 mail postfix/smtp[58168]: 610BD153BEB: to=<howardkay147@gmail.com>, relay=none, delay=4775, delays=4714/0.01/61/0, dsn=4.4.1, status=deferred (connect to alt2.gmail-smtp-in.l.google.com[2607:f8b0:4023:c0b::1b]:25: Network is unreachable)
Mar 28 21:15:16 mail postfix/smtp[58168]: 610BD153BEB: to=<vincentcollins212@gmail.com>, relay=none, delay=4775, delays=4714/0.01/61/0, dsn=4.4.1, status=deferred (connect to alt2.gmail-smtp-in.l.google.com[2607:f8b0:4023:c0b::1b]:25: Network is unreachable)
Mar 28 22:25:43 mail postfix/qmgr[58848]: 610BD153BEB: from=<test@mail.com>, size=1666, nrcpt=5 (queue active)
Mar 28 22:26:44 mail postfix/smtp[60675]: 610BD153BEB: to=<howardkay147@gmail.com>, relay=none, delay=9063, delays=9002/0.05/61/0, dsn=4.4.1, status=deferred (connect to alt2.gmail-smtp-in.l.google.com[2607:f8b0:4023:c0b::1b]:25: Network is unreachable)
Mar 28 22:26:44 mail postfix/smtp[60675]: 610BD153BEB: to=<vincentcollins212@gmail.com>, relay=none, delay=9063, delays=9002/0.05/61/0, dsn=4.4.1, status=deferred (connect to alt2.gmail-smtp-in.l.google.com[2607:f8b0:4023:c0b::1b]:25: Network is unreachable)

 

[Squiggle]

Command root@mail:~# postcat -q 642DB153BE6

*** ENVELOPE RECORDS deferred/6/642DB153BE6 ***
message_size:            1666            1194               5               0            1666               0
message_arrival_time: Thu Mar 28 19:41:56 2024
create_time: Thu Mar 28 19:41:56 2024
named_attribute: log_ident=642DB153BE6
named_attribute: rewrite_context=local
sender: test@mail.com
named_attribute: encoding=8bit
named_attribute: log_client_name=mail.domain.name
named_attribute: log_client_address=local-ip-of-proxmox
named_attribute: log_client_port=unknown
named_attribute: log_message_origin=mail.domain.name[local-ip-of-proxmox]
named_attribute: log_helo_name=WIN-BPN93HA3NON
named_attribute: log_protocol_name=ESMTP
named_attribute: client_name=localhost.localdomain
named_attribute: reverse_client_name=localhost.localdomain
named_attribute: client_address=127.0.0.1
named_attribute: client_port=60428
named_attribute: server_address=127.0.0.1
named_attribute: server_port=10025
named_attribute: helo_name=mail.domain.name
named_attribute: protocol_name=ESMTP
named_attribute: client_address_type=2
warning_message_time: Thu Mar 28 23:41:56 2024
named_attribute: dsn_orig_rcpt=rfc822;edward.david0044@yahoo.com
original_recipient: edward.david0044@yahoo.com
done_recipient: edward.david0044@yahoo.com
named_attribute: dsn_orig_rcpt=rfc822;edward_david0044@hotmail.com
original_recipient: edward_david0044@hotmail.com
done_recipient: edward_david0044@hotmail.com
named_attribute: dsn_orig_rcpt=rfc822;graphic.designer3@aol.com
original_recipient: graphic.designer3@aol.com
done_recipient: graphic.designer3@aol.com
named_attribute: dsn_orig_rcpt=rfc822;vincentcollins212@gmail.com
original_recipient: vincentcollins212@gmail.com
recipient: vincentcollins212@gmail.com
named_attribute: dsn_orig_rcpt=rfc822;howardkay147@gmail.com
original_recipient: howardkay147@gmail.com
recipient: howardkay147@gmail.com
*** MESSAGE CONTENTS deferred/6/642DB153BE6 ***
Received: from mail.domain.name (localhost.localdomain [127.0.0.1])
        by mail.domain.name (Proxmox) with ESMTP id 642DB153BE6;
        Thu, 28 Mar 2024 19:41:56 +0700 (+07)
Received: from WIN-BPN93HA3NON (mail.domain.name [local-ip-of-proxmox])
        by mail.domain.name (Proxmox) with ESMTP;
        Thu, 28 Mar 2024 19:41:49 +0700 (+07)
From: test@mail.com
subject: [EXTERNAL] test smtp public-ip-of-proxmox--
To: edward.david0044@yahoo.com, edward_david0044@hotmail.com,
 graphic.designer3@aol.com, vincentcollins212@gmail.com, howardkay147@gmail.com
Content-Type: text/html
Content-Transfer-Encoding: 7bit
Date: Thu, 28 Mar 2024 19:41:48 +0700
X-Priority: 3
X-Library: Indy 9.00.10
X-SPAM-LEVEL: Spam detection results:  1
        ALL_TRUSTED                -1 Passed through trusted hosts only via SMTP
        AWL                    -0.850 Adjusted score from AWL reputation of From: address
        BAYES_60                  1.5 Bayes spam probability is 60 to 80%
        FREEMAIL_FROM           0.001 Sender email is commonly abused enduser mail provider
        HTML_MESSAGE            0.001 HTML included in message
        HTML_MIME_NO_HTML_TAG   0.377 HTML-only message, but there is no HTML tag
        KAM_DMARC_STATUS         0.01 Test Rule for DKIM or SPF Failure with Strict Alignment
        MIME_HTML_ONLY            0.1 Message only has text/html MIME parts
        MISSING_MID             0.497 Missing Message-Id: header
        SUBJ_END_SP_CHAR            1 Subject end with special character
Message-Id: <20240328124156.642DB153BE6@mail.domain.name>


Nrgdxr


<br>--<br>[----- This email send from external address: test@mail.com -- please review before any action, clicking on links, or opening attachments -----]


*** HEADER EXTRACTED deferred/6/642DB153BE6 ***
named_attribute: encoding=8bit
*** MESSAGE FILE END deferred/6/642DB153BE6 ***

Command root@mail:~# postcat -q 610BD153BEB

*** ENVELOPE RECORDS deferred/6/610BD153BEB ***
message_size:            1666            1194               5               0            1666               0
message_arrival_time: Thu Mar 28 19:55:41 2024
create_time: Thu Mar 28 19:55:41 2024
named_attribute: log_ident=610BD153BEB
named_attribute: rewrite_context=local
sender: test@mail.com
named_attribute: encoding=8bit
named_attribute: log_client_name=mail.domain.name
named_attribute: log_client_address=local-ip-of-proxmox
named_attribute: log_client_port=unknown
named_attribute: log_message_origin=mail.domain.name[local-ip-of-proxmox]
named_attribute: log_helo_name=WIN-BPN93HA3NON
named_attribute: log_protocol_name=ESMTP
named_attribute: client_name=localhost.localdomain
named_attribute: reverse_client_name=localhost.localdomain
named_attribute: client_address=127.0.0.1
named_attribute: client_port=40010
named_attribute: server_address=127.0.0.1
named_attribute: server_port=10025
named_attribute: helo_name=mail.domain.name
named_attribute: protocol_name=ESMTP
named_attribute: client_address_type=2
warning_message_time: Thu Mar 28 23:55:41 2024
named_attribute: dsn_orig_rcpt=rfc822;edward.david0044@yahoo.com
original_recipient: edward.david0044@yahoo.com
done_recipient: edward.david0044@yahoo.com
named_attribute: dsn_orig_rcpt=rfc822;edward_david0044@hotmail.com
original_recipient: edward_david0044@hotmail.com
done_recipient: edward_david0044@hotmail.com
named_attribute: dsn_orig_rcpt=rfc822;graphic.designer3@aol.com
original_recipient: graphic.designer3@aol.com
done_recipient: graphic.designer3@aol.com
named_attribute: dsn_orig_rcpt=rfc822;vincentcollins212@gmail.com
original_recipient: vincentcollins212@gmail.com
recipient: vincentcollins212@gmail.com
named_attribute: dsn_orig_rcpt=rfc822;howardkay147@gmail.com
original_recipient: howardkay147@gmail.com
recipient: howardkay147@gmail.com
*** MESSAGE CONTENTS deferred/6/610BD153BEB ***
Received: from mail.domain.name (localhost.localdomain [127.0.0.1])
        by mail.domain.name (Proxmox) with ESMTP id 610BD153BEB;
        Thu, 28 Mar 2024 19:55:41 +0700 (+07)
Received: from WIN-BPN93HA3NON (mail.domain.name [local-ip-of-proxmox])
        by mail.domain.name (Proxmox) with ESMTP;
        Thu, 28 Mar 2024 19:55:37 +0700 (+07)
From: test@mail.com
subject: [EXTERNAL] test smtp public-ip-of-proxmox--
To: edward.david0044@yahoo.com, edward_david0044@hotmail.com,
 graphic.designer3@aol.com, vincentcollins212@gmail.com, howardkay147@gmail.com
Content-Type: text/html
Content-Transfer-Encoding: 7bit
Date: Thu, 28 Mar 2024 19:55:36 +0700
X-Priority: 3
X-Library: Indy 9.00.10
X-SPAM-LEVEL: Spam detection results:  1
        ALL_TRUSTED                -1 Passed through trusted hosts only via SMTP
        AWL                    -0.567 Adjusted score from AWL reputation of From: address
        BAYES_60                  1.5 Bayes spam probability is 60 to 80%
        FREEMAIL_FROM           0.001 Sender email is commonly abused enduser mail provider
        HTML_MESSAGE            0.001 HTML included in message
        HTML_MIME_NO_HTML_TAG   0.377 HTML-only message, but there is no HTML tag
        KAM_DMARC_STATUS         0.01 Test Rule for DKIM or SPF Failure with Strict Alignment
        MIME_HTML_ONLY            0.1 Message only has text/html MIME parts
        MISSING_MID             0.497 Missing Message-Id: header
        SUBJ_END_SP_CHAR            1 Subject end with special character
Message-Id: <20240328125541.610BD153BEB@mail.domain.name>


Nrgdxr


<br>--<br>[----- This email send from external address: test@mail.com -- please review before any action, clicking on links, or opening attachments -----]


*** HEADER EXTRACTED deferred/6/610BD153BEB ***
named_attribute: encoding=8bit
*** MESSAGE FILE END deferred/6/610BD153BEB ***

 

[Squiggle]

Command

root@mail:~# pmg-log-tracker -v -l 2000 -s "2024-03-28 19:41:50" -e "2024-03-28 19:42:00" -g

# LogReader: 62375
# Query options
# Start: 2024-03-28 19:41:50 (1711654910)
# End: 2024-03-28 19:42:00 (1711654920)
# End Query Options


QENTRY: 642DB153BE6
CTIME: 6605C804
SIZE: 1666
CLIENT: localhost.localdomain[127.0.0.1],
MSGID: <20240328124156.642DB153BE6@mail.domain.name>
TO:6605C804:642DB153BE6:A: from <test@mail.com> to <howardkay147@gmail.com> (642DB153BE6)
TO:6605C804:642DB153BE6:A: from <test@mail.com> to <vincentcollins212@gmail.com> (642DB153BE6)
TO:6605C804:642DB153BE6:A: from <test@mail.com> to <graphic.designer3@aol.com> (642DB153BE6)
TO:6605C804:642DB153BE6:A: from <test@mail.com> to <edward_david0044@hotmail.com> (642DB153BE6)
TO:6605C804:642DB153BE6:A: from <test@mail.com> to <edward.david0044@yahoo.com> (642DB153BE6)

Command root@mail:~# pmg-log-tracker -v -q 610BD153BEB

# LogReader: 62525
# Query options
# QID: 610BD153BEB
# Start: 2024-03-28 00:00:00 (1711584000)
# End: 2024-03-28 22:58:00 (1711641480)
# End Query Options

 

[Stoiko Ivanov]

Mar 28 19:55:37 mail postfix/postscreen[56939]: CONNECT from [local-ip-of-proxmox]:59264 to [local-ip-of-proxmox]:25

please make sure that this is indeed the local ip configured on your PMG (saying this since I have spent quite a lot of time hunting ghosts, because I misread one of the octets)

If this is the case - I'd suggest you inspect your PMG thoroughly - maybe somebody has broken into the system, and is now using it to send spam.


The remaining logs mostly look like what I'd expect to see from a system that was used to send out spam (yahoo, outlook, etc not accepting mails for a while)

I hope this helps!

 

[Squiggle]

please make sure that this is indeed the local ip configured on your PMG (saying this since I have spent quite a lot of time hunting ghosts, because I misread one of the octets)

Yes, the log says it's the LAN address of PMG.

This is strange. The message is sent to port 25, but somehow, PMG is sending it outside. This might be an unknown bug in PMG.

I will try to create a rule to block outgoing emails that are not from our domain and a rule to block incoming emails that claim to be from our domain. Hopefully, this will work.

 

[Stoiko Ivanov]

This is strange. The message is sent to port 25, but somehow, PMG is sending it outside. This might be an unknown bug in PMG.

The issue is more that PMG itself is sending the mails (unless the IP is not the one from your PMG!)
PMG itself adds it's local network to the trusted networks - thus the mail is accepted.

I will try to create a rule to block outgoing emails that are not from our domain and a rule to block incoming emails that claim to be from our domain. Hopefully, this will work.

as said if it is indeed PMG sending the mails - then check the system for signs of a break in - I would not recommend to patch around that with a rule - if the system itself is compromised ...

 

[Squiggle]

A site note, on the date detect PMG sent spam emails, the mail statistic show 0 outgoing email.