[SOLVED] master/node cluster Blacklisted email address not blocked

Proxmox Mail Gateway 6.2-4
Cluster, 1 master/1 node

Hello, I've reviewed this thread bug resolution and it's associated thread, https://bugzilla.proxmox.com/show_bug.cgi?id=2360 , and maybe I don't understand the blacklist correctly. I have a email address pxx.brxx@domain.com in the blacklist at the top of the mail filter at level 98 in/out and yet I get this notification:

Subject:
Notification: Lembrete - Confirmacao de pagamento #5182628
From:
postmaster@sf-01.domain.com
Date:
6/22/2020, 11:59 PM
To:
pxx.brxx@domain.com

:: SPAM Filter Notification ::

An domain mail gateway has flagged the following email:

Sender: pag86262597@leandro04.lrfel3k2.io
Receiver: pxx.brxx@domain.com

Subject: Lembrete - Confirmacao de pagamento #5182628


Matching Rule: Enforce Attachment Quarantine

Rule: Modify Header
Receiver: pxx.brxx@domain.com
Action: modify field: X-Spam-Level:
Action: modify field: X-Spam-Score:0
Action: modify field: X-Spam-Report:Spam detection results: 0
BAYES_00 -1.9 Bayes spam probability is 0 to 1%
FORGED_OUTLOOK_HTML 0.021 Outlook can't send HTML message only
FORGED_OUTLOOK_TAGS 0.052 Outlook can't send HTML in this format
HEADER_FROM_DIFFERENT_DOMAINS 0.001 From and EnvelopeFrom 2nd level mail domains are different
HTML_MESSAGE 0.001 HTML included in message

from this rule:
Matching Rule: Enforce Attachment Quarantine
which is in the mail filter at level 88 in only.

I don't understand. I restarted the pmg-smtp-filter this morning and will report if another email like this comes through. I expected the black list to discard this email. I am set up to before queue filtering. My mail server sits behind and authenticating server which faces the internet. I'm new to PMG, having come from a Barracuda Spam and Virus firewall 200 we used up until a few months ago.

SMTP conversation:

Jun 23 07:01:54 sf-01 postfix/smtpd[1119]: connect from localhost.localdomain[127.0.0.1]
Jun 23 07:01:54 sf-01 postfix/smtpd[1119]: C24F01011C6: client=localhost.localdomain[127.0.0.1]
Jun 23 07:01:54 sf-01 postfix/cleanup[1120]: C24F01011C6: message-id=<20200623120154.C24F01011C6@sf-01.domain.com>
Jun 23 07:01:54 sf-01 postfix/qmgr[930]: C24F01011C6: from=<postmaster@sf-01.domain.com>, size=4188, nrcpt=1 (queue active)
Jun 23 07:01:54 sf-01 postfix/smtpd[1119]: disconnect from localhost.localdomain[127.0.0.1] ehlo=1 mail=1 rcpt=1 data=1 commands=4
Jun 23 07:01:54 sf-01 postfix/smtp[1128]: C24F01011C6: to=<pxx.brxx@domain.com>, relay=10.10.11.239[10.10.11.239]:25, delay=0.2, delays=0.05/0/0.02/0.12, dsn=5.1.1, status=bounced (host 10.10.11.239[10.10.11.239] said: 550 5.1.1 <pxx.brxx@domain.com>: Recipient address rejected: User unknown in local recipient table (in reply to RCPT TO command))
Jun 23 07:01:55 sf-01 postfix/qmgr[930]: C24F01011C6: removed

syslog:


Jun 23 07:01:54 sf-01 pmg-smtp-filter[1206]: 10079C5EF1EF3109CDD: notify <pxx.brxx@domain.com> (rule: Enforce Attachment Quarantine, C24F01011C6)
Jun 23 07:01:54 sf-01 postfix/smtp[1126]: B2CEF1011A5: to=<itdepartment@domain.com>, relay=10.10.11.239[10.10.11.239]:25, delay=0.16, delays=0.06/0/0.01/0.1, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as C4F7B58017B)
Jun 23 07:01:54 sf-01 postfix/qmgr[930]: B2CEF1011A5: removed
Jun 23 07:01:54 sf-01 pmg-smtp-filter[1206]: 10079C5EF1EF3109CDD: moved mail for <pxx.brxx@domain.com> to spam quarantine - 1011DB5EF1EF32CEFCC (rule: Enforce Attachment Quarantine)
Jun 23 07:01:54 sf-01 postfix/smtp[1128]: C24F01011C6: to=<pxx.brxx@domain.com>, relay=10.10.11.239[10.10.11.239]:25, delay=0.2, delays=0.05/0/0.02/0.12, dsn=5.1.1, status=bounced (host 10.10.11.239[10.10.11.239] said: 550 5.1.1 <pxx.brxx@domain.com>: Recipient address rejected: User unknown in local recipient table (in reply to RCPT TO command))
Jun 23 07:01:54 sf-01 postfix/cleanup[1120]: F27F810079C: message-id=<20200623120154.F27F810079C@sf-01.domain.com>
Jun 23 07:01:55 sf-01 postfix/qmgr[930]: F27F810079C: from=<>, size=6349, nrcpt=1 (queue active)
Jun 23 07:01:55 sf-01 postfix/bounce[1242]: C24F01011C6: sender non-delivery notification: F27F810079C
Jun 23 07:01:55 sf-01 postfix/qmgr[930]: C24F01011C6: removed
Jun 23 07:01:55 sf-01 pmg-smtp-filter[1206]: 10079C5EF1EF3109CDD: processing time: 1.949 seconds (1.605, 0.05, 0)
Jun 23 07:01:55 sf-01 postfix/smtpd[1137]: proxy-accept: END-OF-MESSAGE: 250 2.5.0 OK (10079C5EF1EF3109CDD); from=<covaldoT8BPS5T52@rcb04.directsytens.institute> to=<pxx.brxx@domain.com> proto=ESMTP helo=<rcb04.directsytens.institute>
Jun 23 07:01:55 sf-01 postfix/smtpd[1137]: disconnect from rcb04.directsytens.institute[95.142.44.184] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5
Jun 23 07:01:55 sf-01 postfix/cleanup[1120]: 0FDD71011A5: message-id=<20200623120154.F27F810079C@sf-01.domain.com>
Jun 23 07:01:55 sf-01 postfix/qmgr[930]: 0FDD71011A5: from=<>, size=6489, nrcpt=1 (queue active)
Jun 23 07:01:55 sf-01 postfix/local[1243]: F27F810079C: to=<postmaster@sf-01.domain.com>, relay=local, delay=0.11, delays=0.05/0.01/0/0.04, dsn=2.0.0, status=sent (forwarded as 0FDD71011A5)
Jun 23 07:01:55 sf-01 postfix/qmgr[930]: F27F810079C: removed
Jun 23 07:01:55 sf-01 postfix/smtp[1121]: 0FDD71011A5: to=<itdepartment@domain.com>, orig_to=<postmaster@sf-01.domain.com>, relay=10.10.11.239[10.10.11.239]:25, delay=0.13, delays=0.04/0/0.01/0.08, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 1B26F580B47)
Jun 23 07:01:55 sf-01 postfix/qmgr[930]: 0FDD71011A5: removed


Thanks in advance for any help.

Bruce
 
Last edited:
The logs you pasted are incomplete (unless the mail to pxx.brxx@domain.com really was directly sent on PMG - but then this does not go through the rule-system) - please provide the logs from the first connect of the server, which tries to send to pxx.brxx@domain.com

also please provide the output (anonymized as much as needed) of `pmgdb dump`


postfix/smtp[1128]: C24F01011C6: to=<pxx.brxx@domain.com>, relay=10.10.11.239[10.10.11.239]:25, delay=0.2, delays=0.05/0/0.02/0.12, dsn=5.1.1, status=bounced (host 10.10.11.239[10.10.11.239] said: 550 5.1.1 <pxx.brxx@domain.com>: Recipient address rejected: User unknown in local recipient table (in reply to RCPT TO command))
consider enabling recipient verification (if domain.com is your domain):
https://pmg.proxmox.com/pmg-docs/pmg-admin-guide.html#_mail_proxy_configuration (point 4.6.4)

I hope this helps!
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!