[SOLVED] Adding SPAM Score to Unknown Senders

thebiggeek

Member
Jul 23, 2020
41
3
13
51
Hi, Rejecting emails costs the business a lot of money, but if we don't reject emails properly - then there is a chance of getting a lot of spam. I have been debating what is the best manner, and wanted to open up a discussion if someone has found a solution to this. PMG offers a Setting where UNKNOWN Senders can be rejected. I have noticed that even today a lot of hosting companies who host emails themselves are not enforcing proper configurations like DKIM/DMARC/SPF - and at times also have bad reverse IP Lookups, this causes us to reject a lot of emails, which should not have been rejected in the first place.

I am now wondering - if there is a Rule or someone has written a Rule, where any email from an UNKOWN IP (i.e IP does not have a Reverse Lookup or does not match the DNS name) is given a Score?

I am sorry if this is a repeat question, as I did do some searches but could not find out how to do this. Also a Quick question to Proxmox Team - is there a way to not reject, but quarantine - or whitelist a specific IP?
 
Have a look at spamassasin's rDNS_NONE score.

https://spamassassin.apache.org/old/tests_3_2_x.html

Code:
Nov 20 15:51:28 pmg postfix/smtpd[30515]: warning: hostname exabytes-57715745.mschosting.org does not resolve to address 103.233.0.189: Name or service not known
Nov 20 15:51:28 pmg postfix/smtpd[30515]: connect from unknown[103.233.0.189]
Nov 20 15:51:28 pmg postfix/smtpd[30515]: NOQUEUE: client=unknown[103.233.0.189]
Nov 20 15:51:28 pmg pmg-smtp-filter[30474]: 439655FB775803441F: new mail message-id=<074201d6bf11$f3be1bc0$db3a5340$@externaldomain.com>#012
Nov 20 15:51:32 pmg pmg-smtp-filter[30474]: 439655FB775803441F: SA score=0/5 time=3.787 bayes=0.00 autolearn=no autolearn_force=no hits=AWL(-0.945),BAYES_00(-1.9),DKIM_SIGNED(0.1),DKIM_VALID(-0.1),DKIM_VALID_AU(-0.1),DKIM_VALID_EF(-0.1),HTML_MESSAGE(0.001),RDNS_NONE(0.793),SPF_HELO_NONE(0.001),SPF_PASS(-0.001),TOO_POLITE(1.973)
Nov 20 15:51:32 pmg postfix/smtpd[30530]: connect from localhost.localdomain[127.0.0.1]
Nov 20 15:51:32 pmg postfix/smtpd[30530]: 0CF2443975: client=localhost.localdomain[127.0.0.1], orig_client=unknown[103.233.0.189]
Nov 20 15:51:32 pmg postfix/cleanup[30531]: 0CF2443975: message-id=<074201d6bf11$f3be1bc0$db3a5340$@externaldomain.com>
Nov 20 15:51:32 pmg postfix/qmgr[975]: 0CF2443975: from=<user1@externaldomain.com>, size=11149, nrcpt=2 (queue active)
Nov 20 15:51:32 pmg postfix/smtpd[30530]: disconnect from localhost.localdomain[127.0.0.1] ehlo=1 xforward=1 mail=1 rcpt=2 data=1 commands=6
Nov 20 15:51:32 pmg pmg-smtp-filter[30474]: 439655FB775803441F: accept mail to <user1@mydomain.com> (0CF2443975) (rule: default-accept)
Nov 20 15:51:32 pmg pmg-smtp-filter[30474]: 439655FB775803441F: accept mail to <user2@mydomain.com> (0CF2443975) (rule: default-accept)
Nov 20 15:51:32 pmg pmg-smtp-filter[30474]: 439655FB775803441F: processing time: 3.888 seconds (3.787, 0.027, 0)
Nov 20 15:51:32 pmg postfix/smtpd[30515]: proxy-accept: END-OF-MESSAGE: 250 2.5.0 OK (439655FB775803441F); from=<user1@externaldomain.com> to=<user1@mydomain.com> proto=ESMTP helo=<exabytes-57715745.mschosting.org>
Nov 20 15:51:32 pmg postfix/smtpd[30515]: disconnect from unknown[103.233.0.189] ehlo=1 mail=1 rcpt=2 data=1 quit=1 commands=6
Nov 20 15:51:40 pmg postfix/smtp[29996]: 0CF2443975: to=<user1@mydomain.com>, relay=remote.mydomain.com[192.168.40.230]:25, delay=8.2, delays=0.05/0/8.2/0, dsn=2.0.0, status=sent (250 Ok)
Nov 20 15:51:40 pmg postfix/smtp[29996]: 0CF2443975: to=<user2@mydomain.com>, relay=remote.mydomain.com[192.168.40.230]:25, delay=8.2, delays=0.05/0/8.2/0, dsn=2.0.0, status=sent (250 Ok)
Nov 20 15:51:40 pmg postfix/qmgr[975]: 0CF2443975: removed
 
Last edited:
  • Like
Reactions: Stoiko Ivanov
Thank you -
Have a look at spamassasin's rDNS_NONE score.

https://spamassassin.apache.org/old/tests_3_2_x.html

Code:
Nov 20 15:51:28 pmg postfix/smtpd[30515]: warning: hostname exabytes-57715745.mschosting.org does not resolve to address 103.233.0.189: Name or service not known
Nov 20 15:51:28 pmg postfix/smtpd[30515]: connect from unknown[103.233.0.189]
Nov 20 15:51:28 pmg postfix/smtpd[30515]: NOQUEUE: client=unknown[103.233.0.189]
Nov 20 15:51:28 pmg pmg-smtp-filter[30474]: 439655FB775803441F: new mail message-id=<074201d6bf11$f3be1bc0$db3a5340$@externaldomain.com>#012
Nov 20 15:51:32 pmg pmg-smtp-filter[30474]: 439655FB775803441F: SA score=0/5 time=3.787 bayes=0.00 autolearn=no autolearn_force=no hits=AWL(-0.945),BAYES_00(-1.9),DKIM_SIGNED(0.1),DKIM_VALID(-0.1),DKIM_VALID_AU(-0.1),DKIM_VALID_EF(-0.1),HTML_MESSAGE(0.001),RDNS_NONE(0.793),SPF_HELO_NONE(0.001),SPF_PASS(-0.001),TOO_POLITE(1.973)
Nov 20 15:51:32 pmg postfix/smtpd[30530]: connect from localhost.localdomain[127.0.0.1]
Nov 20 15:51:32 pmg postfix/smtpd[30530]: 0CF2443975: client=localhost.localdomain[127.0.0.1], orig_client=unknown[103.233.0.189]
Nov 20 15:51:32 pmg postfix/cleanup[30531]: 0CF2443975: message-id=<074201d6bf11$f3be1bc0$db3a5340$@externaldomain.com>
Nov 20 15:51:32 pmg postfix/qmgr[975]: 0CF2443975: from=<user1@externaldomain.com>, size=11149, nrcpt=2 (queue active)
Nov 20 15:51:32 pmg postfix/smtpd[30530]: disconnect from localhost.localdomain[127.0.0.1] ehlo=1 xforward=1 mail=1 rcpt=2 data=1 commands=6
Nov 20 15:51:32 pmg pmg-smtp-filter[30474]: 439655FB775803441F: accept mail to <user1@mydomain.com> (0CF2443975) (rule: default-accept)
Nov 20 15:51:32 pmg pmg-smtp-filter[30474]: 439655FB775803441F: accept mail to <user2@mydomain.com> (0CF2443975) (rule: default-accept)
Nov 20 15:51:32 pmg pmg-smtp-filter[30474]: 439655FB775803441F: processing time: 3.888 seconds (3.787, 0.027, 0)
Nov 20 15:51:32 pmg postfix/smtpd[30515]: proxy-accept: END-OF-MESSAGE: 250 2.5.0 OK (439655FB775803441F); from=<user1@externaldomain.com> to=<user1@mydomain.com> proto=ESMTP helo=<exabytes-57715745.mschosting.org>
Nov 20 15:51:32 pmg postfix/smtpd[30515]: disconnect from unknown[103.233.0.189] ehlo=1 mail=1 rcpt=2 data=1 quit=1 commands=6
Nov 20 15:51:40 pmg postfix/smtp[29996]: 0CF2443975: to=<user1@mydomain.com>, relay=remote.mydomain.com[192.168.40.230]:25, delay=8.2, delays=0.05/0/8.2/0, dsn=2.0.0, status=sent (250 Ok)
Nov 20 15:51:40 pmg postfix/smtp[29996]: 0CF2443975: to=<user2@mydomain.com>, relay=remote.mydomain.com[192.168.40.230]:25, delay=8.2, delays=0.05/0/8.2/0, dsn=2.0.0, status=sent (250 Ok)
Nov 20 15:51:40 pmg postfix/qmgr[975]: 0CF2443975: removed
Thank you and apologies for not responding earlier. I am going through this now.
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!