Tighten up spam filtering

Nhoague

Renowned Member
Sep 29, 2012
90
4
73
44
Colorado, USA
How can I make the PMG even tighter? We seem to be getting more spam still slipping through the filter. I want it to be almost "too" tight.

Is it possible I could send you my backup file so you can check our settings for validity?

Thanks!
 
I'm still seeing alot of spam come through the PMG. After review of our file, were you able to find other ways to tighten up our spam server? Here is an example of some headers that have come through. Based on this, shouldnt the PMG have caught it? Or am I missing something?

X-Spf-Status: ⁨soft_fail⁩

X-Spam-Score: ⁨100⁩

X-Spam-Level: ⁨Spam detection results: 0 BAYES_00 -1.9 Bayes spam probability is 0 to 1% DKIM_SIGNED 0.1 Message has a DKIM or DK signature, not necessarily valid DKIM_VALID -0.1 Message has at least one valid DKIM or DK signature EXCUSE_24 1 Claims you wanted this ad HEADER_FROM_DIFFERENT_DOMAINS 0.25 From and EnvelopeFrom 2nd level mail domains are different HTML_FONT_SIZE_LARGE 0.001 HTML font size is large HTML_MESSAGE 0.001 HTML included in message RCVD_IN_DNSWL_NONE -0.0001 Sender listed at http://www.dnswl.org/, no trust SPF_HELO_PASS -0.001 SPF: HELO matches SPF record SPF_PASS -0.001 SPF: sender matches SPF record T_RP_MATCHES_RCVD -0.01 Envelope sender domain matches handover relay domain URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information.⁩

X-Ms-Exchange-Organization-Authas: ⁨Anonymous⁩

Spam-Stopper-V2: ⁨Yes⁩

Return-Path: ⁨bounce-md_30868966.5a70205d.v1-3f2e19b9ff30417ba3f9e30bd9c7d907@mandrillapp.com⁩

X-Ms-Exchange-Organization-Network-Message-Id: ⁨35f36f46-8421-40ef-7a50-08d567b420c6⁩

⁨<e8b79ce0-8df2-e63d-b3c2-e6f36d11226b@silverlakepub.com>⁩

X-Rdns-Status: ⁨pass⁩

X-Cmae-Analysis: ⁨v=2.2 cv=XoaKARN9 c=1 sm=1 tr=0 p=tyELC3BHFfKCGWu3JVsA:9 a=iYSc8k3P5xvkQTAjsMZoCA==:117 a=iYSc8k3P5xvkQTAjsMZoCA==:17 a=lU03Z4yc7+u8VQHnwYB+2V2ltmY=:19 a=RgaUWeydRksA:10 a=-uNXE31MpBQA:10 a=3IXqxcDpAAAA:8 a=pcclQ6hiAAAA:8 a=-HJwH1y9AAAA:8 a=sxfOT_yiAAAA:8 a=Byojahs553LUA_ZZ:21 a=ab_5XBfUJr7Hm8NI:21 a=QEXdDO2ut3YA:10 a=xx-eWKR--goA:10 a=lAq7YOjDHfkA:10 a=oBomYAqOkJMA:10 a=noLWSlgggUcA:10 a=t_WNRh-AI6CPB-cc8DAA:9 a=r8up1xOQTrhxmcx0:21 a=o7V0xdXdxUzq402p:21 a=wR8JSuMmlo1qJicN:21 a=6UIaq3Bcl8oA:10 a=_W_S_7VecoQA:10 a=frz4AuCg-hUA:10 a=jjxgvnocCX0A:10 a=uwgIXyJJh-Lc7q4L-ymd:22 a=HdP1VN2mBm2NwMIM4jCI:22 a=xha5XVv8otAmwIV9NdAo:22 a=wQjUK3rAPQmmWTtgHBQJ:22⁩

⁨<e8b79ce0-8df2-e63d-b3c2-e6f36d11226b@silverlakepub.com>⁩

X-Aes-Category: ⁨MARKETING⁩

X-Spam-Reasons: ⁨Cause=gggruggvucftvghtrhhoucdtuddrgedtvddrvdekgdduudduucdltddurdegtddurddttddmucetufdoteggodetrfdotffvucfrrhhofhhilhgvmecutddurdegtddvrdduledpkffpvffgtffogfffkfetpdggtfgfnhhsuhgsshgtrhhisggvnecuuegrihhlohhuthemuceftddtnecundfotefknffkpffiucdludejmdenucfjughrpefhufhfkfgjjffvffggtgesrgdtreertddtjeenucfhrhhomhepifhushcujfgvrhhrvghrrgcuoehsrghlvghssehsihhlvhgvrhhlrghkvghpuhgsrdgtohhmqeenucffohhmrghinhepshhilhhvvghrlhgrkhgvphhusgdrtghomhdpmhgrnhgurhhilhhlrghpphdrtghomhenucfkphephedtrddvtdeirdduuddrvdehtddpjeefrddvvddurdelledrvdehudenucevlhhushhtvghrufhiiigvpedt Unsub=mailto:unsubscribe-md_30868966.5a70205d.v1-3f2e19b9ff30417ba3f9e30bd9c7d907@mailin1.us2.mcsv.net?subject=unsub Unsub=UNSUB:http://www.silverlakepub.com/unsub Unsub=https://mandrillapp.com/track/click...mYzk3ODAwYTU3MDdlYTIwMmMzYTA0NTAwZmE0XCJdfSJ9 Unsub=http://www.silverlakepub.com/unsub Unsub=http://mandrillapp.com/track/unsub....com/unsub?md_email=nhoague@networkdynamix.com To=<nhoague@networkdynamix.com> From=Gus Herrera <sales@silverlakepub.com>⁩

X-Report-Abuse: ⁨Please forward a copy of this message, including all headers, to abuse@mandrill.com

X-Report-Abuse: ⁨You can also report abuse here: http://mandrillapp.com/contact/abuse?id=30868966.3f2e19b9ff30417ba3f9e30bd9c7d907⁩

⁨<c3935dc6-7c19-66d8-cfda-3292c06a4a9b@silverlakepub.com>⁩

X-Spam-Category: ⁨MCE⁩

Mime-Version: ⁨1.0⁩

X-Mandrill-User: ⁨md_30868966⁩

X-Forwarded-Message-Id: ⁨<e8b79ce0-8df2-e63d-b3c2-e6f36d11226b@silverlakepub.com>⁩

X-Ms-Exchange-Organization-Authsource: ⁨MBX090-E1-VA-2.EXCH090.serverpod.net⁩

Received: ⁨from MBX090-E2-VA-1.EXCH090.serverpod.net (10.216.177.122) by MBX090-E2-VA-5.EXCH090.serverpod.net (10.216.177.130) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P521) id 15.1.544.27 via Mailbox Transport; Tue, 30 Jan 2018 02:36:08 -0500⁩

Received: ⁨from MBX090-E1-VA-2.EXCH090.serverpod.net (10.216.177.112) by MBX090-E2-VA-1.EXCH090.serverpod.net (10.216.177.122) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P521) id 15.1.544.27; Tue, 30 Jan 2018 02:36:08 -0500⁩

Received: ⁨from aesmt090-co-1-2.serverpod.net (10.224.74.23) by MBX090-E1-VA-2.EXCH090.serverpod.net (10.216.177.113) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P521) id 15.1.544.27 via Frontend Transport; Tue, 30 Jan 2018 02:36:08 -0500⁩

Received: ⁨from aesc090-co-1-4.serverpod.net (aesc090-co-1-4.serverpod.net [10.224.76.77]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aesmt090-co-1.serverpod.net (Postfix) with ESMTPS id 0A67E1634 for <nhoague@networkdynamix.com>; Mon, 29 Jan 2018 23:36:08 -0800 (PST)⁩

Received: ⁨from exmx090-co-1-2.serverpod.net (exmx090-co-1-2.serverpod.net [10.224.72.23]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aesmt090-co-1.serverpod.net (Postfix) with ESMTPS id C38C2DD8 for <nhoague@networkdynamix.com>; Mon, 29 Jan 2018 23:36:07 -0800 (PST)⁩

Received: ⁨from pmg01.onepointsync.com (50-206-11-250-static.hfc.comcastbusiness.net [50.206.11.250]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by west.smtp.mx.exch090.serverdata.net (Postfix) with ESMTPS id 97AD713C for <nhoague@networkdynamix.com>; Mon, 29 Jan 2018 23:36:07 -0800 (PST)⁩

Received: ⁨from pmg01.onepointsync.com (localhost.localdomain [127.0.0.1]) by pmg01.onepointsync.com (Proxmox) with ESMTP id 638B12408B3 for <nhoague@networkdynamix.com>; Tue, 30 Jan 2018 00:36:07 -0700 (MST)⁩

Received: ⁨from mail186-2.suw21.mandrillapp.com (mail186-2.suw21.mandrillapp.com [198.2.186.2]) by pmg01.onepointsync.com (Proxmox) with ESMTPS id B616E2408AA for <nhoague@networkdynamix.com>; Tue, 30 Jan 2018 00:36:03 -0700 (MST)⁩

Received: ⁨from pmta02.mandrill.prod.suw01.rsglab.com (127.0.0.1) by mail186-2.suw21.mandrillapp.com id he0g66174bki for <nhoague@networkdynamix.com>; Tue, 30 Jan 2018 07:35:57 +0000 (envelope-from <bounce-md_30868966.5a70205d.v1-3f2e19b9ff30417ba3f9e30bd9c7d907@mandrillapp.com>)⁩

Received: ⁨from [73.221.99.251] by mandrillapp.com id 3f2e19b9ff30417ba3f9e30bd9c7d907; Tue, 30 Jan 2018 07:35:57 +0000⁩

Content-Type: ⁨multipart/alternative; boundary="_av-Vq--UHK6lLIJW5hDoTaIgA"⁩

X-Cmae-Score: ⁨100⁩

X-Source-Ip: ⁨50.206.11.250⁩

Spam-Stopper-Id: ⁨0f39ac8a-0262-4ed0-a722-586f81d814c8⁩

Received-Spf: ⁨pass (mandrillapp.com: Sender is authorized to use 'bounce-md_30868966.5a70205d.v1-3f2e19b9ff30417ba3f9e30bd9c7d907@mandrillapp.com' in 'mfrom' identity (mechanism 'include:spf.mandrillapp.com' matched)) receiver=pmg01.onepointsync.com; identity=mailfrom; envelope-from="bounce-md_30868966.5a70205d.v1-3f2e19b9ff30417ba3f9e30bd9c7d907@mandrillapp.com"; helo=mail186-2.suw21.mandrillapp.com; client-ip=198.2.186.2⁩

List-Unsubscribe: ⁨<mailto:unsubscribe-md_30868966.5a70205d.v1-3f2e19b9ff30417ba3f9e30bd9c7d907@mailin1.us2.mcsv.net?subject=unsub>⁩

X-Cmae-Verdict: ⁨spam⁩

X-Ms-Exchange-Transport-Endtoendlatency: ⁨00:00:00.3784040⁩

Dkim-Signature: ⁨v=1; a=rsa-sha256; c=relaxed/relaxed; s=mandrill; d=silverlakepub.com; h=From:Subject:References:Message-Id:In-Reply-To:List-Unsubscribe:To:Date:MIME-Version:Content-Type; i=sales@silverlakepub.com; bh=SaGItYXpunHCcASgibvoHbcM2U1p+N6usOZ/1TWMt0g=; b=e9ZWTozDMXpP0LXMaeFPZOJEYnLvRWOq8v75MdqR8uQwKocHmgdWPdcJh0WmUYxEJhEnEdXrLGv2 T6bOD2AEBJEwi1Ob3m4bIWJJyoiHx9fjEdpwAWT1mO+NcUx2xOeLu65lhTk+KSGRsZ+VyXcyHcy7 r01DPAAHvYzc44+yxR8=⁩

Dkim-Signature: ⁨v=1; a=rsa-sha256; c=relaxed/relaxed; d=mandrillapp.com; i=@mandrillapp.com; q=dns/txt; s=mandrill; t=1517297757; h=From : Subject : References : Message-Id : In-Reply-To : List-Unsubscribe : To : Date : MIME-Version : Content-Type : From : Subject : Date : X-Mandrill-User : List-Unsubscribe; bh=SaGItYXpunHCcASgibvoHbcM2U1p+N6usOZ/1TWMt0g=; b=VFgPu3/y5VwjrHU+8gaNFmlgyKPFW5bUp5hcAz938GYXPv05Op40RHyuzKAO48N1vbrDnA /QnEgCPHX4zRayhbPukRlwYTFvUS8Z2CWS0MytpueurcbSmPhC7RlfoGWI+pObvGhaHzrvvr iIbY4Bmdvni1NNQL7IZJmmRobgPHg=
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!