Antispam blocks incompletely

Roberto Salazar

New Member
Jun 21, 2019
3
0
1
46
Regards
Use Proxmox Mail Gateway 5.2.1 in community version. I have a problem when the emails are reviewed in the antispam. I have placed blocking rules by "subject" and it works correctly, except that if 10 emails arrive with this "subject" 6 emails are blocked and 4 emails are released. I do not understand why the 10 emails were not blocked, please help them. I attach an image
Roberto
upload_2019-6-21_11-45-17.png
 
You need to analyse your rules setting and the email header in question in detail.

Your screenshot does not help in debugging.
 
Regards

I send two headers sent from the same email and with a similar IP address. I even assume that the mail is exactly the same in both cases. The first was blocked and the second was released.
If it were a problem of configuration of rules, surely or all would be blocked or all would be released. What is the problem?
---------------------------------------
BLOCKED MAIL HEADER
---------------------------------------

Jun 21 12:27:31 pmg postfix/smtpd[4720]: connect from mailsec105.isp.belgacom.be[195.238.20.101]
Jun 21 12:27:32 pmg postfix/smtpd[4720]: 18156211DE: client=mailsec105.isp.belgacom.be[195.238.20.101]
Jun 21 12:27:32 pmg postfix/cleanup[4711]: 18156211DE: message-id=<1369608503.533215.1561138039538@webmail.appsuite.proximus.be>
Jun 21 12:27:44 pmg postfix/qmgr[18592]: 18156211DE: from=<jean.fassotte@proximus.be>, size=723638, nrcpt=1 (queue active)
Jun 21 12:27:44 pmg pmg-smtp-filter[4731]: 211E15D0D139026510: new mail message-id=<1369608503.533215.1561138039538@webmail.appsuite.proximus.be>
Jun 21 12:27:46 pmg pmg-smtp-filter[4731]: 211E15D0D139026510: SA score=0/5 time=0.827 bayes=undefined autolearn=ham autolearn_force=no hits=HTML_MESSAGE(0.001),LOTS_OF_MONEY(0.001),SPF_HELO_NONE(0.001),SPF_PASS(-0.001)
Jun 21 12:27:46 pmg pmg-smtp-filter[4731]: 211E15D0D139026510: notify <jean.fassotte@proximus.be> (0F961212E0)
Jun 21 12:27:46 pmg pmg-smtp-filter[4731]: 211E15D0D139026510: block mail to <k.castillo@midominio.com>
Jun 21 12:27:46 pmg pmg-smtp-filter[4731]: 211E15D0D139026510: processing time: 1.923 seconds (0.827, 0.895, 0)
Jun 21 12:27:46 pmg postfix/lmtp[4712]: 18156211DE: to=<k.castillo@midominio.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=15, delays=12/0/0.04/2, dsn=2.7.0, status=sent (250 2.7.0 BLOCKED (211E15D0D139026510))
Jun 21 12:27:46 pmg postfix/qmgr[18592]: 18156211DE: removed
Jun 21 12:27:49 pmg postfix/smtpd[4720]: disconnect from mailsec105.isp.belgacom.be[195.238.20.101] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5

---------------------------------------
DELIVERY MAIL HEADER
---------------------------------------


Jun 21 12:29:00 pmg postfix/smtpd[4709]: connect from mailsec105.isp.belgacom.be[195.238.20.101]
Jun 21 12:29:01 pmg postfix/smtpd[4709]: 9E4C6211E1: client=mailsec105.isp.belgacom.be[195.238.20.101]
Jun 21 12:29:02 pmg postfix/cleanup[4744]: 9E4C6211E1: message-id=<1764668967.533250.1561138140056@webmail.appsuite.proximus.be>
Jun 21 12:29:12 pmg postfix/qmgr[18592]: 9E4C6211E1: from=<jean.fassotte@proximus.be>, size=723963, nrcpt=1 (queue active)
Jun 21 12:29:12 pmg pmg-smtp-filter[4724]: 212E35D0D13E8D41C1: new mail message-id=<1764668967.533250.1561138140056@webmail.appsuite.proximus.be>
Jun 21 12:29:14 pmg pmg-smtp-filter[4724]: 212E35D0D13E8D41C1: SA score=0/5 time=1.195 bayes=undefined autolearn=ham autolearn_force=no hits=HTML_MESSAGE(0.001),LOTS_OF_MONEY(0.001),SPF_HELO_NONE(0.001),SPF_PASS(-0.001)
Jun 21 12:29:14 pmg postfix/smtpd[4716]: connect from localhost.localdomain[127.0.0.1]
Jun 21 12:29:14 pmg postfix/smtpd[4716]: D0CA0212E5: client=localhost.localdomain[127.0.0.1], orig_client=mailsec105.isp.belgacom.be[195.238.20.101]
Jun 21 12:29:14 pmg postfix/cleanup[4711]: D0CA0212E5: message-id=<1764668967.533250.1561138140056@webmail.appsuite.proximus.be>
Jun 21 12:29:14 pmg postfix/smtpd[4716]: disconnect from localhost.localdomain[127.0.0.1] ehlo=1 xforward=1 mail=1 rcpt=1 data=1 commands=5
Jun 21 12:29:14 pmg postfix/qmgr[18592]: D0CA0212E5: from=<jean.fassotte@proximus.be>, size=724448, nrcpt=1 (queue active)
Jun 21 12:29:14 pmg pmg-smtp-filter[4724]: 212E35D0D13E8D41C1: accept mail to <m.palacios@midominio.com> (D0CA0212E5)
Jun 21 12:29:14 pmg pmg-smtp-filter[4724]: 212E35D0D13E8D41C1: processing time: 2.022 seconds (1.195, 0.613, 0)
Jun 21 12:29:14 pmg postfix/lmtp[4721]: 9E4C6211E1: to=<m.palacios@midominio.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=14, delays=12/0/0.05/2.1, dsn=2.5.0, status=sent (250 2.5.0 OK (212E35D0D13E8D41C1))
Jun 21 12:29:14 pmg postfix/qmgr[18592]: 9E4C6211E1: removed
Jun 21 12:29:15 pmg postfix/smtp[4717]: D0CA0212E5: to=<m.palacios@midominio.com>, relay=192.168.0.5[192.168.0.5]:25, delay=0.16, delays=0.07/0/0.06/0.02, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 4DEEF2FC02AF)
Jun 21 12:29:15 pmg postfix/qmgr[18592]: D0CA0212E5: removed
Jun 21 12:29:18 pmg postfix/smtpd[4709]: disconnect from mailsec105.isp.belgacom.be[195.238.20.101] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5
 
Could you show us your Rules? It might be possible the Mail is Whitelisted for some recipients, did you checked this?
 
I found the problem I have a valid account control through LDAP, one account existed and the other did not. Thanks for your help.
Roberto
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!