Search results

Why separate actions needed? As you have an huge SA score of 15, you can easily block such Spam mails with existing rulesets...

Heutrisic Score better? but its added to the SA Score...

My usgesstion is: "Add Spam Score for encrypted archives and documents"

Thanks again for the great job are doing in here. Much appreciated, so wil must give the rule system an try to solve the issue. that cannot be directly handeled in MTA (postfix) level, like you explained ;)

Yes, maybe an simple rename would be more intuitive ;)

I mentioned another approch here, but still don't know, if it will regard the from: info for the blocking decision, as i don't expect any e-mail coming form "outside" having my own domain as from adresse (sender). All e-mails have the from with my e-mail domain will be send out from my internal...

I asked which header fields postfix will examine to prevent / block such spoofed mails coming from"own" domain. if postfix does not look and grab the e-mail address / Domaininfo there - for the "from:" - this approch won't do the job... So @Stoiko Ivanov do you know it or have experiance for it?

But this is currently not possible via GUI?

Thanks, any special reasons for it to not decreasing the RBL max ttl?

@Stoiko Ivanov: On which level operates this one using postfix MTA to block E-mails form "outside" using your own domains configured within PMG: https://sajonara.de/2014/07/07/e-mail-spam-mit-absender-blacklisten-postfix-eindaemmen/...

And what are your current "long-term" results decreasing the default from 1h to 30m?

Have here nearly the same issue: But no solution on it, yet ;(

@hata_ph It's coming straight from external side / external IP-Adresses received by PMG. So no relay (security) problem at all. And the unsettling thing is that PMG is NOT able to detect and catch such spoofed E-Mails, yet. The logfile lines unleash the real sender address: Received-SPF...

Thank's for reply, but too specific to the general problem, that fake from name spoof adress can still be received indicating as coming from own doamin name. There most be more smarter approches @Stoiko Ivanov ?

Has really no one any suggestion?

I received such an real FromName-Spoofing E-Mail, replaced only data sensitive infos. Received: from mail2.mydomain.com (localhost.localdomain [127.0.0.1]) by mail2.mydomain.com (Proxmox) with ESMTP id A96001214C7 for <myuseraccount@mydomain.com>; Mon, 14 Sep 2020 13:40:15 +0200...

Nothing, BAYES automatically get active with the BAYES_XX Sa Rules after some month Of incoming email flow. It only the quite high BAYES_00 rule decreasing -1.9 points. That seems to much for my site results... so do you use sa-learn (manually)?

For me its only important to see, if it works for me or not i never used sa-learn to train the Bayes.. so means the System autolearn does not actually an good Job for my site. Maybe just giving BAYES_00 Score 0 would also optimize the results, and turning off AWL, who knows

Using PMG Defaults. Means both are on. But currently not sure, if they are contraproductive...

Have the same effect, since the day BAYES_xx Rules began to work (automatically) one day for SA Scoring, it last serveral month before BAYES_xx Rules went active. I think about to deactivate both AWL and Bayes... or play around with each option.