Search results

On my instance of PMG (CT) and my other debian installs, /var/log/syslog is world readable. root@smtp:~# ls -alh /var/log/syslog -rw-r--r-- 1 root root 4.8M Feb 22 08:21 /var/log/syslog Check logrotate config. Your current syslog file looks prettu big! You might want to investigate the cause.

Permissions messed up on one or more of /var/log/syslog* files? I'm guessing the PMG webui invokes pmg-log-tracker as www-data user.

Just saw your timely post as I want to do the same. In my case, I want to run multiple internal mail servers running different groupware stacks, receiving the same mail, for testing purposes. Like you, my first thought was to define multiple transports for the same domain. Pity it doesn't work...

The rule has two actions. It also adds the spam info to the message. Rather than disable the rule, remove the quarantine action from it.

Why not also add a DMARC email address. That way, you will get a better indication of the scale and origin of attempts to spoof your domain. IME the big mail providers yahoo, gmail etc do send reports if you provide an rua address in the dmarc dns record.

In the headers above, you have: KAM_DMARC_NONE 0.25 DKIM has Failed or SPF has failed on the message and the domain has no DMARC policy If I understand correctly: This means PMG encounters the spf fail but was unable to find a valid dmarc policy for said domain (mydomain.com?). It is...

I have left my spf record as softfail but I'm considering changing it. Assuming the OPs txt record above is the spf for mydomain.com, doesn't this recursively include itself? If so, presumably that's redundant or incorrect.

https://pmg.proxmox.com/pmg-docs/pmgconfig.1.html pmgconfig apicert --force 1 pmgconfig cert info #display current certs systemctl restart pmgproxy You can of course put your own cert and key in place if needed. (The file contains both cert and key.)

Assuming that it is your clock that is the issue (check with `date`): You will probably have timesyncd or possibly chrony installed. If the former, then this post should help. If it's chrony, check `/etc/chrony/chrony.conf`. In order to find which timesync daemon you're using, try `systemctl...

Is the date set correctly on the host?

Thanks for your tutorial. How would PMG treat two spam scores? AIUI the custom filter is run before spamassassin. If SA remains enabled, is it an aggregate or is the rspamd score superseded by the SA one?

I think the concensus with PMG is against verbose message/content logging. I don't believe there is a straight forward way to log msg bodies other than BCC them. It is possible to log additional headers. Add to the postfix config by copying the default template...

In that case, I do not know.

That's promising. Only thing I can think of is, you are invoking standalone spamassasin directly, whereas PMG mail system may require restart of service(s) for the changed config to get picked up.

Sorry I wasn't quite right there. Spamassassin customisation (that cannot be achieved via the PMG UI/API) should in fact go in /etc/mail/spamassassin/custom.cf. That file is not part of the PMG template system, so there's no need to override in the way I suggested above. i.e. 'custom rules'...

I don't believe it is possible to create such actions (modify spam score) in the PMG mail filter UI. I think you need to do it in your spamassasin custom config. Copy /var/lib/pmg/templates/local.cf.in to /etc/pmg/templates/ and start making the requisite changes there. IME ChatGPT frequently...

AIUI all specified DNSBLs are queried. There's no random/round-robin arrangement though queries might be run in parallel. Your understanding of the default multiplier is correct, each site will have weight 1. 20 DNBLs seems excessive!

My config would seem to differ from yours in that I did not define vlans directly in the web UI. I just entered the ethx.y under bridge ports when creating a bridge. They appear in /etc/network/interfaces as auto vmbr1 iface vmbr1 inet manual bridge-ports eth0.10 bridge-stp off...

For my setup, I assign single ports ethX.Y to traditional bridges rather than use vlan aware bridges or OVS. Like you, I prefer it as it seems more explicit, e.g. in the web UI. AIUI the argument used to go that vlan aware bridges were more convenient as you reduced the need for new bridges and...

There is postfix's smtpd_reject_footer