[SOLVED] Adding SPAM Score to Unknown Senders

T

thebiggeek

Active Member
Jul 23, 2020
41
3
28
52
Hi, Rejecting emails costs the business a lot of money, but if we don't reject emails properly - then there is a chance of getting a lot of spam. I have been debating what is the best manner, and wanted to open up a discussion if someone has found a solution to this. PMG offers a Setting where UNKNOWN Senders can be rejected. I have noticed that even today a lot of hosting companies who host emails themselves are not enforcing proper configurations like DKIM/DMARC/SPF - and at times also have bad reverse IP Lookups, this causes us to reject a lot of emails, which should not have been rejected in the first place.

I am now wondering - if there is a Rule or someone has written a Rule, where any email from an UNKOWN IP (i.e IP does not have a Reverse Lookup or does not match the DNS name) is given a Score?

I am sorry if this is a repeat question, as I did do some searches but could not find out how to do this. Also a Quick question to Proxmox Team - is there a way to not reject, but quarantine - or whitelist a specific IP?
 
Have a look at spamassasin's rDNS_NONE score.

https://spamassassin.apache.org/old/tests_3_2_x.html

Code: 
Nov 20 15:51:28 pmg postfix/smtpd[30515]: warning: hostname exabytes-57715745.mschosting.org does not resolve to address 103.233.0.189: Name or service not known
Nov 20 15:51:28 pmg postfix/smtpd[30515]: connect from unknown[103.233.0.189]
Nov 20 15:51:28 pmg postfix/smtpd[30515]: NOQUEUE: client=unknown[103.233.0.189]
Nov 20 15:51:28 pmg pmg-smtp-filter[30474]: 439655FB775803441F: new mail message-id=<074201d6bf11$f3be1bc0$db3a5340$@externaldomain.com>#012
Nov 20 15:51:32 pmg pmg-smtp-filter[30474]: 439655FB775803441F: SA score=0/5 time=3.787 bayes=0.00 autolearn=no autolearn_force=no hits=AWL(-0.945),BAYES_00(-1.9),DKIM_SIGNED(0.1),DKIM_VALID(-0.1),DKIM_VALID_AU(-0.1),DKIM_VALID_EF(-0.1),HTML_MESSAGE(0.001),RDNS_NONE(0.793),SPF_HELO_NONE(0.001),SPF_PASS(-0.001),TOO_POLITE(1.973)
Nov 20 15:51:32 pmg postfix/smtpd[30530]: connect from localhost.localdomain[127.0.0.1]
Nov 20 15:51:32 pmg postfix/smtpd[30530]: 0CF2443975: client=localhost.localdomain[127.0.0.1], orig_client=unknown[103.233.0.189]
Nov 20 15:51:32 pmg postfix/cleanup[30531]: 0CF2443975: message-id=<074201d6bf11$f3be1bc0$db3a5340$@externaldomain.com>
Nov 20 15:51:32 pmg postfix/qmgr[975]: 0CF2443975: from=<user1@externaldomain.com>, size=11149, nrcpt=2 (queue active)
Nov 20 15:51:32 pmg postfix/smtpd[30530]: disconnect from localhost.localdomain[127.0.0.1] ehlo=1 xforward=1 mail=1 rcpt=2 data=1 commands=6
Nov 20 15:51:32 pmg pmg-smtp-filter[30474]: 439655FB775803441F: accept mail to <user1@mydomain.com> (0CF2443975) (rule: default-accept)
Nov 20 15:51:32 pmg pmg-smtp-filter[30474]: 439655FB775803441F: accept mail to <user2@mydomain.com> (0CF2443975) (rule: default-accept)
Nov 20 15:51:32 pmg pmg-smtp-filter[30474]: 439655FB775803441F: processing time: 3.888 seconds (3.787, 0.027, 0)
Nov 20 15:51:32 pmg postfix/smtpd[30515]: proxy-accept: END-OF-MESSAGE: 250 2.5.0 OK (439655FB775803441F); from=<user1@externaldomain.com> to=<user1@mydomain.com> proto=ESMTP helo=<exabytes-57715745.mschosting.org>
Nov 20 15:51:32 pmg postfix/smtpd[30515]: disconnect from unknown[103.233.0.189] ehlo=1 mail=1 rcpt=2 data=1 quit=1 commands=6
Nov 20 15:51:40 pmg postfix/smtp[29996]: 0CF2443975: to=<user1@mydomain.com>, relay=remote.mydomain.com[192.168.40.230]:25, delay=8.2, delays=0.05/0/8.2/0, dsn=2.0.0, status=sent (250 Ok)
Nov 20 15:51:40 pmg postfix/smtp[29996]: 0CF2443975: to=<user2@mydomain.com>, relay=remote.mydomain.com[192.168.40.230]:25, delay=8.2, delays=0.05/0/8.2/0, dsn=2.0.0, status=sent (250 Ok)
Nov 20 15:51:40 pmg postfix/qmgr[975]: 0CF2443975: removed
 
Last edited:
  • Like
Reactions: Stoiko Ivanov
Thank you -
hata_ph said:
Have a look at spamassasin's rDNS_NONE score.

https://spamassassin.apache.org/old/tests_3_2_x.html

Code: 
Nov 20 15:51:28 pmg postfix/smtpd[30515]: warning: hostname exabytes-57715745.mschosting.org does not resolve to address 103.233.0.189: Name or service not known
Nov 20 15:51:28 pmg postfix/smtpd[30515]: connect from unknown[103.233.0.189]
Nov 20 15:51:28 pmg postfix/smtpd[30515]: NOQUEUE: client=unknown[103.233.0.189]
Nov 20 15:51:28 pmg pmg-smtp-filter[30474]: 439655FB775803441F: new mail message-id=<074201d6bf11$f3be1bc0$db3a5340$@externaldomain.com>#012
Nov 20 15:51:32 pmg pmg-smtp-filter[30474]: 439655FB775803441F: SA score=0/5 time=3.787 bayes=0.00 autolearn=no autolearn_force=no hits=AWL(-0.945),BAYES_00(-1.9),DKIM_SIGNED(0.1),DKIM_VALID(-0.1),DKIM_VALID_AU(-0.1),DKIM_VALID_EF(-0.1),HTML_MESSAGE(0.001),RDNS_NONE(0.793),SPF_HELO_NONE(0.001),SPF_PASS(-0.001),TOO_POLITE(1.973)
Nov 20 15:51:32 pmg postfix/smtpd[30530]: connect from localhost.localdomain[127.0.0.1]
Nov 20 15:51:32 pmg postfix/smtpd[30530]: 0CF2443975: client=localhost.localdomain[127.0.0.1], orig_client=unknown[103.233.0.189]
Nov 20 15:51:32 pmg postfix/cleanup[30531]: 0CF2443975: message-id=<074201d6bf11$f3be1bc0$db3a5340$@externaldomain.com>
Nov 20 15:51:32 pmg postfix/qmgr[975]: 0CF2443975: from=<user1@externaldomain.com>, size=11149, nrcpt=2 (queue active)
Nov 20 15:51:32 pmg postfix/smtpd[30530]: disconnect from localhost.localdomain[127.0.0.1] ehlo=1 xforward=1 mail=1 rcpt=2 data=1 commands=6
Nov 20 15:51:32 pmg pmg-smtp-filter[30474]: 439655FB775803441F: accept mail to <user1@mydomain.com> (0CF2443975) (rule: default-accept)
Nov 20 15:51:32 pmg pmg-smtp-filter[30474]: 439655FB775803441F: accept mail to <user2@mydomain.com> (0CF2443975) (rule: default-accept)
Nov 20 15:51:32 pmg pmg-smtp-filter[30474]: 439655FB775803441F: processing time: 3.888 seconds (3.787, 0.027, 0)
Nov 20 15:51:32 pmg postfix/smtpd[30515]: proxy-accept: END-OF-MESSAGE: 250 2.5.0 OK (439655FB775803441F); from=<user1@externaldomain.com> to=<user1@mydomain.com> proto=ESMTP helo=<exabytes-57715745.mschosting.org>
Nov 20 15:51:32 pmg postfix/smtpd[30515]: disconnect from unknown[103.233.0.189] ehlo=1 mail=1 rcpt=2 data=1 quit=1 commands=6
Nov 20 15:51:40 pmg postfix/smtp[29996]: 0CF2443975: to=<user1@mydomain.com>, relay=remote.mydomain.com[192.168.40.230]:25, delay=8.2, delays=0.05/0/8.2/0, dsn=2.0.0, status=sent (250 Ok)
Nov 20 15:51:40 pmg postfix/smtp[29996]: 0CF2443975: to=<user2@mydomain.com>, relay=remote.mydomain.com[192.168.40.230]:25, delay=8.2, delays=0.05/0/8.2/0, dsn=2.0.0, status=sent (250 Ok)
Nov 20 15:51:40 pmg postfix/qmgr[975]: 0CF2443975: removed
Click to expand...
Thank you and apologies for not responding earlier. I am going through this now.
 
You must log in or register to reply here.
Top Bottom