Before Queue Filtering: Block + Quarantine (save a copy of blocked email)

[mailman]

Hi,

I'm trying out Proxmox Mail Gateway.

I would like to use Proxmox Mail Gateway with "Before Queue Filtering" = "Yes", and configure it to BOTH block and quarantine emails with a spam score above a certain threshold. (I used to run a Postfix server in this configuration several years ago at a company I used to work for.)

Problem is that I can't work out how to configure Proxmox Mail Gateway to both block + quarantine, the problem appears to be that "Quarantine" and "Block" are both final actions, meaning I can't apply them both at the same time?

Is it possible to configure Proxmox Mail Gateway to both "block and quarantine" with "Before Queue Filtering" enabled?

If not, perhaps a new (non-final action) can be added called "Save Copy to Quarantine"? Or a new (final action) called "Quarantine + Block" can be added, mainly to be used with "Before Queue Filtering"?

In my view, having the SMTP server block emails at SMTP time (Before Queue Filtering) is useful because it allows senders to be immediately notified that their emails were rejected, but it also helps to save a copy of the entire blocked email in the quarantine (or somewhere) to enable the administrator to fine tune the block rules and release any incorrectly blocked emails (even though the server told the sender they were rejected).

Thanks

 

[dcsapak]

i would not recommend that

in case it catches a legitimate mail, the sender will get a notice that it could not be sent and probably will try it again, while it actually was accepted

if you *really* want to do this, i think the only way would be to use the 'bcc' feature to send it to another mail box while blocking..

 

[mailman]

Thank you for the response.

 

[BJ78945]

I also want to reject mails and put them in the user quarantine. At the moment I try pmg. The Software I'm using at the moment also reject mails with 550: High probability of spam and send this to quarantine. It is very useful. Most user doesn't check the quarantine and mostly they get the report once a week. So if it is false-positive, the sender doesn't know it and the recipient perhaps never see this mail. Could bring some problem.

I did a little change on pmg so it works like expected but I think it will not be update save.

Edit /usr/share/perl5/PMG/RuleDB/Quarantine.pm and change

sub final {
    return 1;
}

to

sub final {
    return 0;
}

Then go to the WebGUI and add a second Mail Filter Rule. Set it up exactly as the Quarantine Rule but as Action set only Block. Set this Rule with priority one smaller than the quarantine rule:



You also need a Mail Filter Rule for Virus Alert. This Rule has Action Quarantine too, so is not final anymore:



Thats all.

Three things you should know.

1. I don't think it is update save
2. In Tracking Center you will see the mails twice. One time with the quarantine hint and one time with the block hint.
3. If you have another Mail Filter Rule with quarantine, this rule is no final rule anymore.

 

[BJ78945]

For better Integration and update safety I write a package. It is only merged from Block.pm and Quarantine.pm. But I have 2 questions left perhaps someone from proxmox could help or use this to implement this feature request in the code.

1. what otype and which type should be used for Block and Quarantine? I used the Quarantine type here
2. What I have to do that I can see a new Action in the webgut from my BlockAndQuarantine.pm?

I cannot attach the BlockAndQuarantine.pm file so here is the code:

Spoiler: BlockAndQuarantine.pm

package PMG::RuleDB::BlockAndQuarantine;

use strict;
use warnings;
use DBI;
use Digest::SHA;
use Encode;

use PVE::SafeSyslog;

use PMG::Utils;
use PMG::ModGroup;
use PMG::RuleDB::Object;

use base qw(PMG::RuleDB::Object);

sub otype {
    return 4006; #??? what is otype
}

sub oclass {
    return 'action';
}

sub otype_text {
    return 'BlockAndQuarantine';
}

sub oisedit {
    return 0;  
}

sub final {
    return 1;
}

sub priority {
    return 90;
}

sub new {
    my ($type, $ogroup) = @_;
   
    my $class = ref($type) || $type;
 
    my $self = $class->SUPER::new($class->otype(), $ogroup);
  
    return $self;
}

sub load_attr {
    my ($type, $ruledb, $id, $ogroup, $value) = @_;
   
    my $class = ref($type) || $type;

    my $obj = $class->new ($ogroup);
    $obj->{id} = $id;

    $obj->{digest} = Digest::SHA::sha1_hex($id, $ogroup);
   
    return $obj;
}

sub save {
    my ($self, $ruledb) = @_;

    defined($self->{ogroup}) || return undef;

    if (defined ($self->{id})) {
    # update
   
    # nothing to update

    } else {
    # insert

    my $sth = $ruledb->{dbh}->prepare(
        "INSERT INTO Object (Objectgroup_ID, ObjectType) VALUES (?, ?);");

    $sth->execute($self->ogroup, $self->otype);
   
    $self->{id} = PMG::Utils::lastid($ruledb->{dbh}, 'object_id_seq');
    }
   
    return $self->{id};
}

sub execute {
    my ($self, $queue, $ruledb, $mod_group, $targets,
    $msginfo, $vars, $marks, $ldap) = @_;

    my $rulename = $vars->{RULE} // 'unknown';

    foreach my $ta (@$subgroups) {
        my ($tg, $entity) = (@$ta[0], @$ta[1]);

        PMG::Utils::remove_marks($entity);

        if ($queue->{vinfo}) {
            if (my $qid = $queue->quarantine_mail($ruledb, 'V', $entity, $tg, $msginfo, $vars, $ldap)) {

                foreach (@$tg) {
                    syslog ('info', "$queue->{logid}: moved mail for <%s> to virus quarantine - %s (rule: %s)", $_, $qid, $rulename);
                    syslog('info', "%s: block mail to <%s> (rule: %s)", $queue->{logid}, encode('UTF-8', $to), $rulename);
                }

                $queue->set_status ($tg, 'blocked');
            }

        } else {
            if (my $qid = $queue->quarantine_mail($ruledb, 'S', $entity, $tg, $msginfo, $vars, $ldap)) {

                foreach (@$tg) {
                    syslog ('info', "$queue->{logid}: moved mail for <%s> to spam quarantine - %s (rule: %s)", $_, $qid, $rulename);
                    syslog('info', "%s: block mail to <%s> (rule: %s)", $queue->{logid}, encode('UTF-8', $to), $rulename);
                }

                $queue->set_status($tg, 'blocked');
            }
        }
    }

    # warn if no subgroups
}

sub short_desc {
    my $self = shift;

    return "Move to quarantine and block message";
}

1;

 

[troycarpenter]

If this is something to implement in the future, perhaps an extra checkbox in the rule that says "continue processing rules" which signals that the action in the rule is not final?