EDIT: Google Groups can be identified using a regex based on the sender address. Therefore, it is possible to reject Google Groups much earlier. This contribution should therefore be considered obsolete. Use the other thread instead
Google Groups is being massively abused for sending spam. The volume is so high that the decision to block Google Groups was made long ago.
Unfortunately, the Google Groups header only becomes visible after the DATA command. Therefore, the earliest possible point for filtering is the CustomCheck. If it returns a spam score > 5, no further checks are executed. We respond with 99 to ensure that emails with this score—ideally in before-queue-filter mode—are rejected.
This kind of checks are incredible fast over SpamAssassin Filtering.
Enable the custom check script by adding or updating the following section:
Open the PMG configuration file:
nano /etc/pmg/pmg.conf
section: admin
custom_check 1
custom_check_path /usr/local/bin/pmg-custom-check.sh
touch /usr/local/bin/pmg-custom-check.sh
chmod +x /usr/local/bin/pmg-custom-check.sh
cat > /usr/local/bin/pmg-custom-check.sh
Restart:
pmgconfig sync --restart
2026-03-16T02:39:00.468154+00:00 mx postfix/smtpd[506]: connect from mail-wr1-f71.google.com[209.85.221.71]
2026-03-16T02:39:00.640994+00:00 mx postfix/smtpd[506]: NOQUEUE: client=mail-wr1-f71.google.com[209.85.221.71]
2026-03-16T02:39:00.697245+00:00 mx pmg-smtp-filter[496]: 245D469B76D44A7252: new mail message-id=<CALKtb2GmQuk4_JBXoGrg8LLtTOakvf7SEjgLcOEGv3_cELX=TQ@mail.gmail.com>
2026-03-16T02:39:00.753967+00:00 mx pmg-smtp-filter[496]: 245D469B76D44A7252: SA score=99/5 time=0.000 bayes=undefined autolearn=no hits=CustomCheck(99)
2026-03-16T02:39:00.756505+00:00 mx pmg-smtp-filter[496]: 245D469B76D44A7252: block mail to <mymail> (rule: Block Spam (Level 7))
2026-03-16T02:39:00.759871+00:00 mx pmg-smtp-filter[496]: 245D469B76D44A7252: processing time: 0.071 seconds (0, 0.031, 0.02)
Google Groups is being massively abused for sending spam. The volume is so high that the decision to block Google Groups was made long ago.
Unfortunately, the Google Groups header only becomes visible after the DATA command. Therefore, the earliest possible point for filtering is the CustomCheck. If it returns a spam score > 5, no further checks are executed. We respond with 99 to ensure that emails with this score—ideally in before-queue-filter mode—are rejected.
This kind of checks are incredible fast over SpamAssassin Filtering.
Enable the custom check script by adding or updating the following section:
Open the PMG configuration file:
nano /etc/pmg/pmg.conf
section: admin
custom_check 1
custom_check_path /usr/local/bin/pmg-custom-check.sh
touch /usr/local/bin/pmg-custom-check.sh
chmod +x /usr/local/bin/pmg-custom-check.sh
cat > /usr/local/bin/pmg-custom-check.sh
Code:
#!/usr/bin/env bash
set -euo pipefail
# PMG custom check API v1: args: APIVERSION QUEUEFILENAME
if [[ $# -ne 2 ]]; then
echo "usage: $0 APIVERSION QUEUEFILENAME" >&2
exit 1
fi
echo "v1"
# Google Groups Header prüfen
if awk 'BEGIN{RS=""; FS="\n"} NR==1 { for(i=1;i<=NF;i++) if(tolower($i) !~ /^subject:/ && tolower($i) ~ /googlegroups\.com/) exit 0; exit 1 }' "$2"; then
echo "SCORE: 99"
else
echo "SCORE: 0"
fi
exit 0Restart:
pmgconfig sync --restart
2026-03-16T02:39:00.468154+00:00 mx postfix/smtpd[506]: connect from mail-wr1-f71.google.com[209.85.221.71]
2026-03-16T02:39:00.640994+00:00 mx postfix/smtpd[506]: NOQUEUE: client=mail-wr1-f71.google.com[209.85.221.71]
2026-03-16T02:39:00.697245+00:00 mx pmg-smtp-filter[496]: 245D469B76D44A7252: new mail message-id=<CALKtb2GmQuk4_JBXoGrg8LLtTOakvf7SEjgLcOEGv3_cELX=TQ@mail.gmail.com>
2026-03-16T02:39:00.753967+00:00 mx pmg-smtp-filter[496]: 245D469B76D44A7252: SA score=99/5 time=0.000 bayes=undefined autolearn=no hits=CustomCheck(99)
2026-03-16T02:39:00.756505+00:00 mx pmg-smtp-filter[496]: 245D469B76D44A7252: block mail to <mymail> (rule: Block Spam (Level 7))
2026-03-16T02:39:00.759871+00:00 mx pmg-smtp-filter[496]: 245D469B76D44A7252: processing time: 0.071 seconds (0, 0.031, 0.02)
Last edited: