Block Message with blank Subject

N

nestortmk

New Member
Jan 25, 2023
5
0
1
I have the same problem. Version 7.2-3

Received: from EX2.guma.by (192.168.55.169) by EX1.guma.by
(192.168.55.170) with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.16 via EX
Transport; Wed, 25 Jan 2023 16:00:19 +0700
Received: from EX1.guma.by (192.168.55.170) by EX2.guma.by
(192.168.55.169) with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.16; Wed, 25 Jan
2023 16:00:19 +0700
Received: from relay.guma.by (192.168.55.233) by EX1.guma.by
(192.168.55.170) with Microsoft SMTP Server id 15.1.2507.16 via Frontend
Transport; Wed, 25 Jan 2023 16:00:19 +0700
Received: from relay.guma.by (localhost.localdomain [127.0.0.1])
by relay.guma.by (Proxmox) with ESMTP id 125D92144C
for <nre@guma.by>; Wed, 25 Jan 2023 16:00:19 +0700 (+07)
Received-SPF: pass (orda.net ... _spf.yandex.ru: Sender is authorized to use 'givi@orda.net' in 'mfrom' identity (mechanism 'include:_spf-ipv4.yandex.ru' matched)) receiver=relay.guma.by; identity=mailfrom; envelope-from="givi@orda.net"; helo=forward105j.mail.yandex.net; client-ip=5.45.198.248
Received: from forward105j.mail.yandex.net (forward105j.mail.yandex.net [5.45.198.248])
by relay.guma.by (Proxmox) with ESMTP id AEF7821452
for <nre@guma.by>; Wed, 25 Jan 2023 16:00:17 +0700 (+07)
Received: from sas1-bf48a613a597.qloud-c.yandex.net (sas1-bf48a613a597.qloud-c.yandex.net [IPv6:2a02:6b8:c14:3327:0:640:bf48:a613])
by forward105j.mail.yandex.net (Yandex) with ESMTP id 5C8064EC9884
for <nre@guma.by>; Wed, 25 Jan 2023 12:00:17 +0300 (MSK)
Received: from mail.yandex.ru (mail.yandex.ru [2a03:d000:6402:b0de:a05f:ec9a:add1:4a92])
by sas1-bf48a613a597.qloud-c.yandex.net (mxback/Yandex) with HTTP id F0LeWI0VSW21-j5JkeOMT;
Wed, 25 Jan 2023 12:00:17 +0300
X-Yandex-Fwd: 1
Authentication-Results: sas1-bf48a613a597.qloud-c.yandex.net; dkim=pass
Received: by wjdchmct5l2sqvhb.sas.yp-c.yandex.net with HTTP;
Wed, 25 Jan 2023 12:00:17 +0300
From:
=?utf-8?B?0J3QtdGB0YLQtdGA0L7QsiDQoNGD0YHQu9Cw0L0g0JXQstCz0LXQvdGM0LXQstC40Yc=?=
<givi@orda.net>
To: <nre@guma.by>
MIME-Version: 1.0
X-Mailer: Yamail [ http://yandex.ru ] 5.0
Date: Wed, 25 Jan 2023 16:00:17 +0700
Message-ID: <2633151674637217@wjdchmct5l2sqvhb.sas.yp-c.yandex.net>
Content-Type: text/plain
X-SPAM-LEVEL: Spam detection results: 2
AWL -2.041 Adjusted score from AWL reputation of From: address
EMPTY_MESSAGE 2.344 Message appears to have no textual parts
KAM_BLANKSUBJECT 0.25 Message has a blank Subject
KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment
MISSING_SUBJECT 1.767 Missing Subject: header
RCVD_IN_MSPIKE_H2 -0.001 Average reputation (+2)
SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record
SPF_PASS -0.001 SPF: sender matches SPF record
Return-Path: givi@orda.net
X-MS-Exchange-Organization-Network-Message-Id: 4c5ffaa1-51d9-4800-a4a9-08dafeb29572
X-MS-Exchange-Organization-AuthSource: EX1.guma.by
X-MS-Exchange-Organization-AuthAs: Anonymous
X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.1590463
X-MS-Exchange-Processed-By-BccFoldering: 15.01.2507.016

Jan 25 16:09:59 relay postfix/smtpd[710483]: connect from forward104o.mail.yandex.net[37.140.190.179]

Jan 25 16:09:59 relay postfix/smtpd[710483]: A4D432143B: client=forward104o.mail.yandex.net[37.140.190.179]

Jan 25 16:09:59 relay postfix/cleanup[710345]: A4D432143B: message-id=<4908441674637799@xs3ef5pge24bajlc.myt.yp-c.yandex.net>

Jan 25 16:09:59 relay postfix/qmgr[696815]: A4D432143B: from=<givi@orda.net>, size=1698, nrcpt=1 (queue active)

Jan 25 16:09:59 relay postfix/smtpd[710483]: disconnect from forward104o.mail.yandex.net[37.140.190.179] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5

Jan 25 16:09:59 relay pmg-smtp-filter[710795]: 2144763D0F1E7BE82B: new mail message-id=<4908441674637799@xs3ef5pge24bajlc.myt.yp-c.yandex.net>#012

Jan 25 16:10:04 relay pmg-smtp-filter[710795]: 2144763D0F1E7BE82B: SA score=1/5 time=4.174 bayes=undefined autolearn=no autolearn_force=no hits=AWL(-1.033),HTML_MESSAGE(0.001),HTML_MIME_NO_HTML_TAG(0.635),KAM_BLANKSUBJECT(0.25),KAM_DMARC_STATUS(0.01),MIME_HTML_ONLY(0.1),MISSING_SUBJECT(1.767),RCVD_IN_MSPIKE_H2(-0.001),SPF_HELO_NONE(0.001),SPF_PASS(-0.001)

Jan 25 16:10:04 relay postfix/smtpd[710644]: connect from localhost.localdomain[127.0.0.1]

Jan 25 16:10:04 relay postfix/smtpd[710644]: 034EC213CC: client=localhost.localdomain[127.0.0.1], orig_client=forward104o.mail.yandex.net[37.140.190.179]

Jan 25 16:10:04 relay postfix/cleanup[710347]: 034EC213CC: message-id=<4908441674637799@xs3ef5pge24bajlc.myt.yp-c.yandex.net>

Jan 25 16:10:04 relay postfix/qmgr[696815]: 034EC213CC: from=<givi@orda.net>, size=2622, nrcpt=1 (queue active)

Jan 25 16:10:04 relay postfix/smtpd[710644]: disconnect from localhost.localdomain[127.0.0.1] ehlo=1 xforward=1 mail=1 rcpt=1 data=1 commands=5

Jan 25 16:10:04 relay pmg-smtp-filter[710795]: 2144763D0F1E7BE82B: accept mail to <nre@guma.by> (034EC213CC) (rule: default-accept)

Jan 25 16:10:04 relay pmg-smtp-filter[710795]: 2144763D0F1E7BE82B: processing time: 4.285 seconds (4.174, 0.032, 0)

Jan 25 16:10:04 relay postfix/lmtp[708855]: A4D432143B: to=<nre@guma.by>, relay=127.0.0.1[127.0.0.1]:10024, delay=4.4, delays=0.07/0/0.04/4.3, dsn=2.5.0, status=sent (250 2.5.0 OK (2144763D0F1E7BE82B))

Jan 25 16:10:04 relay postfix/qmgr[696815]: A4D432143B: removed

Jan 25 16:10:04 relay postfix/smtp[710645]: 034EC213CC: to=<nre@guma.by>, relay=192.168.55.170[192.168.55.170]:25, delay=0.19, delays=0.05/0/0/0.13, dsn=2.6.0, status=sent (250 2.6.0 <4908441674637799@xs3ef5pge24bajlc.myt.yp-c.yandex.net> [InternalId=8061653615123, Hostname=EX2.guma.by] 3927 bytes in 0.119, 32.140 KB/sec Queued mail for delivery)

Jan 25 16:10:04 relay postfix/qmgr[696815]: 034EC213CC: removed

If you specify words in the subject in the conditions, the rule works out

Jan 25 15:34:11 relay postfix/smtpd[708372]: connect from forward106j.mail.yandex.net[5.45.198.249]
Jan 25 15:34:11 relay postfix/smtpd[708372]: 34839213E1: client=forward106j.mail.yandex.net[5.45.198.249]
Jan 25 15:34:11 relay postfix/cleanup[708493]: 34839213E1: message-id=<2504901674635645@2kmipagb6w7jjvhg.sas.yp-c.yandex.net>
Jan 25 15:34:11 relay postfix/qmgr[696815]: 34839213E1: from=<givi@orda.net>, size=1711, nrcpt=1 (queue active)
Jan 25 15:34:11 relay postfix/smtpd[708372]: disconnect from forward106j.mail.yandex.net[5.45.198.249] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5
Jan 25 15:34:11 relay pmg-smtp-filter[708532]: 2142863D0E9837C570: new mail message-id=<2504901674635645@2kmipagb6w7jjvhg.sas.yp-c.yandex.net>#012
Jan 25 15:34:12 relay pmg-smtp-filter[708532]: 2142863D0E9837C570: SA score=0/5 time=0.700 bayes=undefined autolearn=ham autolearn_force=no hits=AWL(-1.087),HTML_MESSAGE(0.001),HTML_MIME_NO_HTML_TAG(0.635),KAM_DMARC_STATUS(0.01),MIME_HTML_ONLY(0.1),RCVD_IN_DNSWL_LOW(-0.7),RCVD_IN_MSPIKE_H2(-0.001),SPF_HELO_NONE(0.001),SPF_PASS(-0.001)
Jan 25 15:34:12 relay pmg-smtp-filter[708532]: 2142863D0E9837C570: notify <givi@orda.net> (rule: Empty Subject Reject, 4AF8421436)
Jan 25 15:34:12 relay pmg-smtp-filter[708532]: 2142863D0E9837C570: block mail to <nre@guma.by> (rule: Empty Subject Reject)
Jan 25 15:34:12 relay pmg-smtp-filter[708532]: 2142863D0E9837C570: processing time: 0.844 seconds (0.7, 0.066, 0)
Jan 25 15:34:12 relay postfix/lmtp[707623]: 34839213E1: to=<nre@guma.by>, relay=127.0.0.1[127.0.0.1]:10024, delay=1.2, delays=0.08/0/0.23/0.85, dsn=2.7.0, status=sent (250 2.7.0 BLOCKED (2142863D0E9837C570))
Jan 25 15:34:12 relay postfix/qmgr[696815]: 34839213E1: removed

If Subject =^$, also does not work
 

Attachments

  • rule.png
    rule.png
    8.7 KB · Views: 31
  • what.png
    what.png
    7.9 KB · Views: 30
I don't have the rule coding, but you would create the spamassasin rule to look for an empty/blank subject and add it to
/etc/mail/spamassassin/custom.cf Which is where you place your custom rules.

Now if you have never done this and not comfortable, I get it, but thats the only way to add specialized control / rules, I use that with certain types of spam I'm trying to block.

NOTE: I'm not sure thats a good thing to block as I get many legit users ( not people very technical ) sending blank subjects.

Here is a page that has a couple of examples of the rule, but MAKE SURE YOU TEST... otherwise you may be rejecting more than you want.

https://users.spamassassin.apache.narkive.com/03kxVet4/empty-subject-suspected-as-spam
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom