[SOLVED] Block outgoing mail as spam

M

mazaamahesh

New Member
Proxmox Subscriber
May 28, 2024
21
1
3
India
My few clients emails got blocked by PMG as follow rules

Spam detection results: 3
AWL -3.461 Adjusted score from AWL reputation of From: address
BAYES_00 -1.9 Bayes spam probability is 0 to 1%
DEAR_SOMETHING 1.973 Contains 'Dear (something)'
DKIM_INVALID 0.1 DKIM or DK signature exists, but is not valid
DKIM_SIGNED 0.1 Message has a DKIM or DK signature, not necessarily valid
DMARC_REJECT 0.1 DMARC reject policy
HTML_MESSAGE 0.001 HTML included in message
KAM_DMARC_REJECT 6 DKIM has Failed or SPF has failed on the message and the domain has a DMARC reject policy
KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment
POISEN_SPAM_PILL 0.1 Meta: its spam
POISEN_SPAM_PILL_1 0.1 random spam to be learned in bayes
POISEN_SPAM_PILL_3 0.1 random spam to be learned in bayes
SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record
T_FILL_THIS_FORM_SHORT 0.01 Fill in a short form with personal information
T_SPF_TEMPERROR 0.01 SPF: test of record failed (temperror)

I have changed custom score as "DEAR_SOMETHING" to 1.000 and "KAM_DMARC_REJECT" to 4 but still it is showing the default score. I restarted the PMG after making changes in custom score.

please help me with this.
 

Attachments

  • Screenshot 2024-07-24 at 9.51.24 PM.jpg
    Screenshot 2024-07-24 at 9.51.24 PM.jpg
    31.2 KB · Views: 6
2024-07-29T13:35:08.435358+05:30 Servername postfix/qmgr[25333]: 32C771008FF: from=<postmaster@proxmoxserver.com>, size=6775109, nrcpt=1 (queue active)
2024-07-29T13:35:08.435723+05:30 Servername postfix/smtpd[28171]: disconnect from localhost.localdomain[127.0.0.1] ehlo=1 mail=1 rcpt=1 data=1 commands=4
2024-07-29T13:35:08.435825+05:30 Servername pmg-smtp-filter[28002]: 10076A66A74D2BC8EA5: notify <sender@senderdomain.com> (rule: Block outgoing Spam (Level 3), 32C771008FF)
2024-07-29T13:35:08.435933+05:30 Servername pmg-smtp-filter[28002]: 10076A66A74D2BC8EA5: block mail to <receiver@reciverdomain.com> (rule: Block outgoing Spam (Level 3))
2024-07-29T13:35:08.446812+05:30 Servername pmg-smtp-filter[28002]: 10076A66A74D2BC8EA5: processing time: 8.497 seconds (6.808, 1.034, 0)
2024-07-29T13:35:08.453867+05:30 Servername postfix/lmtp[28166]: DB64E100609: to=<receiver@reciverdomain.com>, relay=127.0.0.1[127.0.0.1]:10023, delay=9.6, delays=0.86/0.01/0.06/8.6, dsn=5.7.1, status=bounced (host 127.0.0.1[127.0.0.1] said: 554 5.7.1 Rejected for policy reasons (10076A66A74D2BC8EA5) (in reply to end of DATA command))
2024-07-29T13:35:08.455779+05:30 Servername postfix/cleanup[28165]: 6F077100906: message-id=<20240729080508.6F077100906@sername.proxmoxserver.com>
2024-07-29T13:35:08.457304+05:30 Servername postfix/bounce[28178]: DB64E100609: sender non-delivery notification: 6F077100906
2024-07-29T13:35:08.458420+05:30 Servername postfix/qmgr[25333]: 6F077100906: from=<>, size=3937, nrcpt=1 (queue active)
2024-07-29T13:35:08.459380+05:30 Servername postfix/qmgr[25333]: DB64E100609: removed
2024-07-29T13:35:08.492426+05:30 Servername postfix/smtp[28173]: Untrusted TLS connection established to mail.senderdomain.com[senderdomain IP]:25: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
2024-07-29T13:35:08.610927+05:30 Servername postfix/smtp[28189]: Untrusted TLS connection established to mail.senderdomain.com[senderdomain IP]:25: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
2024-07-29T13:35:08.618656+05:30 Servername postfix/smtp[28189]: 6F077100906: to=<sender@senderdomain.com>, relay=mail. senderdomain.com[103.123.74.175]:25, delay=0.16, delays=0/0.1/0.06/0.01, dsn=2.0.0, status=sent (250 Requested mail action okay, completed)
2024-07-29T13:35:08.619342+05:30 ironmail postfix/qmgr[25333]: 6F077100906: removed
 
Hi,

Please post the part of log relate to your issue, especially lines containing "SA score=..."
 
2024-07-29T13:35:07.957910+05:30 servername pmg-smtp-filter[28002]: 10076A66A74D2BC8EA5: SA score=4/5 time=6.808 bayes=0.00 autolearn=no autolearn_force=no hits=AWL(-2.913),BAYES_00(-1.9),DEAR_SOMETHING(1.973),DKIM_INVALID(0.1),DKIM_SIGNED(0.1),DMARC_PASS(-0.1),GB_BADJS(4),HTML_MESSAGE(0.001),HTML_TAG_BALANCE_BODY(0.1),KAM_DMARC_STATUS(0.01),MANY_SPAN_IN_TEXT(1),MIME_HTML_MOSTLY(0.1),NUMERIC_HTTP_ADDR(1.242),SPF_HELO_NONE(0.001),SPF_PASS(-0.001),SUBJ_ALL_CAPS(0.5),T_HTML_ATTACH(0.01)
 
Hi,

I do not see rule 'DEAR_SOMETHING' & 'KAM_DMARC_REJECT' in your log, please post logs related to them.
 
It is already there. I dont want to give you old logs

2024-07-28T10:39:53.488774+05:30 servername pmg-smtp-filter[10294]: 10029866A5D29C807C8: SA score=3/5 time=4.403 bayes=0.00 autolearn=no autolearn_force=no hits=AWL(-3.555),BAYES_00(-1.9),DEAR_SOMETHING(1.973),DMARC_REJECT(0.1),HTML_MESSAGE(0.001),KAM_DMARC_REJECT(6),KAM_DMARC_STATUS(0.01),SPF_HELO_NONE(0.001),SUBJ_ALL_CAPS(0.5),T_SPF_TEMPERROR(0.01)

2024-07-29T13:35:07.957910+05:30 servername pmg-smtp-filter[28002]: 10076A66A74D2BC8EA5: SA score=4/5 time=6.808 bayes=0.00 autolearn=no autolearn_force=no hits=AWL(-2.913),BAYES_00(-1.9),DEAR_SOMETHING(1.973),DKIM_INVALID(0.1),DKIM_SIGNED(0.1),DMARC_PASS(-0.1),GB_BADJS(4),HTML_MESSAGE(0.001),HTML_TAG_BALANCE_BODY(0.1),KAM_DMARC_STATUS(0.01),MANY_SPAN_IN_TEXT(1),MIME_HTML_MOSTLY(0.1),NUMERIC_HTTP_ADDR(1.242),SPF_HELO_NONE(0.001),SPF_PASS(-0.001),SUBJ_ALL_CAPS(0.5),T_HTML_ATTACH(0.01)
 
Hi,

My mistake, this is really strange. Please show result of this command
Code: 
cat /etc/mail/spamassassin/pmg-scores.cf | grep -e 'DEAR_SOMETHING' -e 'KAM_DMARC_REJECT'
 
Hi,

Seem your custom score did not write to file /etc/mail/spamassassin/pmg-scores.cf, so it was not working. Please try remove old custom score from PMG UI then try add it again. Your new score must be write to file /etc/mail/spamassassin/pmg-scores.cf

P/S: Try step by step:
First remove old custom score, then:
Screenshot_15.png

then:
Screenshot_13.png

then:
Screenshot_14.png

After that, ensure new score is actived:
Code: 
cat /etc/mail/spamassassin/pmg-scores.cf | grep -e 'DEAR_SOMETHING' -e 'KAM_DMARC_REJECT'
 
Last edited:
  • Like
Reactions: mazaamahesh
Yes
I only created the rules. I did not "apply custom scores"
Sorry I never check that option.
Thanks mbrother.
now I run the "cat /etc/mail/spamassassin/pmg-scores.cf | grep -e 'DEAR_SOMETHING' -e 'KAM_DMARC_REJECT'"
I got the following reply.
score DEAR_SOMETHING 1.000
score KAM_DMARC_REJECT 4.000
Thanks again Mbrother.
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back