[SOLVED] Block outgoing mail as spam

[mazaamahesh]

My few clients emails got blocked by PMG as follow rules

Spam detection results: 3
AWL -3.461 Adjusted score from AWL reputation of From: address
BAYES_00 -1.9 Bayes spam probability is 0 to 1%
DEAR_SOMETHING 1.973 Contains 'Dear (something)'
DKIM_INVALID 0.1 DKIM or DK signature exists, but is not valid
DKIM_SIGNED 0.1 Message has a DKIM or DK signature, not necessarily valid
DMARC_REJECT 0.1 DMARC reject policy
HTML_MESSAGE 0.001 HTML included in message
KAM_DMARC_REJECT 6 DKIM has Failed or SPF has failed on the message and the domain has a DMARC reject policy
KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment
POISEN_SPAM_PILL 0.1 Meta: its spam
POISEN_SPAM_PILL_1 0.1 random spam to be learned in bayes
POISEN_SPAM_PILL_3 0.1 random spam to be learned in bayes
SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record
T_FILL_THIS_FORM_SHORT 0.01 Fill in a short form with personal information
T_SPF_TEMPERROR 0.01 SPF: test of record failed (temperror)

I have changed custom score as "DEAR_SOMETHING" to 1.000 and "KAM_DMARC_REJECT" to 4 but still it is showing the default score. I restarted the PMG after making changes in custom score.

please help me with this.

 

[mbrother]

Hi @mazaamahesh ,
Please try to use this command then try again:

systemctl restart pmg-smtp-filter

Hope this help!

 

[mazaamahesh]

Done this already even rebooted the server but no success.

 

[mbrother]

Hi,

Please show mail log on your server.

 

[mazaamahesh]

Hi,

Please show mail log on your server.

Thanks for the reply, can you please specific? do you want "/var/log/mail.log" logs? I am new in proxmox.

 

[mbrother]

Hi,

That's it!

 

[mazaamahesh]

2024-07-29T13:35:08.435358+05:30 Servername postfix/qmgr[25333]: 32C771008FF: from=<postmaster@proxmoxserver.com>, size=6775109, nrcpt=1 (queue active)
2024-07-29T13:35:08.435723+05:30 Servername postfix/smtpd[28171]: disconnect from localhost.localdomain[127.0.0.1] ehlo=1 mail=1 rcpt=1 data=1 commands=4
2024-07-29T13:35:08.435825+05:30 Servername pmg-smtp-filter[28002]: 10076A66A74D2BC8EA5: notify <sender@senderdomain.com> (rule: Block outgoing Spam (Level 3), 32C771008FF)
2024-07-29T13:35:08.435933+05:30 Servername pmg-smtp-filter[28002]: 10076A66A74D2BC8EA5: block mail to <receiver@reciverdomain.com> (rule: Block outgoing Spam (Level 3))
2024-07-29T13:35:08.446812+05:30 Servername pmg-smtp-filter[28002]: 10076A66A74D2BC8EA5: processing time: 8.497 seconds (6.808, 1.034, 0)
2024-07-29T13:35:08.453867+05:30 Servername postfix/lmtp[28166]: DB64E100609: to=<receiver@reciverdomain.com>, relay=127.0.0.1[127.0.0.1]:10023, delay=9.6, delays=0.86/0.01/0.06/8.6, dsn=5.7.1, status=bounced (host 127.0.0.1[127.0.0.1] said: 554 5.7.1 Rejected for policy reasons (10076A66A74D2BC8EA5) (in reply to end of DATA command))
2024-07-29T13:35:08.455779+05:30 Servername postfix/cleanup[28165]: 6F077100906: message-id=<20240729080508.6F077100906@sername.proxmoxserver.com>
2024-07-29T13:35:08.457304+05:30 Servername postfix/bounce[28178]: DB64E100609: sender non-delivery notification: 6F077100906
2024-07-29T13:35:08.458420+05:30 Servername postfix/qmgr[25333]: 6F077100906: from=<>, size=3937, nrcpt=1 (queue active)
2024-07-29T13:35:08.459380+05:30 Servername postfix/qmgr[25333]: DB64E100609: removed
2024-07-29T13:35:08.492426+05:30 Servername postfix/smtp[28173]: Untrusted TLS connection established to mail.senderdomain.com[senderdomain IP]:25: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
2024-07-29T13:35:08.610927+05:30 Servername postfix/smtp[28189]: Untrusted TLS connection established to mail.senderdomain.com[senderdomain IP]:25: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
2024-07-29T13:35:08.618656+05:30 Servername postfix/smtp[28189]: 6F077100906: to=<sender@senderdomain.com>, relay=mail. senderdomain.com[103.123.74.175]:25, delay=0.16, delays=0/0.1/0.06/0.01, dsn=2.0.0, status=sent (250 Requested mail action okay, completed)
2024-07-29T13:35:08.619342+05:30 ironmail postfix/qmgr[25333]: 6F077100906: removed

 

[mbrother]

Hi,

Please post the part of log relate to your issue, especially lines containing "SA score=..."

 

[mazaamahesh]

2024-07-29T13:35:07.957910+05:30 servername pmg-smtp-filter[28002]: 10076A66A74D2BC8EA5: SA score=4/5 time=6.808 bayes=0.00 autolearn=no autolearn_force=no hits=AWL(-2.913),BAYES_00(-1.9),DEAR_SOMETHING(1.973),DKIM_INVALID(0.1),DKIM_SIGNED(0.1),DMARC_PASS(-0.1),GB_BADJS(4),HTML_MESSAGE(0.001),HTML_TAG_BALANCE_BODY(0.1),KAM_DMARC_STATUS(0.01),MANY_SPAN_IN_TEXT(1),MIME_HTML_MOSTLY(0.1),NUMERIC_HTTP_ADDR(1.242),SPF_HELO_NONE(0.001),SPF_PASS(-0.001),SUBJ_ALL_CAPS(0.5),T_HTML_ATTACH(0.01)

 

[mbrother]

Hi,

I do not see rule 'DEAR_SOMETHING' & 'KAM_DMARC_REJECT' in your log, please post logs related to them.

 

[mazaamahesh]

It is already there. I dont want to give you old logs

2024-07-28T10:39:53.488774+05:30 servername pmg-smtp-filter[10294]: 10029866A5D29C807C8: SA score=3/5 time=4.403 bayes=0.00 autolearn=no autolearn_force=no hits=AWL(-3.555),BAYES_00(-1.9),DEAR_SOMETHING(1.973),DMARC_REJECT(0.1),HTML_MESSAGE(0.001),KAM_DMARC_REJECT(6),KAM_DMARC_STATUS(0.01),SPF_HELO_NONE(0.001),SUBJ_ALL_CAPS(0.5),T_SPF_TEMPERROR(0.01)

2024-07-29T13:35:07.957910+05:30 servername pmg-smtp-filter[28002]: 10076A66A74D2BC8EA5: SA score=4/5 time=6.808 bayes=0.00 autolearn=no autolearn_force=no hits=AWL(-2.913),BAYES_00(-1.9),DEAR_SOMETHING(1.973),DKIM_INVALID(0.1),DKIM_SIGNED(0.1),DMARC_PASS(-0.1),GB_BADJS(4),HTML_MESSAGE(0.001),HTML_TAG_BALANCE_BODY(0.1),KAM_DMARC_STATUS(0.01),MANY_SPAN_IN_TEXT(1),MIME_HTML_MOSTLY(0.1),NUMERIC_HTTP_ADDR(1.242),SPF_HELO_NONE(0.001),SPF_PASS(-0.001),SUBJ_ALL_CAPS(0.5),T_HTML_ATTACH(0.01)

 

[mbrother]

Hi,

My mistake, this is really strange. Please show result of this command

cat /etc/mail/spamassassin/pmg-scores.cf | grep -e 'DEAR_SOMETHING' -e 'KAM_DMARC_REJECT'

 

[mazaamahesh]

It's ok mbrother. I though I am not able to provide you correct logs. I am new in PMG.

I run the above command and I got in return nothing.

 

[mbrother]

Hi,

Seem your custom score did not write to file /etc/mail/spamassassin/pmg-scores.cf, so it was not working. Please try remove old custom score from PMG UI then try add it again. Your new score must be write to file /etc/mail/spamassassin/pmg-scores.cf

P/S: Try step by step:
First remove old custom score, then:


then:


then:


After that, ensure new score is actived:

cat /etc/mail/spamassassin/pmg-scores.cf | grep -e 'DEAR_SOMETHING' -e 'KAM_DMARC_REJECT'

 

[mazaamahesh]

Yes
I only created the rules. I did not "apply custom scores"
Sorry I never check that option.
Thanks mbrother.
now I run the "cat /etc/mail/spamassassin/pmg-scores.cf | grep -e 'DEAR_SOMETHING' -e 'KAM_DMARC_REJECT'"
I got the following reply.
score DEAR_SOMETHING 1.000
score KAM_DMARC_REJECT 4.000
Thanks again Mbrother.

 

[mbrother]

Hi,
You're welcome!