Dangerous mail

A

Ali-istif

Active Member
Proxmox Subscriber
Oct 1, 2020
68
3
28
43
Hi,
Below, e-mails from people we do not know are sent directly to our mailbox.
This e-mail is suspicious. How can we prevent such e-mails?
We do not have such a customer and such an invoice.
Are there any viruses in such emails?
can you help me?
1622537874481.png
 
Are you currently using PMG?
If yes please share the logs of this mail from PMG - then we can maybe see what's specific about it.
 
Hi,
yes we are using PMG.
you can check the below detail.
Jun 1 11:34:55 mailgateway postfix/smtpd[24170]: connect from mail-vi1eur05olkn2048.outbound.protection.outlook.com[40.92.90.48]
Jun 1 11:34:56 mailgateway postfix/smtpd[24170]: 061EA3802E6: client=mail-vi1eur05olkn2048.outbound.protection.outlook.com[40.92.90.48]
Jun 1 11:34:56 mailgateway postfix/cleanup[24159]: 061EA3802E6: message-id=<AM8P194MB154503AB3E9751CB60C966A7D53E9@AM8P194MB1545.EURP194.PROD.OUTLOOK.COM>
Jun 1 11:34:56 mailgateway postfix/qmgr[926]: 061EA3802E6: from=<hocaahmetgunes@hotmail.com>, size=102631, nrcpt=1 (queue active)
Jun 1 11:34:56 mailgateway pmg-smtp-filter[24064]: 3804EA60B5F1304441A: new mail message-id=<AM8P194MB154503AB3E9751CB60C966A7D53E9@AM8P194MB1545.EURP194.PROD.OUTLOOK.COM>#012
Jun 1 11:34:56 mailgateway postfix/smtpd[24170]: disconnect from mail-vi1eur05olkn2048.outbound.protection.outlook.com[40.92.90.48] ehlo=2 starttls=1 mail=1 rcpt=1 bdat=1 quit=1 commands=7
Jun 1 11:34:59 mailgateway pmg-smtp-filter[24064]: 3804EA60B5F1304441A: SA score=0/5 time=3.370 bayes=0.00 autolearn=no autolearn_force=no hits=BAYES_00(-1.9),DKIM_SIGNED(0.1),DKIM_VALID(-0.1),DKIM_VALID_AU(-0.1),DKIM_VALID_EF(-0.1),FREEMAIL_FROM(0.001),HTML_MESSAGE(0.001),RCVD_IN_DNSWL_NONE(-0.0001),RCVD_IN_MSPIKE_H2(-0.001),SPF_HELO_PASS(-0.001),SPF_PASS(-0.001),SUBJ_ALL_CAPS(0.5),T_HTML_ATTACH(0.01),T_REMOTE_IMAGE(0.01),T_TVD_MIME_NO_HEADERS(0.01),URI_TRUNCATED(0.001)
Jun 1 11:34:59 mailgateway postfix/smtpd[23875]: connect from localhost.localdomain[127.0.0.1]
Jun 1 11:34:59 mailgateway postfix/smtpd[23875]: AE3833814FE: client=localhost.localdomain[127.0.0.1], orig_client=mail-vi1eur05olkn2048.outbound.protection.outlook.com[40.92.90.48]
Jun 1 11:34:59 mailgateway postfix/cleanup[24093]: AE3833814FE: message-id=<AM8P194MB154503AB3E9751CB60C966A7D53E9@AM8P194MB1545.EURP194.PROD.OUTLOOK.COM>
Jun 1 11:34:59 mailgateway postfix/qmgr[926]: AE3833814FE: from=<hocaahmetgunes@hotmail.com>, size=104029, nrcpt=1 (queue active)
Jun 1 11:34:59 mailgateway postfix/smtpd[23875]: disconnect from localhost.localdomain[127.0.0.1] ehlo=1 xforward=1 mail=1 rcpt=1 data=1 commands=5
Jun 1 11:34:59 mailgateway pmg-smtp-filter[24064]: 3804EA60B5F1304441A: accept mail to <zafer@xxxx.net> (AE3833814FE) (rule: default-accept)
Jun 1 11:34:59 mailgateway pmg-smtp-filter[24064]: 3804EA60B5F1304441A: processing time: 3.439 seconds (3.37, 0.05, 0)
Jun 1 11:34:59 mailgateway postfix/lmtp[24162]: 061EA3802E6: to=<zafer@xxxxx.net>, relay=127.0.0.1[127.0.0.1]:10024, delay=3.8, delays=0.31/0/0/3.4, dsn=2.5.0, status=sent (250 2.5.0 OK (3804EA60B5F1304441A))
Jun 1 11:34:59 mailgateway postfix/qmgr[926]: 061EA3802E6: removed
Jun 1 11:35:00 mailgateway postfix/smtp[23886]: AE3833814FE: to=<zafer@xxxxx.net>, relay=192.168.53.253[192.168.53.253]:25, delay=0.46, delays=0.01/0/0.01/0.44, dsn=2.6.0, status=sent (250 2.6.0 <AM8P194MB154503AB3E9751CB60C966A7D53E9@AM8P194MB1545.EURP194.PROD.OUTLOOK.COM> [InternalId=32401233281112, Hostname=EXCSRV1.nokta.local] 105816 bytes in 0.435, 237.336 KB/sec Queued mail for delivery)
Jun 1 11:35:00 mailgateway postfix/qmgr[926]: AE3833814FE: removed
 
One thing that you could consider is disabling Bayes (GUI->Configuration->Spam Detector->Options):
Ali-istif said:
BAYES_00(-1.9),
Click to expand...

That would add 1.9 to the mails result (which still not too high.
Else - if the message had some particular attachment you could filter the mail based on that in the Rule System (just add a fitting What Object)

Finally you can always block based on Sender

I hope this helps!
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom