Fehlerhaftes verhalten bei Spam Erkennung

M

Marcel Bachmann

New Member
Sep 19, 2024
2
0
1
Hallo zusammen,

ich habe testweise eine Regel erstellt um ZIP Dateien zu blockieren UND diese erstmal in Quarantäne zu schicken.
Laut Log und E-Mail funktioniert das auch. Ich kann diese in der GUI aber nicht finden hier der Logauszug:

Nov 21 11:55:04 pmg postfix/postscreen[393663]: CONNECT from [192.*****]:57080 to [192.168.****]:25
Nov 21 11:55:04 pmg postfix/postscreen[393663]: WHITELISTED [192.*****]:57080
Nov 21 11:55:04 pmg postfix/postscreen[393663]: using backwards-compatible default setting respectful_logging=no for client [192.*****]:57080
Nov 21 11:55:04 pmg postfix/smtpd[393664]: connect from unknown[192.*****]
Nov 21 11:55:04 pmg postfix/smtpd[393664]: 94EC03F05E: client=unknown[192.*****]
Nov 21 11:55:04 pmg postfix/cleanup[393666]: 94EC03F05E: message-id=<CABZDrkB-_pr=KjbNJfUkNppZX10H97MV4mVwjQQfT7z60jut2A@mail.gmail.com>
Nov 21 11:55:04 pmg postfix/smtpd[393664]: disconnect from unknown[192.*****] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5
Nov 21 11:55:04 pmg postfix/qmgr[202025]: 94EC03F05E: from=<mttransorder@gmail.com>, size=1230036, nrcpt=1 (queue active)
Nov 21 11:55:04 pmg pmg-smtp-filter[393196]: 2024/11/21-11:55:04 CONNECT TCP Peer: "[127.0.0.1]:45090" Local: "[127.0.0.1]:10024"
Nov 21 11:55:04 pmg pmg-smtp-filter[393196]: 3F181673F1188A548A: new mail message-id=<CABZDrkB-_pr=KjbNJfUkNppZX10H97MV4mVwjQQfT7z60jut2A@mail.gmail.com>
Nov 21 11:55:09 pmg postfix/postscreen[393663]: CONNECT from [192.*****]:57092 to [192.*****]:25
Nov 21 11:55:09 pmg postfix/postscreen[393663]: WHITELISTED [192.*****]:57092
Nov 21 11:55:09 pmg postfix/smtpd[393664]: connect from unknown[192.*****]
Nov 21 11:55:09 pmg postfix/smtpd[393664]: 919E03F190: client=unknown[192.*****]
Nov 21 11:55:09 pmg postfix/cleanup[393666]: 919E03F190: message-id=<BEVP281MB342236CEAEFB5D1E550A1C77E322*****81MB3422.DEUP281.PROD.OUTLOOK.COM>
Nov 21 11:55:09 pmg postfix/smtpd[393664]: disconnect from unknown[192.*****] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5
Nov 21 11:55:09 pmg postfix/qmgr[202025]: 919E03F190: from=<*****com>, size=85834, nrcpt=1 (queue active)
Nov 21 11:55:09 pmg pmg-smtp-filter[393520]: 2024/11/21-11:55:09 CONNECT TCP Peer: "[127.0.0.1]:40146" Local: "[127.0.0.1]:10024"
Nov 21 11:55:09 pmg pmg-smtp-filter[383713]: Starting "1" children
Nov 21 11:55:09 pmg pmg-smtp-filter[393520]: 3F135673F118D9E9DC: new mail message-id=<BEVP281MB342236CEAEFB5D1E550A1C77E3222@BEVP281MB3422.DEUP281.PROD.OUTLOOK.COM>
Nov 21 11:55:12 pmg pmg-smtp-filter[393196]: WARNING: check: dns_block_rule RCVD_IN_VALIDITY_SAFE_BLOCKED hit, creating /root/.spamassassin/dnsblock_sa-accredit.habeas.com (This means DNSBL blocked you due to too many queries. Set all affected rules score to 0, or use "dns_query_restriction deny sa-accredit.habeas.com" to disable queries)
Nov 21 11:55:12 pmg pmg-smtp-filter[393196]: WARNING: check: dns_block_rule RCVD_IN_DNSWL_BLOCKED hit, creating /root/.spamassassin/dnsblock_list.dnswl.org (This means DNSBL blocked you due to too many queries. Set all affected rules score to 0, or use "dns_query_restriction deny list.dnswl.org" to disable queries)
Nov 21 11:55:12 pmg pmg-smtp-filter[393196]: WARNING: check: dns_block_rule RCVD_IN_VALIDITY_CERTIFIED_BLOCKED hit, creating /root/.spamassassin/dnsblock_sa-trusted.bondedsender.org (This means DNSBL blocked you due to too many queries. Set all affected rules score to 0, or use "dns_query_restriction deny sa-trusted.bondedsender.org" to disable queries)
Nov 21 11:55:12 pmg pmg-smtp-filter[393196]: WARNING: check: dns_block_rule RCVD_IN_VALIDITY_RPBL_BLOCKED hit, creating /root/.spamassassin/dnsblock_bl.score.senderscore.com (This means DNSBL blocked you due to too many queries. Set all affected rules score to 0, or use "dns_query_restriction deny bl.score.senderscore.com" to disable queries)
Nov 21 11:55:12 pmg pmg-smtp-filter[393196]: 3F181673F1188A548A: SA score=1/5 time=5.102 bayes=undefined autolearn=disabled hits=DKIM_ADSP_CUSTOM_MED(0.001),DKIM_INVALID(0.1),DKIM_SIGNED(0.1),DMARC_NONE(0.1),FREEMAIL_FROM(0.001),HTML_MESSAGE(0.001),KAM_DMARC_NONE(0.25),KAM_DMARC_STATUS(0.01),KAM_NUMSUBJECT(0.5),RCVD_IN_DNSWL_BLOCKED(0.001),RCVD_IN_MSPIKE_H2(-0.001),RCVD_IN_VALIDITY_CERTIFIED_BLOCKED(0.001),RCVD_IN_VALIDITY_RPBL_BLOCKED(0.001),RCVD_IN_VALIDITY_SAFE_BLOCKED(0.001),SPF_HELO_NONE(0.001),T_FREEMAIL_DOC_PDF(0.01)
Nov 21 11:55:12 pmg postfix/smtpd[393683]: connect from localhost.localdomain[127.0.0.1]
Nov 21 11:55:12 pmg postfix/smtpd[393683]: E7B533F05F: client=localhost.localdomain[127.0.0.1], orig_client=unknown[192.*****]
Nov 21 11:55:12 pmg postfix/cleanup[393666]: E7B533F05F: message-id=<CABZDrkB-_pr=KjbN*****4mVwjQQfT7z60jut2A@mail.gmail.com>
Nov 21 11:55:13 pmg postfix/qmgr[202025]: E7B533F05F: from=<mttransorder@gmail.com>, size=1231979, nrcpt=1 (queue active)
Nov 21 11:55:13 pmg postfix/smtpd[393683]: disconnect from localhost.localdomain[127.0.0.1] ehlo=1 xforward=1 mail=1 rcpt=1 data=1 commands=5
Nov 21 11:55:13 pmg pmg-smtp-filter[393196]: 3F181673F1188A548A: accept mail to <*****.de> (E7B533F05F) (rule: default-accept)
Nov 21 11:55:13 pmg pmg-smtp-filter[393196]: 3F181673F1188A548A: processing time: 8.331 seconds (5.102, 3.109, 0)
Nov 21 11:55:13 pmg postfix/lmtp[393669]: 94EC03F05E: to=<*****.de>, relay=127.0.0.1[127.0.0.1]:10024, delay=8.4, delays=0.02/0.01/0.04/8.3, dsn=2.5.0, status=sent (250 2.5.0 OK (3F181673F1188A548A))
Nov 21 11:55:13 pmg postfix/qmgr[202025]: 94EC03F05E: removed
Nov 21 11:55:13 pmg postfix/smtp[393686]: E7B533F05F: to=<*****.de>, relay=192.*****[192.*****]:25, delay=0.25, delays=0.07/0.01/0/0.17, dsn=2.6.0, status=sent (250 2.6.0 <CABZDrkB-_pr=KjbNJfUkNppZX10H*****jQQfT7z60jut2A@mail.gmail.com> [InternalId=18567143621255, Hostname=*****.de] 1233314 bytes in 0.158, 7610,563 KB/sec Queued mail for delivery)
Nov 21 11:55:13 pmg postfix/qmgr[202025]: E7B533F05F: removed
Nov 21 11:55:15 pmg pmg-smtp-filter[393520]: WARNING: check: dns_block_rule URIBL_BLOCKED hit, creating /root/.spamassassin/dnsblock_multi.uribl.com (This means DNSBL blocked you due to too many queries. Set all affected rules score to 0, or use "dns_query_restriction deny multi.uribl.com" to disable queries)
Nov 21 11:55:15 pmg pmg-smtp-filter[393520]: 3F135673F118D9E9DC: SA score=0/5 time=5.137 bayes=undefined autolearn=disabled hits=ARC_SIGNED(0.001),ARC_VALID(0.001),AWL(0.044),DKIM_SIGNED(0.1),DKIM_VALID(-0.1),DKIM_VALID_AU(-0.1),DKIM_VALID_EF(-0.1),DMARC_PASS(-0.1),HTML_MESSAGE(0.001),RCVD_IN_DNSWL_BLOCKED(0.001),RCVD_IN_VALIDITY_CERTIFIED_BLOCKED(0.001),RCVD_IN_VALIDITY_RPBL_BLOCKED(0.001),RCVD_IN_VALIDITY_SAFE_BLOCKED(0.001),SPF_HELO_NONE(0.001),T_FILL_THIS_FORM_SHORT(0.01),URIBL_BLOCKED(0.001)
Nov 21 11:55:15 pmg postfix/smtpd[393683]: connect from localhost.localdomain[127.0.0.1]
Nov 21 11:55:15 pmg postfix/smtpd[393683]: 0CFB43F22E: client=localhost.localdomain[127.0.0.1]
Nov 21 11:55:15 pmg postfix/cleanup[393666]: 0CFB43F22E: message-id=<20241121105515.0CFB43F22E@pmg.*****.de>
Nov 21 11:55:15 pmg postfix/qmgr[202025]: 0CFB43F22E: from=<postmaster@*****.de>, size=2794, nrcpt=1 (queue active)
Nov 21 11:55:15 pmg postfix/smtpd[393683]: disconnect from localhost.localdomain[127.0.0.1] ehlo=1 mail=1 rcpt=1 data=1 commands=4
Nov 21 11:55:15 pmg pmg-smtp-filter[393520]: 3F135673F118D9E9DC: notify <*****.de> (rule: ZIP, 0CFB43F22E)
Nov 21 11:55:15 pmg pmg-smtp-filter[393520]: 3F135673F118D9E9DC: moved mail for <*****.de> to spam quarantine - 3F191673F119317A4C (rule: ZIP)
Nov 21 11:55:15 pmg pmg-smtp-filter[393520]: 3F135673F118D9E9DC: processing time: 5.452 seconds (5.137, 0.232, 0)
Nov 21 11:55:15 pmg postfix/lmtp[393676]: 919E03F190: to=<*****.de>, relay=127.0.0.1[127.0.0.1]:10024, delay=5.5, delays=0/0.01/0.04/5.5, dsn=2.5.0, status=sent (250 2.5.0 OK (3F135673F118D9E9DC))
Nov 21 11:55:15 pmg postfix/qmgr[202025]: 919E03F190: removed
Nov 21 11:55:15 pmg postfix/smtp[393686]: 0CFB43F22E: to=<*****.de>, relay=192.*****[192.*****]:25, delay=0.16, delays=0.04/0/0/0.11, dsn=2.6.0, status=sent (250 2.6.0 <20241121105515.0CFB43F22E@*****.de> [InternalId=18567143621257, Hostname=*****.de] 4133 bytes in 0.102, 39,418 KB/sec Queued mail for delivery)
Nov 21 11:55:15 pmg postfix/qmgr[202025]: 0CFB43F22E: removed
Nov 21 11:55:45 pmg pmg-smtp-filter[383713]: Killing "1" children
Nov 21 11:55:45 pmg pmg-smtp-filter[383713]: starting database maintenance
Nov 21 11:55:45 pmg pmg-smtp-filter[383713]: end database maintenance (15 ms)
Die Rule sieht so aus:
AKTIONSOBJEKTE-> Block, Notify Admin, Quarantine, WAS-> ZIP FILES
Im Ordner Anhangs-Quarantäne ist aber nix zu sehen. Was läuft hier falsch.
 
Last edited:
Marcel Bachmann said:
Im Ordner Anhangs-Quarantäne ist aber nix zu sehen. Was läuft hier falsch
Click to expand...
Marcel Bachmann said:
Nov 21 11:55:15 pmg pmg-smtp-filter[393520]: 3F135673F118D9E9DC: moved mail for <*****.de> to spam quarantine - 3F191673F119317A4C (rule: ZIP)
Click to expand...

siehe https://pmg.proxmox.com/pmg-docs/pmg-admin-guide.html#pmg_mailfilter_action

die Quarantine action verschiebt die mails nicht in die Attachment-quarantaene, das macht eine Remove Attachment Action (bei der "Copy original mail to Attachment Quarantine" aktiv ist)

Ich hoffe das erklärt es.
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom