Filtering with match fields: RegEx not working as expected

larsen

Active Member
Feb 28, 2020
157
18
38
Hi,

I have configured amongst other things these two rules:
Code:
Match field: Reply-To
Value: ^K2
for mails with Reply-To: K2 <ykfirxx@forestions.nl>
Code:
Match field: From
Value: ^Medizin-Shop
for mails with From: Medizin-Shop <iftiywr@alfasells.de>

Test string is ok using the part after "Reply-To: " and "From: ". I have other fields configured the same way where this is working fine.
I am using the caret sign to (hopefully) improve performance of the regex matching (as otherwise I have read there is no anchoring).
Though, mails with these headers pass through the spam filter.

What am I doing wrong? Do I have to explicitly use ".*" (which is not necessary when not using the caret sign)?
 
please post your `pmgversion -v`
additionally the source of such a mail so that i might have a chance to reproduce it
 
Code:
proxmox-mailgateway-container: 7.1-2 (API: 7.1-7/4d02e400, running kernel: 5.13.19-4-pve)
pmg-api: 7.1-7
pmg-gui: 3.1-3
clamav-daemon: 0.103.7+dfsg-0+deb11u1
ifupdown: residual config
ifupdown2: 3.1.0-1+pmx3
libarchive-perl: 3.4.0-1
libjs-extjs: 7.0.0-1
libjs-framework7: 4.4.7-1
libproxmox-acme-perl: 1.4.2
libproxmox-acme-plugins: 1.4.2
libpve-apiclient-perl: 3.2-1
libpve-common-perl: 7.2-2
libpve-http-server-perl: 4.1-3
libxdgmime-perl: 1.0-1
lvm2: not correctly installed
pmg-docs: 7.1-2
pmg-i18n: 2.7-2
pmg-log-tracker: 2.3.1-1
postgresql-13: 13.8-0+deb11u1
proxmox-mini-journalreader: 1.3-1
proxmox-spamassassin: 3.4.6-4
proxmox-widget-toolkit: 3.5.1
pve-xtermjs: 4.16.0-1

Would have to wait a few days for such a mail to come in again as spam gets deleted regularly and I have been on sick leave the last days.
But the important header is already posted above.

So, in general my regex should work?
 
works here - took the headers from pastebin ...
added the following rule (top priority to have a quick exit):

Code:
Found RULE 88 (prio: 100, in+out, active): testrule
  FOUND WHAT GROUP 166: frommatch
    OBJECT 317: From=^Medizin-Shop                  
  FOUND ACTION GROUP 157: Quarantine
    OBJECT 300: Move to quarantine.
 
sorry - should've mentioned that ...
it's the output of `pmgdb dump` (which gives you a representation of your ruleset)
 
any warnings/errors when you restart pmg-smtp-filter?

else - please try to temporarily put the Medizin-Shop part in a rule of it's own (with prio 82 and also action block) - that at least helps us narrow down the issue
 
Restart looks ok to me:
Code:
Sep 22 16:47:57 gateway pmg-smtp-filter[495614]: Process Backgrounded
Sep 22 16:47:57 gateway pmg-smtp-filter[495614]: 2022/09/22-16:47:57 main (type Net::Server::PreFork) starting! pid(495614)
Sep 22 16:47:57 gateway pmg-smtp-filter[495614]: Binding to TCP port 10023 on host 127.0.0.1 with IPv4
Sep 22 16:47:57 gateway pmg-smtp-filter[495614]: Binding to TCP port 10024 on host 127.0.0.1 with IPv4
Sep 22 16:47:57 gateway pmg-smtp-filter[495614]: Group Not Defined.  Defaulting to EGID '0'
Sep 22 16:47:57 gateway pmg-smtp-filter[495614]: User Not Defined.  Defaulting to EUID '0'
Sep 22 16:47:57 gateway pmg-smtp-filter[495614]: Setting up serialization via flock
Sep 22 16:47:57 gateway pmg-smtp-filter[495614]: Filter daemon (re)started (max. 40 processes)
Sep 22 16:48:01 gateway pmg-smtp-filter[495614]: Beginning prefork (2 processes)
Sep 22 16:48:01 gateway pmg-smtp-filter[495614]: Starting "2" children

Will separate the rule next...
 
Not sure, but I think there could have been quotation marks in the mails that were not filtered out (the first ones surely didn't have those). I have adapted the filter to ^"?Medizin-Shop"? and didn't get any more mails since a week, so I guess this should be ok.
 
Last edited: