Filtering with match fields: RegEx not working as expected

larsen

Active Member
Feb 28, 2020
155
15
38
Hi,

I have configured amongst other things these two rules:
Code:
Match field: Reply-To
Value: ^K2
for mails with Reply-To: K2 <ykfirxx@forestions.nl>
Code:
Match field: From
Value: ^Medizin-Shop
for mails with From: Medizin-Shop <iftiywr@alfasells.de>

Test string is ok using the part after "Reply-To: " and "From: ". I have other fields configured the same way where this is working fine.
I am using the caret sign to (hopefully) improve performance of the regex matching (as otherwise I have read there is no anchoring).
Though, mails with these headers pass through the spam filter.

What am I doing wrong? Do I have to explicitly use ".*" (which is not necessary when not using the caret sign)?
 
please post your `pmgversion -v`
additionally the source of such a mail so that i might have a chance to reproduce it
 
Code:
proxmox-mailgateway-container: 7.1-2 (API: 7.1-7/4d02e400, running kernel: 5.13.19-4-pve)
pmg-api: 7.1-7
pmg-gui: 3.1-3
clamav-daemon: 0.103.7+dfsg-0+deb11u1
ifupdown: residual config
ifupdown2: 3.1.0-1+pmx3
libarchive-perl: 3.4.0-1
libjs-extjs: 7.0.0-1
libjs-framework7: 4.4.7-1
libproxmox-acme-perl: 1.4.2
libproxmox-acme-plugins: 1.4.2
libpve-apiclient-perl: 3.2-1
libpve-common-perl: 7.2-2
libpve-http-server-perl: 4.1-3
libxdgmime-perl: 1.0-1
lvm2: not correctly installed
pmg-docs: 7.1-2
pmg-i18n: 2.7-2
pmg-log-tracker: 2.3.1-1
postgresql-13: 13.8-0+deb11u1
proxmox-mini-journalreader: 1.3-1
proxmox-spamassassin: 3.4.6-4
proxmox-widget-toolkit: 3.5.1
pve-xtermjs: 4.16.0-1

Would have to wait a few days for such a mail to come in again as spam gets deleted regularly and I have been on sick leave the last days.
But the important header is already posted above.

So, in general my regex should work?
 
works here - took the headers from pastebin ...
added the following rule (top priority to have a quick exit):

Code:
Found RULE 88 (prio: 100, in+out, active): testrule
  FOUND WHAT GROUP 166: frommatch
    OBJECT 317: From=^Medizin-Shop                  
  FOUND ACTION GROUP 157: Quarantine
    OBJECT 300: Move to quarantine.
 
sorry - should've mentioned that ...
it's the output of `pmgdb dump` (which gives you a representation of your ruleset)
 
any warnings/errors when you restart pmg-smtp-filter?

else - please try to temporarily put the Medizin-Shop part in a rule of it's own (with prio 82 and also action block) - that at least helps us narrow down the issue
 
Restart looks ok to me:
Code:
Sep 22 16:47:57 gateway pmg-smtp-filter[495614]: Process Backgrounded
Sep 22 16:47:57 gateway pmg-smtp-filter[495614]: 2022/09/22-16:47:57 main (type Net::Server::PreFork) starting! pid(495614)
Sep 22 16:47:57 gateway pmg-smtp-filter[495614]: Binding to TCP port 10023 on host 127.0.0.1 with IPv4
Sep 22 16:47:57 gateway pmg-smtp-filter[495614]: Binding to TCP port 10024 on host 127.0.0.1 with IPv4
Sep 22 16:47:57 gateway pmg-smtp-filter[495614]: Group Not Defined.  Defaulting to EGID '0'
Sep 22 16:47:57 gateway pmg-smtp-filter[495614]: User Not Defined.  Defaulting to EUID '0'
Sep 22 16:47:57 gateway pmg-smtp-filter[495614]: Setting up serialization via flock
Sep 22 16:47:57 gateway pmg-smtp-filter[495614]: Filter daemon (re)started (max. 40 processes)
Sep 22 16:48:01 gateway pmg-smtp-filter[495614]: Beginning prefork (2 processes)
Sep 22 16:48:01 gateway pmg-smtp-filter[495614]: Starting "2" children

Will separate the rule next...
 
Not sure, but I think there could have been quotation marks in the mails that were not filtered out (the first ones surely didn't have those). I have adapted the filter to ^"?Medizin-Shop"? and didn't get any more mails since a week, so I guess this should be ok.
 
Last edited:

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!