[SOLVED] How to avoid a blocked e-mail/domain/IP to be sent to quarantine?

[fernoliv]

Hi there,

I have two mail filter rules to block e-mails addresses, domains, IPs and IP Networks. The action of these first rules (ComprovadamenteSpam and ComprovadamenteSpamER) is to block and the next rules, if not matches them, will send the spam to quarantine:



How can avoid blocked spam messages to be quarantined? I want to the mail filter rules catch it and block directly instead of send it to the quarantine. Any help will be appreciated. Thank you guys.

PS: I guess that my rules order is wrong.

 

[Stoiko Ivanov]

please post some logs (the mail.log for mails which have been put into quarantine, instead of being blocked), also please post `pmgdb dump` (this helps to get a better look at your ruleset.

Anonymize what you must, but make sure that it stays consistent (i.e. replace the same IP-address always equally ...)

 

[fernoliv]

Hi @Stoiko Ivanov, thank you for your help. The logs and pmgdb dump is attached here.

 

[steven99]

A quick look through the log file shows most are hitting Spam>10 and you have SpamScore as the second rule. You'll need to move your rules up or move the Spamscore down below them.

 

[fernoliv]

Thanks.

What's the "SpamScore" rule does?




The action is "X-Spam".

 

[fernoliv]

A quick look through the log file shows most are hitting Spam>10 and you have SpamScore as the second rule. You'll need to move your rules up or move the Spamscore down below them.

Something like that @steven99?



If the incoming message matches the rule called "WhiteList" for example, the processing is going to stop right there, correct? If that's not true (not matching the WhiteList rule), the processing continues running until it match some other rule, respecting the respective priorities? If none of rules have a match with the mailfilter's rules, the message is going to be accepted amd delivered to the destination mailbox, right?

PS: the mailfilter rules "ComprovadamenteSpam and ComprovadamenteSpamER" have an "Block" action. The rules "RealmenteLixo, Blacklist, Spam>10=Quarantine and Spam>5=Quarantine have "Quarantine" action. The second rule, called "WhiteList", has the action "Accept".

 

[steven99]

You'll need to look at the action objects and find that and see what it is doing. Though that sounds like maybe adding a header.

 

[fernoliv]

You'll need to look at the action objects and find that and see what it is doing. Though that sounds like maybe adding a header.

Yes @steven99, it was adding a header like you can see below:

 

[steven99]

I could be mistaken but that would be flagging every mail as spam in that case. Try disabling it and see if that helps the rule you're interested in.

 

[fernoliv]

I could be mistaken but that would be flagging every mail as spam in that case. Try disabling it and see if that helps the rule you're interested in.

@steven99, thank you so much.

As soon I changed the rules order, apparently the block rules are getting the email first and blocking them before they goes to quarantine, which I was expecting.

I need to wait until tomorrow (here in Brazil is 0234am) to see how it will work during the business hours.

 

[fernoliv]

Hi @Stoiko Ivanov and @steven99,

Looks like my issue was solved when I changed the rules order following yours instructions (moving the rule "SpamScore" down after the main block rules).

Thank you so much guys. I really appreciated yours help.

I'm marking this ticket as solved now.