How to send spam report immediately when a message is quarantined?

C

Covalenco_S

New Member
Oct 13, 2025
3
0
1
Hi,
Is it possible to configure Proxmox Mail Gateway so that the spam report (quarantine notification) is sent immediately when a new email is placed in quarantine for a user, instead of only once per day after midnight (00:02)?
I’m using PMG version 9.0.1 and would like users to be notified instantly when a message is quarantined.
Thanks in advance for your help!
 
Hi everyone,


Thanks for any potential advice in advance. I started this thread to ask if it's possible to send immediate quarantine notifications (spam reports) in PMG 9.0.1 instead of the daily digest at 00:02. After some research and testing, I've made progress but hit a wall with the __RECIPIENT__ macro not resolving correctly.


What I've Done So Far:​


  1. Created a Mail Filter Rule for Immediate Notifications:
    • Went to Configuration > Mail Filter.
    • Added a new rule named "Notificare Quarantine" with:
      • Position: 100 (early in the chain).
      • Direction: In (incoming).
      • Match: What Objects > Spam Filter > Spam Level > 5 (to catch spam).
      • Actions: Quarantine Spam + Notification (custom action).
    • Saved and applied.
  2. Configured the Notification Action:
    • In Action Objects, created/edited "NotifyUserCovalenco":
      • Receiver: __RECIPIENT__ (tried this; also tested __RECEIVERS__ for multiple recipients).
      • Subject: "Spam Report for RECIPIENT".
      • Body:
      • Code: 
        Hello __RECIPIENT__,

A message from __SENDER__ with subject __SUBJECT__ has been quarantined as spam (score: __SPAM_INFO__).

Check it here: https://domen.md:8006/quarantine?authmode=ldapticket&ticket=__TICKET__

Thanks,
Proxmox Mail Gateway
      • Mode: Text (also tried HTML for table format inspired by spamreport-verbose.tt).
      • No attachment.
        1. LDAP Setup for User Mapping:
          • Configured LDAP profile "adds-01" in Configuration > User Management > LDAP:
            • Server: 192.168.10.254 (primary AD server).
            • Base DN: DC=example,DC=local (generalized for privacy).
            • Bind DN: A service account (initially; later switched to a full-rights AD user).
            • Email attribute: mail.
            • LDAP filter: (|(mail=*)(proxyAddresses=*)) (later tried (&(objectClass=person)(mail=*@example.md))).
          • Synchronization works: pmgconfig ldapsync returns "found 412 accounts, 421 addresses, 170 groups".
          • Users appear correctly in the LDAP list (e.g., user@example.md).
        2. Quarantine Authentication:
          • In Configuration > Spam Detector > Quarantine:
            • Tried authmode: ldapticket (LDAP or Ticket).
            • Then switched to authmode: ldap (pure LDAP) for stricter mapping.
            • User Spam Report Style: Verbose.
            • Lifetime: 7 days.
          • Ran pmgconfig sync --restart 1 after changes.
        3. Testing:
          • Sent GTUBE test emails to a test user (e.g., user@example.md).
          • Emails are quarantined correctly (logs show "moved mail to spam quarantine").
          • But notifications bounce with: "unknown user: 'recipient'" (tries to send to __RECIPIENT__@domen.md instead of the real address).
          • Logs (/var/log/mail.log): Shows "notify <RECIPIENT> (rule: Notificare Quarantine)" but fails with DSN 5.1.1.
        4. The Issue: The __RECIPIENT__ macro isn't resolving to the actual email address (e.g., user@example.md) – it's treated as a literal string. Even with a full-rights AD user for LDAP bind and successful sync, it bounces. __RECEIVERS__ behaves similarly. Templates like spamreport-verbose.tt use [% pmail_plain %] for recipients in daily reports, which works, but immediate notifications fail.

          Questions:
          • Is there a known bug in PMG 9.0.1 with __RECIPIENT__ in Notification actions?
          • Do I need to configure Realms or something else in User Management for macro resolution?
          • Has anyone gotten immediate quarantine notifications working with LDAP in v9?
 

Attachments

  • Screenshot 2025-10-15 182644.png
    Screenshot 2025-10-15 182644.png
    22.4 KB · Views: 2
  • Screenshot 2025-10-15 182614.png
    Screenshot 2025-10-15 182614.png
    13.2 KB · Views: 2
Covalenco_S said:
Hi,
Is it possible to configure Proxmox Mail Gateway so that the spam report (quarantine notification) is sent immediately when a new email is placed in quarantine for a user, instead of only once per day after midnight (00:02)?
I’m using PMG version 9.0.1 and would like users to be notified instantly when a message is quarantined.
Click to expand...
I would really suggest to reconsider this - the quarantine loses it's meaning if you sent one mail for each potentially problematic mail, causing the recipient to both be distracted, and to be more likely to simply click on deliver ....

If you need your mails to arrive directly - just don't put them in quarantine - rather add a hint to the Subject (to mark them as SPAM or similar)
 
Stoiko Ivanov said:
I would really suggest to reconsider this - the quarantine loses it's meaning if you sent one mail for each potentially problematic mail, causing the recipient to both be distracted, and to be more likely to simply click on deliver ....

If you need your mails to arrive directly - just don't put them in quarantine - rather add a hint to the Subject (to mark them as SPAM or similar)
Click to expand...
Thank you for your advice! You’re right—sending a notification for every potentially problematic email could indeed dilute the purpose of the quarantine and might overwhelm recipients, potentially leading them to simply approve all messages. I appreciate the alternative suggestion of delivering emails directly with a "SPAM" hint in the subject, and I’ll consider that approach.


In the meantime, I’ve been experimenting with the configuration to find a balance. I modified the /usr/lib/systemd/system/pmgspamreport.timer file, changing the default (00:05) schedule to OnCalendar=hourly. However, I’ve noticed that the same spam notification is being sent regularly every hour, and it doesn’t seem to reflect only the spam received in the last hour. It appears to include the same data repeatedly.


I’m now considering setting a specific time instead. If I modify the [Timer] section to:
Code: 
[Timer]
OnCalendar=16:00
Persistent=true
how will this rule work? Will it include spam from the current day up to 16:00, or will it cover spam from yesterday at 16:00 up to today at 16:00? I’d like to ensure the report reflects the most relevant data.


Thank you again for your guidance—I’m open to suggestions on how to optimize this!
 
You must log in or register to reply here.
Top Bottom