junk 100%

Kodey

Member
Oct 26, 2021
109
5
23
What does this mean and where do I find details of that junk mail (what happened to it and where is it now)?

Incoming Mails (24 hours)​



Incoming Mails257
Junk Mails (100.00%)257
Spam Mails (0.00%)0
SPF rejects (0.00%)0
Bounces (0.00%)0
Virus Mails (0.00%)0
Mail Traffic0.000 MByte
 
junk mails are all mails that did not enter the rule system at all (so RBL/SPF/Greylisting rejects) + Virus mails + spam mails with a high spamscore
 
How can I check if those mails are not junk?
I'm not sure what's meant by "did not enter the rule system at all".
There must be some kind of rule that classifies them as junk, what is it?
 
Set rule to quarantine all junk mail. then you can investigate it at the quarantine section.
 
It looks like I already have one, but there's nothing in quarantine.
What am I missing?
PMG - Spam rule action.png
 
please check the logs of your system - i guess this could be a wrong configuration of postfix (and that all those mails get rejected due to a broken DNSBL setup or so) - check /var/log/mail.log
 
I see a lot of this:
Code:
May 29 20:10:23 mail pmg-smtp-filter[236805]: Filter daemon (re)started (max. 26 processes)
May 29 21:00:00 mail pmgpolicy[3446]: 2022/05/29-21:00:00 Re-exec server during HUP
May 29 21:00:00 mail pmgpolicy[3446]: Policy daemon (re)started
May 29 22:00:30 mail pmgpolicy[3446]: 2022/05/29-22:00:30 Re-exec server during HUP
May 29 22:00:31 mail pmgpolicy[3446]: Policy daemon (re)started
and this:
Code:
May 31 11:19:22 mail pmg-smtp-filter[247125]: starting database maintenance
May 31 11:19:22 mail pmg-smtp-filter[247125]: end database maintenance (3 ms)
May 31 11:19:22 mail pmgpolicy[3446]: starting policy database maintenance (greylist, rbl)
May 31 11:19:22 mail pmgpolicy[3446]: end policy database maintenance (6 ms, 0 ms)
and a bit of this:
Code:
May 31 13:00:49 mail pmgpolicy[3446]: Received a SIG HUP
May 31 13:00:49 mail pmgpolicy[3446]: 2022/05/31-13:00:49 Server closing!
May 31 13:00:49 mail pmgpolicy[3446]: 2022/05/31-13:00:49 Re-exec server during HUP
May 31 13:00:49 mail pmgpolicy[3446]: WARNING: Pid_file created by this same process. Doing nothing.
May 31 13:00:49 mail pmgpolicy[3446]: WARNING: Pid_file created by this same process. Doing nothing.
May 31 13:00:49 mail pmgpolicy[3446]: 2022/05/31-13:00:49 main (type Net::Server::PreForkSimple) starting! pid(3446)
May 31 13:00:49 mail pmgpolicy[3446]: Binding open file descriptors
May 31 13:00:49 mail pmgpolicy[3446]: Binding to TCP port 10022 on host 127.0.0.1 with IPv4
May 31 13:00:49 mail pmgpolicy[3446]: Reassociating file descriptor 8 with TCP on [127.0.0.1]:10022, using IPv4
May 31 13:00:49 mail pmgpolicy[3446]: Group Not Defined.  Defaulting to EGID '0'
May 31 13:00:49 mail pmgpolicy[3446]: User Not Defined.  Defaulting to EUID '0'
May 31 13:00:49 mail pmgpolicy[3446]: Setting up serialization via flock
May 31 13:00:49 mail pmgpolicy[3446]: Policy daemon (re)started
May 31 13:00:49 mail pmgpolicy[3446]: Beginning prefork (5 processes)
May 31 13:00:49 mail pmgpolicy[3446]: Starting "5" children
Today I was spammed with a tonne of this:
Code:
May 31 10:52:47 mail postfix/postscreen[250162]: CONNECT from [93.174.95.106]:42682 to [192.168.10.153]:25
May 31 10:52:48 mail postfix/dnsblog[250163]: addr 93.174.95.106 listed by domain zen.spamhaus.org as 127.0.0.4
May 31 10:52:48 mail postfix/dnsblog[250163]: addr 93.174.95.106 listed by domain zen.spamhaus.org as 127.0.0.3
May 31 10:52:48 mail postfix/postscreen[250162]: PREGREET 21 after 1 from [93.174.95.106]:42682: EHLO ReQVXnqV8D.net\r\n
May 31 10:52:48 mail postfix/postscreen[250162]: DNSBL rank 1 for [93.174.95.106]:42682
May 31 10:52:49 mail postfix/tlsproxy[250164]: CONNECT from [93.174.95.106]:42682
May 31 10:52:51 mail postfix/tlsproxy[250164]: Anonymous TLS connection established from [93.174.95.106]:42682: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
May 31 10:52:51 mail postfix/postscreen[250162]: CONNECT from [93.174.95.106]:47826 to [192.168.10.153]:25
May 31 10:52:51 mail postfix/postscreen[250162]: PREGREET 429 after 0 from [93.174.95.106]:47826: \026\003\003\001\250\001\000\001\244\003\0030\274q\341\252S\330\nil:x\373g\017Jze5\037\324\356n~65S\
May 31 10:52:51 mail postfix/dnsblog[250163]: addr 93.174.95.106 listed by domain zen.spamhaus.org as 127.0.0.3
May 31 10:52:51 mail postfix/dnsblog[250163]: addr 93.174.95.106 listed by domain zen.spamhaus.org as 127.0.0.4
May 31 10:52:51 mail postfix/postscreen[250162]: DNSBL rank 1 for [93.174.95.106]:47826
May 31 10:52:51 mail postfix/postscreen[250162]: BARE NEWLINE from [93.174.95.106]:47826 after \026\003\003\001\250\001\000\001\244\003\0030\274q\341\252S\330
May 31 10:52:51 mail postfix/postscreen[250162]: COMMAND PIPELINING from [93.174.95.106]:47826 after ??????: il:x\373g\017Jze5\037\324\356n~65S\367\345s S e"\000\264\372\322j\252\341\020\fk\317xk\005\233p\025\204\207\337T\321;\036o\340\2
41\002\212\023\000\212\000\026\0003\000g\300\236\300\242\000\236\0009\000k\300\237\300\243\000\237\000E\000\276\000\210\000\304\000\232\300\b\300\t\300#\300\254\300
May 31 10:52:51 mail postfix/postscreen[250162]: NON-SMTP COMMAND from [93.174.95.106]:47826 after UNIMPLEMENTED: il:x?g?Jze5???n~65S??s S e"
May 31 10:52:51 mail postfix/postscreen[250162]: DISCONNECT [93.174.95.106]:47826
May 31 10:52:52 mail postfix/postscreen[250162]: CONNECT from [93.174.95.106]:48292 to [192.168.10.153]:25
But I don't know for sure what it means or how it relates to what I'm seeing in the mail notification or what to do about it
 
the first 3 log-excerpts are quite regular and nothing to worry about

The last one looks like some kind of scan/portprobing by 93.174.95.106 - which gets rejected by postscreen because:
* the ip is blacklisted @zen.spamhaus.org
* the ip is writing gibberish instead of SMTP commands
so this is considered junk by PMG's statistics (and rightfully so)

check the tracking center in the GUI - that should show some mails (if you get any)
 
In the tracking centre, it shows 1 attempt at relay that's denied:
Code:
May 31 13:35:00 mail postfix/smtpd[251030]: connect from appointinsure.co[85.202.168.50]
May 31 13:35:01 mail postfix/smtpd[251030]: NOQUEUE: reject: RCPT from appointinsure.co[85.202.168.50]: 554 5.7.1 <spameri@tiscali.it>: Relay access denied; from=<spameri@tiscali.it> to=<spameri@tiscali.it> proto=ESMTP helo=<WIN-CLJ1B0GQ6JP>
May 31 13:35:01 mail postfix/smtpd[251030]: disconnect from appointinsure.co[85.202.168.50] ehlo=1 mail=1 rcpt=0/1 rset=1 quit=1 commands=4/5
But all other mail is completely normal and successfully delivered.
But the PMG Proxmox Status report email shows 14 junk mails and Spam Score statistics GUI show 0.
How do I know what happened to them / how to interpret the report?
 
Last edited:
But the PMG Proxmox Status report email shows 14 junk mails and Spam Score statistics GUI show 0.
as @dcsapak explained above:
junk mails are all mails that did not enter the rule system at all (so RBL/SPF/Greylisting rejects) + Virus mails + spam mails with a high spamscore
not every mail that is considered as 'junk mail' by the pmg report is something that entered the system, or has a spamscore assigned

I hope this explains it!
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!