Junk mail but SA score = 0

K

karnz

Renowned Member
Nov 23, 2015
60
3
73
I have PMG in front of my end e-mail server.

This message was sent from @hotmail.com and completely Junk.

Log from PMG,
Oct 17 14:38:17 mxgw pmg-smtp-filter[26959]: 122AD45BC6E6E71D929: SA score=0/5 time=2.301 bayes=1.23075763469593e-08 autolearn=no autolearn_force=no hits=BAYES_00,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,HTML_MESSAGE,RAZOR2_CF_RANGE_51_100,RAZOR2_CHECK,RCVD_IN_DNSWL_NONE,SPF_HELO_PASS,SPF_PASS
Click to expand...

I wonder why SA score is only zero while plenty SA scanning hits.
This e-mail passed from PMG, but it was blocked at my end e-mail server.

Log from my e-mail server,
X-Spam-Status: Yes, score=6.4 required=6.0 tests=ALL_TRUSTED,DCC_CHECK,
DIGEST_MULTIPLE,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HTML_IMAGE_ONLY_28,
HTML_IMAGE_RATIO_02,HTML_MESSAGE,MPART_ALT_DIFF,PYZOR_CHECK,TVD_SPACE_RATIO
autolearn=no autolearn_force=no version=3.4.0
Click to expand...

Any idea why PMG passed this message with score at 0?
 
Please check the email header via your email client and you will see the detailed scores of each test.
 
I can't see its header because it may be rewritten with SA on my destination e-mail server.
Anyway I tried to look for detailed scores in PMG at /var/log/mail.log but unfortunately not found any too.
 
See my advancing thread to improve PMG. If you look at your log, many additional checks occurred which may brought additional and higher scores, if you check with the PMG log, you see most checks are ones, which won't result in high or any score.
 
heutger said:
See my advancing thread to improve PMG. If you look at your log, many additional checks occurred which may brought additional and higher scores, if you check with the PMG log, you see most checks are ones, which won't result in high or any score.
Click to expand...
Sorry I don't understand clearly. Why PMG checks are one as it doesn't make high score for junk mail? And then how to make PMG check for additional to bring score higher?
I've followed your thread and done all things except VPN/Backup/etc. However I still received phishing and malware e-mail some time.
 
karnz said:
Sorry I don't understand clearly. Why PMG checks are one as it doesn't make high score for junk mail?
Click to expand...

If you see the detailed score per test, you can probably see the problem in your setup.
 
tom said:
If you see the detailed score per test, you can probably see the problem in your setup.
Click to expand...
Is it possible to view detail in PMG’s any log file? Please give me some hint because I can’t find it in /var/log/. Thanks :)
 
karnz said:
Is it possible to view detail in PMG’s any log file? Please give me some hint because I can’t find it in /var/log/. Thanks :)
Click to expand...

See above. But as you rewrite the header, information is lost.

=> adapt your internal mail server NOT rewriting the header.
 
  • Like
Reactions: karnz
karnz said:
Sorry I don't understand clearly. Why PMG checks are one as it doesn't make high score for junk mail? And then how to make PMG check for additional to bring score higher?
I've followed your thread and done all things except VPN/Backup/etc. However I still received phishing and malware e-mail some time.
Click to expand...

SpamAssassin is just such good as it has been set up. So everything depends on its checks, on the corresponding scores etc. So you may need to improve your spam detection. My thread tell about some possible improvements, however it depends on your mails you get. One of the best working thing is bayes, you need to train spam and ham, that it can work right. I saw in your log extract above, that your claiming mail has been detected as bayes_00. As you state, that's high score spam, your sa-learn went really worse as bayes expect this mail be a ham mail, for sure, and may subtract scores therefor.

As you have another filter, check with this filter, what is currently performing well and adopt to your SpamAssassin installation. PMG is a great easy setup and GUI but however, the underlaying technique is nothing else than the classical postfix - spam assassin - clamav setup, so if it's not working well for you, you need to adjust.

Additional, the logs are in /var/log/mail.log, but you won't see there more than what you've seen in PMG GUI. As if you remove your header data, there is no chance to check, what scores exactly have been taken here, however, looking at the list in your first post, it looks like nothing, which would result in high scores.
 
  • Like
Reactions: karnz
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back