Mail Proxy > Whitelist: Error 500

[TDS]

I have two PMG instances. One is working properly, one not.
After server transfer and backup restore I can't add entries to global whitelist.

GUI:
https://domain.tld/api2/json/config/whitelist/objects => 500 Internal Server Error
The frontend displays "Connection error".

SHELL:
::> pmgsh create /config/whitelist/domain --domain "facebookmail.com"
undefined ogroup: ERROR at /usr/share/perl5/PMG/RuleDB/WhoRegex.pm line 59.

All other things are working.
Comparing to my other system, the IDs in database for objects are different.

What can be done to resolve this issue?

 

[Stoiko Ivanov]

could you please share:
* the journal output when you try to add items (just let `journalctl -f` run in a shell and copy the output after the error happens)
* the pmgproxy.log (/var/log/pmgproxy/pmgproxy.log) from that timefram
* `pmgdb dump` (sanitize/anonymize what you need to keep private)

 

[TDS]

could you please share:
* the journal output when you try to add items (just let `journalctl -f` run in a shell and copy the output after the error happens)
* the pmgproxy.log (/var/log/pmgproxy/pmgproxy.log) from that timefram
* `pmgdb dump` (sanitize/anonymize what you need to keep private)

Hopefully here are the right outputs and answers.

Journal doesn't show log after clicking on whitelist.

::ffff:127.0.0.1 - root@pam [21/10/2024:10:25:24 +0200] "GET /api2/json/config/mail HTTP/1.1" 200 322
::ffff:127.0.0.1 - - [21/10/2024:10:25:24 +0200] "POST /api2/json/access/ticket HTTP/1.1" 200 502
::ffff:127.0.0.1 - root@pam [21/10/2024:10:25:24 +0200] "GET /api2/json/config/whitelist/objects HTTP/1.1" 500 13
::ffff:127.0.0.1 - root@pam [21/10/2024:10:25:29 +0200] "GET /api2/json/config/mail HTTP/1.1" 200 322
::ffff:127.0.0.1 - root@pam [21/10/2024:10:25:32 +0200] "GET /api2/json/config/whitelist/objects HTTP/1.1" 500 13

RULE 4 (prio: 98, in, ACTIVE): Blacklist
  FROM group 25 (and=0, invert=0): Blacklist
    OBJECT Mail address 41: nomail@fromthisdomain.com
  ACTION group 41: Block
    OBJECT Block 70: block message
RULE 2 (prio: 96, in, ACTIVE): Block Viruses
  WHAT group 32 (and=0, invert=0): Virus
    OBJECT Virus Filter 61: active
  ACTION group 43: Notify Admin
    OBJECT Notification 72: notify __ADMIN__
  ACTION group 42: Quarantine
    OBJECT Quarantine 71: Move to quarantine.
RULE 3 (prio: 96, out, ACTIVE): Virus Alert
  WHAT group 32 (and=0, invert=0): Virus
    OBJECT Virus Filter 61: active
  ACTION group 44: Notify Sender
    OBJECT Notification 73: notify __SENDER__
  ACTION group 43: Notify Admin
    OBJECT Notification 72: notify __ADMIN__
  ACTION group 41: Block
    OBJECT Block 70: block message
RULE 1 (prio: 93, in, ACTIVE): Block Dangerous Files
  WHAT group 31 (and=0, invert=0): Dangerous Content
    OBJECT ContentType Filter 56: content-type=application/javascript
    OBJECT ContentType Filter 57: content-type=application/x-executable
    OBJECT ContentType Filter 55: content-type=application/x-java
    OBJECT ContentType Filter 54: content-type=application/x-ms-dos-executable
    OBJECT ContentType Filter 58: content-type=message/partial
    OBJECT Match Filename 59: filename=.*\.(vbs|pif|lnk|shs|shb)
    OBJECT Match Filename 60: filename=.*\.\{.+\}
  ACTION group 38: Remove attachments
    OBJECT Remove attachments 67: remove matching attachments
RULE 5 (prio: 90, in, ACTIVE): Modify Header
  ACTION group 36: Modify Spam Level
    OBJECT Header Attribute 65: modify field: X-SPAM-LEVEL:__SPAM_INFO__
RULE 13 (prio: 89, in, inactive): Quarantine Office Files
  WHAT group 30 (and=0, invert=0): Office Files
    OBJECT ContentType Filter 49: content-type=application/msword
    OBJECT ContentType Filter 47: content-type=application/vnd\.ms-excel
    OBJECT ContentType Filter 48: content-type=application/vnd\.ms-powerpoint
    OBJECT ContentType Filter 51: content-type=application/vnd\.oasis\.opendocument\..*
    OBJECT ContentType Filter 50: content-type=application/vnd\.openxmlformats-officedocument\..*
    OBJECT ContentType Filter 52: content-type=application/vnd\.stardivision\..*
    OBJECT ContentType Filter 53: content-type=application/vnd\.sun\.xml\..*
  ACTION group 46: Attachment Quarantine (remove matching)
    OBJECT Remove attachments 75: remove matching attachments
RULE 12 (prio: 87, in+out, inactive): Block Multimedia Files
  WHAT group 29 (and=0, invert=0): Multimedia
    OBJECT ContentType Filter 45: content-type=audio/.*
    OBJECT ContentType Filter 46: content-type=video/.*
  ACTION group 38: Remove attachments
    OBJECT Remove attachments 67: remove matching attachments
RULE 6 (prio: 85, in, ACTIVE): Whitelist
  FROM group 26 (and=0, invert=0): Whitelist
    OBJECT Mail address 42: mail@fromthisdomain.com
  ACTION group 40: Accept
    OBJECT Accept 69: accept message
RULE 9 (prio: 82, in, inactive): Block Spam (Level 10)
  WHAT group 35 (and=0, invert=0): Spam (Level 10)
    OBJECT Spam Filter 64: Level 10
  ACTION group 41: Block
    OBJECT Block 70: block message
RULE 8 (prio: 81, in, inactive): Quarantine/Mark Spam (Level 5)
  WHAT group 34 (and=0, invert=0): Spam (Level 5)
    OBJECT Spam Filter 63: Level 5
  ACTION group 37: Modify Spam Subject
    OBJECT Header Attribute 66: modify field: subject:SPAM: __SUBJECT__
  ACTION group 42: Quarantine
    OBJECT Quarantine 71: Move to quarantine.
RULE 7 (prio: 80, in, ACTIVE): Quarantine/Mark Spam (Level 3)
  WHAT group 33 (and=0, invert=0): Spam (Level 3)
    OBJECT Spam Filter 62: Level 3
  ACTION group 37: Modify Spam Subject
    OBJECT Header Attribute 66: modify field: subject:SPAM: __SUBJECT__
  ACTION group 42: Quarantine
    OBJECT Quarantine 71: Move to quarantine.
RULE 10 (prio: 70, out, ACTIVE): Block outgoing Spam
  WHAT group 34 (and=0, invert=0): Spam (Level 5)
    OBJECT Spam Filter 63: Level 5
  ACTION group 44: Notify Sender
    OBJECT Notification 73: notify __SENDER__
  ACTION group 41: Block
    OBJECT Block 70: block message
RULE 11 (prio: 60, out, inactive): Add Disclaimer
  ACTION group 45: Disclaimer
    OBJECT Disclaimer 74: disclaimer

 

[Stoiko Ivanov]

After server transfer and backup restore I can't add entries to global whitelist.

how did you do this?

Journal doesn't show log after clicking on whitelist.

hm - strange - I'd expect pmgproxy/pgdaemon to at least wrtie the error-message in the logs
could you reboot the machine - and share the logs from the boot ?

 

[TDS]

how did you do this?


hm - strange - I'd expect pmgproxy/pgdaemon to at least wrtie the error-message in the logs
could you reboot the machine - and share the logs from the boot ?

Backup and restore via https://pmg.proxmox.com/pmg-docs/pmgbackup.1.html

Look at the attachments ;-)

pmgproxy.log => no new entries

 

[Stoiko Ivanov]

You have quite a few other processes running on this system (dovecot, bind, mysql, and ftp-server,....) - that should not be an issue - but it's a somewhat uncommon setup...

anyways - looking through the error you posted in the first link (the logs did not contain any other hint) - it seems the database restore did not work at all...

can you try restoring the backup to a fresh pmg machine and see if adding entries to the Smtp proxy whitelist works there?
do you see any errors when trying to restore the backup?

 

[TDS]

You have quite a few other processes running on this system (dovecot, bind, mysql, and ftp-server,....) - that should not be an issue - but it's a somewhat uncommon setup...

anyways - looking through the error you posted in the first link (the logs did not contain any other hint) - it seems the database restore did not work at all...

can you try restoring the backup to a fresh pmg machine and see if adding entries to the Smtp proxy whitelist works there?
do you see any errors when trying to restore the backup?

The setup is working on another server with same HW specs. There is also only one problem concerning the global whitelist.
Currently I'm not able to restore the backup once again because it's already deleted. Server move was a few months ago.
Is there a possibility to enable debug messages so we can the see anything in the logs what happened?
Or maybe another chance to recreate the whitelist filter entries?

The real problem is this:

undefined ogroup: ERROR at /usr/share/perl5/PMG/RuleDB/WhoRegex.pm line 59.

 

[Stoiko Ivanov]

The real problem is this:

undefined ogroup: ERROR at /usr/share/perl5/PMG/RuleDB/WhoRegex.pm line 59.

I agree - but this should not happen if the database restore was not completely off ...

Are the 2 systems in a cluster? (then you could consider simply setting up a fresh one and joining it.

regarding logs - no there is no additional debug-mode available ...
you can check if you find the restore task-log:
`find /var/log/pve -iname '*restore*'` - that file might have some hints