Proxmox Mail Gateway 6.2-4
Cluster, 1 master/1 node
Hello, I've reviewed this thread bug resolution and it's associated thread, https://bugzilla.proxmox.com/show_bug.cgi?id=2360 , and maybe I don't understand the blacklist correctly. I have a email address pxx.brxx@domain.com in the blacklist at the top of the mail filter at level 98 in/out and yet I get this notification:
Subject:
Notification: Lembrete - Confirmacao de pagamento #5182628
From:
postmaster@sf-01.domain.com
Date:
6/22/2020, 11:59 PM
To:
pxx.brxx@domain.com
:: SPAM Filter Notification ::
An domain mail gateway has flagged the following email:
Sender: pag86262597@leandro04.lrfel3k2.io
Receiver: pxx.brxx@domain.com
Subject: Lembrete - Confirmacao de pagamento #5182628
Matching Rule: Enforce Attachment Quarantine
Rule: Modify Header
Receiver: pxx.brxx@domain.com
Action: modify field: X-Spam-Level:
Action: modify field: X-Spam-Score:0
Action: modify field: X-Spam-Report:Spam detection results: 0
BAYES_00 -1.9 Bayes spam probability is 0 to 1%
FORGED_OUTLOOK_HTML 0.021 Outlook can't send HTML message only
FORGED_OUTLOOK_TAGS 0.052 Outlook can't send HTML in this format
HEADER_FROM_DIFFERENT_DOMAINS 0.001 From and EnvelopeFrom 2nd level mail domains are different
HTML_MESSAGE 0.001 HTML included in message
from this rule:
Matching Rule: Enforce Attachment Quarantine
which is in the mail filter at level 88 in only.
I don't understand. I restarted the pmg-smtp-filter this morning and will report if another email like this comes through. I expected the black list to discard this email. I am set up to before queue filtering. My mail server sits behind and authenticating server which faces the internet. I'm new to PMG, having come from a Barracuda Spam and Virus firewall 200 we used up until a few months ago.
SMTP conversation:
Jun 23 07:01:54 sf-01 postfix/smtpd[1119]: connect from localhost.localdomain[127.0.0.1]
Jun 23 07:01:54 sf-01 postfix/smtpd[1119]: C24F01011C6: client=localhost.localdomain[127.0.0.1]
Jun 23 07:01:54 sf-01 postfix/cleanup[1120]: C24F01011C6: message-id=<20200623120154.C24F01011C6@sf-01.domain.com>
Jun 23 07:01:54 sf-01 postfix/qmgr[930]: C24F01011C6: from=<postmaster@sf-01.domain.com>, size=4188, nrcpt=1 (queue active)
Jun 23 07:01:54 sf-01 postfix/smtpd[1119]: disconnect from localhost.localdomain[127.0.0.1] ehlo=1 mail=1 rcpt=1 data=1 commands=4
Jun 23 07:01:54 sf-01 postfix/smtp[1128]: C24F01011C6: to=<pxx.brxx@domain.com>, relay=10.10.11.239[10.10.11.239]:25, delay=0.2, delays=0.05/0/0.02/0.12, dsn=5.1.1, status=bounced (host 10.10.11.239[10.10.11.239] said: 550 5.1.1 <pxx.brxx@domain.com>: Recipient address rejected: User unknown in local recipient table (in reply to RCPT TO command))
Jun 23 07:01:55 sf-01 postfix/qmgr[930]: C24F01011C6: removed
syslog:
Jun 23 07:01:54 sf-01 pmg-smtp-filter[1206]: 10079C5EF1EF3109CDD: notify <pxx.brxx@domain.com> (rule: Enforce Attachment Quarantine, C24F01011C6)
Jun 23 07:01:54 sf-01 postfix/smtp[1126]: B2CEF1011A5: to=<itdepartment@domain.com>, relay=10.10.11.239[10.10.11.239]:25, delay=0.16, delays=0.06/0/0.01/0.1, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as C4F7B58017B)
Jun 23 07:01:54 sf-01 postfix/qmgr[930]: B2CEF1011A5: removed
Jun 23 07:01:54 sf-01 pmg-smtp-filter[1206]: 10079C5EF1EF3109CDD: moved mail for <pxx.brxx@domain.com> to spam quarantine - 1011DB5EF1EF32CEFCC (rule: Enforce Attachment Quarantine)
Jun 23 07:01:54 sf-01 postfix/smtp[1128]: C24F01011C6: to=<pxx.brxx@domain.com>, relay=10.10.11.239[10.10.11.239]:25, delay=0.2, delays=0.05/0/0.02/0.12, dsn=5.1.1, status=bounced (host 10.10.11.239[10.10.11.239] said: 550 5.1.1 <pxx.brxx@domain.com>: Recipient address rejected: User unknown in local recipient table (in reply to RCPT TO command))
Jun 23 07:01:54 sf-01 postfix/cleanup[1120]: F27F810079C: message-id=<20200623120154.F27F810079C@sf-01.domain.com>
Jun 23 07:01:55 sf-01 postfix/qmgr[930]: F27F810079C: from=<>, size=6349, nrcpt=1 (queue active)
Jun 23 07:01:55 sf-01 postfix/bounce[1242]: C24F01011C6: sender non-delivery notification: F27F810079C
Jun 23 07:01:55 sf-01 postfix/qmgr[930]: C24F01011C6: removed
Jun 23 07:01:55 sf-01 pmg-smtp-filter[1206]: 10079C5EF1EF3109CDD: processing time: 1.949 seconds (1.605, 0.05, 0)
Jun 23 07:01:55 sf-01 postfix/smtpd[1137]: proxy-accept: END-OF-MESSAGE: 250 2.5.0 OK (10079C5EF1EF3109CDD); from=<covaldoT8BPS5T52@rcb04.directsytens.institute> to=<pxx.brxx@domain.com> proto=ESMTP helo=<rcb04.directsytens.institute>
Jun 23 07:01:55 sf-01 postfix/smtpd[1137]: disconnect from rcb04.directsytens.institute[95.142.44.184] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5
Jun 23 07:01:55 sf-01 postfix/cleanup[1120]: 0FDD71011A5: message-id=<20200623120154.F27F810079C@sf-01.domain.com>
Jun 23 07:01:55 sf-01 postfix/qmgr[930]: 0FDD71011A5: from=<>, size=6489, nrcpt=1 (queue active)
Jun 23 07:01:55 sf-01 postfix/local[1243]: F27F810079C: to=<postmaster@sf-01.domain.com>, relay=local, delay=0.11, delays=0.05/0.01/0/0.04, dsn=2.0.0, status=sent (forwarded as 0FDD71011A5)
Jun 23 07:01:55 sf-01 postfix/qmgr[930]: F27F810079C: removed
Jun 23 07:01:55 sf-01 postfix/smtp[1121]: 0FDD71011A5: to=<itdepartment@domain.com>, orig_to=<postmaster@sf-01.domain.com>, relay=10.10.11.239[10.10.11.239]:25, delay=0.13, delays=0.04/0/0.01/0.08, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 1B26F580B47)
Jun 23 07:01:55 sf-01 postfix/qmgr[930]: 0FDD71011A5: removed
Thanks in advance for any help.
Bruce
Cluster, 1 master/1 node
Hello, I've reviewed this thread bug resolution and it's associated thread, https://bugzilla.proxmox.com/show_bug.cgi?id=2360 , and maybe I don't understand the blacklist correctly. I have a email address pxx.brxx@domain.com in the blacklist at the top of the mail filter at level 98 in/out and yet I get this notification:
Subject:
Notification: Lembrete - Confirmacao de pagamento #5182628
From:
postmaster@sf-01.domain.com
Date:
6/22/2020, 11:59 PM
To:
pxx.brxx@domain.com
:: SPAM Filter Notification ::
An domain mail gateway has flagged the following email:
Sender: pag86262597@leandro04.lrfel3k2.io
Receiver: pxx.brxx@domain.com
Subject: Lembrete - Confirmacao de pagamento #5182628
Matching Rule: Enforce Attachment Quarantine
Rule: Modify Header
Receiver: pxx.brxx@domain.com
Action: modify field: X-Spam-Level:
Action: modify field: X-Spam-Score:0
Action: modify field: X-Spam-Report:Spam detection results: 0
BAYES_00 -1.9 Bayes spam probability is 0 to 1%
FORGED_OUTLOOK_HTML 0.021 Outlook can't send HTML message only
FORGED_OUTLOOK_TAGS 0.052 Outlook can't send HTML in this format
HEADER_FROM_DIFFERENT_DOMAINS 0.001 From and EnvelopeFrom 2nd level mail domains are different
HTML_MESSAGE 0.001 HTML included in message
from this rule:
Matching Rule: Enforce Attachment Quarantine
which is in the mail filter at level 88 in only.
I don't understand. I restarted the pmg-smtp-filter this morning and will report if another email like this comes through. I expected the black list to discard this email. I am set up to before queue filtering. My mail server sits behind and authenticating server which faces the internet. I'm new to PMG, having come from a Barracuda Spam and Virus firewall 200 we used up until a few months ago.
SMTP conversation:
Jun 23 07:01:54 sf-01 postfix/smtpd[1119]: connect from localhost.localdomain[127.0.0.1]
Jun 23 07:01:54 sf-01 postfix/smtpd[1119]: C24F01011C6: client=localhost.localdomain[127.0.0.1]
Jun 23 07:01:54 sf-01 postfix/cleanup[1120]: C24F01011C6: message-id=<20200623120154.C24F01011C6@sf-01.domain.com>
Jun 23 07:01:54 sf-01 postfix/qmgr[930]: C24F01011C6: from=<postmaster@sf-01.domain.com>, size=4188, nrcpt=1 (queue active)
Jun 23 07:01:54 sf-01 postfix/smtpd[1119]: disconnect from localhost.localdomain[127.0.0.1] ehlo=1 mail=1 rcpt=1 data=1 commands=4
Jun 23 07:01:54 sf-01 postfix/smtp[1128]: C24F01011C6: to=<pxx.brxx@domain.com>, relay=10.10.11.239[10.10.11.239]:25, delay=0.2, delays=0.05/0/0.02/0.12, dsn=5.1.1, status=bounced (host 10.10.11.239[10.10.11.239] said: 550 5.1.1 <pxx.brxx@domain.com>: Recipient address rejected: User unknown in local recipient table (in reply to RCPT TO command))
Jun 23 07:01:55 sf-01 postfix/qmgr[930]: C24F01011C6: removed
syslog:
Jun 23 07:01:54 sf-01 pmg-smtp-filter[1206]: 10079C5EF1EF3109CDD: notify <pxx.brxx@domain.com> (rule: Enforce Attachment Quarantine, C24F01011C6)
Jun 23 07:01:54 sf-01 postfix/smtp[1126]: B2CEF1011A5: to=<itdepartment@domain.com>, relay=10.10.11.239[10.10.11.239]:25, delay=0.16, delays=0.06/0/0.01/0.1, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as C4F7B58017B)
Jun 23 07:01:54 sf-01 postfix/qmgr[930]: B2CEF1011A5: removed
Jun 23 07:01:54 sf-01 pmg-smtp-filter[1206]: 10079C5EF1EF3109CDD: moved mail for <pxx.brxx@domain.com> to spam quarantine - 1011DB5EF1EF32CEFCC (rule: Enforce Attachment Quarantine)
Jun 23 07:01:54 sf-01 postfix/smtp[1128]: C24F01011C6: to=<pxx.brxx@domain.com>, relay=10.10.11.239[10.10.11.239]:25, delay=0.2, delays=0.05/0/0.02/0.12, dsn=5.1.1, status=bounced (host 10.10.11.239[10.10.11.239] said: 550 5.1.1 <pxx.brxx@domain.com>: Recipient address rejected: User unknown in local recipient table (in reply to RCPT TO command))
Jun 23 07:01:54 sf-01 postfix/cleanup[1120]: F27F810079C: message-id=<20200623120154.F27F810079C@sf-01.domain.com>
Jun 23 07:01:55 sf-01 postfix/qmgr[930]: F27F810079C: from=<>, size=6349, nrcpt=1 (queue active)
Jun 23 07:01:55 sf-01 postfix/bounce[1242]: C24F01011C6: sender non-delivery notification: F27F810079C
Jun 23 07:01:55 sf-01 postfix/qmgr[930]: C24F01011C6: removed
Jun 23 07:01:55 sf-01 pmg-smtp-filter[1206]: 10079C5EF1EF3109CDD: processing time: 1.949 seconds (1.605, 0.05, 0)
Jun 23 07:01:55 sf-01 postfix/smtpd[1137]: proxy-accept: END-OF-MESSAGE: 250 2.5.0 OK (10079C5EF1EF3109CDD); from=<covaldoT8BPS5T52@rcb04.directsytens.institute> to=<pxx.brxx@domain.com> proto=ESMTP helo=<rcb04.directsytens.institute>
Jun 23 07:01:55 sf-01 postfix/smtpd[1137]: disconnect from rcb04.directsytens.institute[95.142.44.184] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5
Jun 23 07:01:55 sf-01 postfix/cleanup[1120]: 0FDD71011A5: message-id=<20200623120154.F27F810079C@sf-01.domain.com>
Jun 23 07:01:55 sf-01 postfix/qmgr[930]: 0FDD71011A5: from=<>, size=6489, nrcpt=1 (queue active)
Jun 23 07:01:55 sf-01 postfix/local[1243]: F27F810079C: to=<postmaster@sf-01.domain.com>, relay=local, delay=0.11, delays=0.05/0.01/0/0.04, dsn=2.0.0, status=sent (forwarded as 0FDD71011A5)
Jun 23 07:01:55 sf-01 postfix/qmgr[930]: F27F810079C: removed
Jun 23 07:01:55 sf-01 postfix/smtp[1121]: 0FDD71011A5: to=<itdepartment@domain.com>, orig_to=<postmaster@sf-01.domain.com>, relay=10.10.11.239[10.10.11.239]:25, delay=0.13, delays=0.04/0/0.01/0.08, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 1B26F580B47)
Jun 23 07:01:55 sf-01 postfix/qmgr[930]: 0FDD71011A5: removed
Thanks in advance for any help.
Bruce
Last edited:
