Hello!
Today several users recieved an email with an empty sender and attached file 3282023.gz with 3282023.scr inside, I'm pretty sure it is a virus, because nobody really use or send screensavers anymore.
I already set backscatter score to 3, but I guess it will also quarantine all non-delivery reports.
Is there a way to check why Proxmox allowed this attachment?
Can it check for viruses inside gz archives?
Is there anything else I could set to auto discard emails like this?
Today several users recieved an email with an empty sender and attached file 3282023.gz with 3282023.scr inside, I'm pretty sure it is a virus, because nobody really use or send screensavers anymore.
I already set backscatter score to 3, but I guess it will also quarantine all non-delivery reports.
Is there a way to check why Proxmox allowed this attachment?
Can it check for viruses inside gz archives?
Is there anything else I could set to auto discard emails like this?
Code:
Mar 28 15:19:26 mail postfix/smtpd[253764]: connect from security.medmargroup.it[31.27.107.176]
Mar 28 15:19:35 mail postfix/smtpd[253764]: 9070F1211C1: client=security.medmargroup.it[31.27.107.176]
Mar 28 15:19:48 mail postfix/cleanup[253765]: 9070F1211C1: message-id=<2be5cde5-05a3-48ef-96d9-15a62393fc06@EXCHANGE-SRV.enterprise.medmargroup.it>
Mar 28 15:21:34 mail postfix/qmgr[89068]: 9070F1211C1: from=<>, size=703022, nrcpt=1 (queue active)
Mar 28 15:21:34 mail pmg-smtp-filter[253729]: 12139B6422BFAE0F47D: new mail message-id=<2be5cde5-05a3-48ef-96d9-15a62393fc06@EXCHANGE-SRV.enterprise.medmargroup.it>#012
Mar 28 15:21:34 mail postfix/smtpd[253764]: disconnect from security.medmargroup.it[31.27.107.176] ehlo=2 starttls=1 mail=1 rcpt=1 bdat=1 quit=1 commands=7
Mar 28 15:21:37 mail pmg-smtp-filter[253729]: 12139B6422BFAE0F47D: SA score=0/5 time=0.640 bayes=undefined autolearn=ham autolearn_force=no hits=KAM_DMARC_STATUS(0.01),KAM_GB_INVALID_FROM(3),RCVD_IN_DNSWL_HI(-5),SPF_HELO_NONE(0.001),TO_MALFORMED(0.1)
Mar 28 15:21:37 mail postfix/smtpd[253776]: connect from localhost.localdomain[127.0.0.1]
Mar 28 15:21:37 mail postfix/smtpd[253776]: 9983B12139D: client=localhost.localdomain[127.0.0.1], orig_client=security.medmargroup.it[31.27.107.176]
Mar 28 15:21:37 mail postfix/cleanup[253771]: 9983B12139D: message-id=<2be5cde5-05a3-48ef-96d9-15a62393fc06@EXCHANGE-SRV.enterprise.medmargroup.it>
Mar 28 15:21:37 mail postfix/qmgr[89068]: 9983B12139D: from=<>, size=703643, nrcpt=1 (queue active)
Mar 28 15:21:37 mail postfix/smtpd[253776]: disconnect from localhost.localdomain[127.0.0.1] ehlo=1 xforward=1 mail=1 rcpt=1 data=1 commands=5
Mar 28 15:21:37 mail pmg-smtp-filter[253729]: 12139B6422BFAE0F47D: accept mail to <user@modomain.com> (9983B12139D) (rule: default-accept)
Mar 28 15:21:37 mail pmg-smtp-filter[253729]: 12139B6422BFAE0F47D: processing time: 3.641 seconds (0.64, 2.819, 0)
Mar 28 15:21:37 mail postfix/lmtp[253772]: 9070F1211C1: to=<user@mydomain.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=122, delays=118/0/0.05/3.7, dsn=2.5.0, status=sent (250 2.5.0 OK (12139B6422BFAE0F47D))
Mar 28 15:21:37 mail postfix/qmgr[89068]: 9070F1211C1: removed
Mar 28 15:21:37 mail postfix/smtp[253777]: 9983B12139D: to=<user@mydomain.com>, relay=192.168.255.3[192.168.255.3]:25, delay=0.34, delays=0.1/0/0.02/0.21, dsn=2.6.0, status=sent (250 2.6.0 <2be5cde5-05a3-48ef-96d9-15a62393fc06@EXCHANGE-SRV.enterprise.medmargroup.it> [InternalId=4818953306129, Hostname=MailBox.local] 704972 bytes in 0.185, 3703,285 KB/sec Queued mail for delivery)
Mar 28 15:21:37 mail postfix/qmgr[89068]: 9983B12139D: removed
Last edited:
