Outgoing email gets blocked

maenda

Member
Jul 10, 2020
26
0
6
48
Hi all,

Can anybody shed a light on why this message for example is bounced? It is an outgoing email using the PMG


Code:
Spam detection results: 4
AWL 1.099 Adjusted score from AWL reputation of From: address
BAYES_00 -1.9 Bayes spam probability is 0 to 1%
DKIM_ADSP_CUSTOM_MED 0.001 No valid author signature, adsp_override is CUSTOM_MED
FORGED_GMAIL_RCVD 1 'From' gmail.com does not match 'Received' headers
FREEMAIL_FORGED_FROMDOMAIN 0.249 2nd level domains in From and EnvelopeFrom freemail headers are different
FREEMAIL_FROM 0.001 Sender email is commonly abused enduser mail provider
FREEMAIL_REPLYTO 1 Reply-To/From or Reply-To/body contain different freemails
FROM_EXCESS_BASE64 0.001 From: base64 encoded unnecessarily
GB_FREEM_FROM_NOT_REPLY 0.4 From: and Reply-To: have different freemail domains
HEADER_FROM_DIFFERENT_DOMAINS 0.25 From and EnvelopeFrom 2nd level mail domains are different
HTML_MESSAGE 0.001 HTML included in message
KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment
KAM_NUMSUBJECT 0.5 Subject ends in numbers excluding current years
MPART_ALT_DIFF 0.79 HTML and text parts are different
NML_ADSP_CUSTOM_MED 0.9 ADSP custom_med hit, and not from a mailing list
SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record
SPF_PASS -0.001 SPF: sender matches SPF record
T_GB_FREEM_FROM_NOT_REPLY 0.01 From: and Reply-To: have different freemail domains
T_REMOTE_IMAGE 0.01 Message contains an external image
 
Can anybody shed a light on why this message for example is bounced? It is an outgoing email using the PMG
You need to provide detailed logs.

=> Use the message tracking center.
 
You need to provide detailed logs.

=> Use the message tracking center.
Hi Tom,

This is what I see in the logs:

Mar 18 12:48:01 mx-1 postfix/smtpd[32652]: connect from pmgserver.url[ipaddress] Mar 18 12:48:01 mx-1 postfix/smtpd[32652]: Anonymous TLS connection established from pmgserver.url[ipaddress]: TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256 Mar 18 12:48:01 mx-1 postfix/smtpd[32652]: NOQUEUE: client=pmgserver.url[ipaaddress] Mar 18 12:48:01 mx-1 pmg-smtp-filter[32027]: F7B60533DF14C9AE: new mail message-id=<E1lMr8D-003MQx-3d@pmgserver.url>#012 Mar 18 12:48:05 mx-1 pmg-smtp-filter[32027]: F7B60533DF14C9AE: SA score=4/5 time=3.884 bayes=0.00 autolearn=no autolearn_force=no hits=AWL(1.099),BAYES_00(-1.9),DKIM_ADSP_CUSTOM_MED(0.001),FORGED_GMAIL_RCVD(1),FREEMAIL_FORGED_FROMDOMAIN(0.249),FREEMAIL_FROM(0.001),FREEMAIL_REPLYTO(1),FROM_EXCESS_BASE64(0.001),GB_FREEM_FROM_NOT_REPLY(0.4),HEADER_FROM_DIFFERENT_DOMAINS(0.25),HTML_MESSAGE(0.001),KAM_DMARC_STATUS(0.01),KAM_NUMSUBJECT(0.5),MPART_ALT_DIFF(0.79),NML_ADSP_CUSTOM_MED(0.9),SPF_HELO_NONE(0.001),SPF_PASS(-0.001),T_GB_FREEM_FROM_NOT_REPLY(0.01),T_REMOTE_IMAGE(0.01) Mar 18 12:48:05 mx-1 pmg-smtp-filter[32027]: F7B60533DF14C9AE: notify <myemail> (rule: Block outgoing Spam, 45BD71213) Mar 18 12:48:05 mx-1 pmg-smtp-filter[32027]: F7B60533DF14C9AE: notify <senderemail> (rule: Block outgoing Spam, 4955B1215) Mar 18 12:48:05 mx-1 pmg-smtp-filter[32027]: F7B60533DF14C9AE: block mail to <receiveremail> (rule: Block outgoing Spam) Mar 18 12:48:05 mx-1 pmg-smtp-filter[32027]: F7B60533DF14C9AE: processing time: 3.995 seconds (3.884, 0.067, 0) Mar 18 12:48:05 mx-1 postfix/smtpd[32652]: proxy-reject: END-OF-MESSAGE: 554 5.7.1 Rejected for policy reasons (F7B60533DF14C9AE); from=<senderemail> to=<receiveremail> proto=ESMTP helo=<pmgserver.url> Mar 18 12:48:05 mx-1 postfix/smtpd[32652]: disconnect from pmgserver.url[ipaddress] ehlo=2 starttls=1 mail=1 rcpt=1 data=0/1 quit=1 commands=6/7
 
Mar 18 12:48:05 mx-1 pmg-smtp-filter[32027]: F7B60533DF14C9AE: notify <myemail> (rule: Block outgoing Spam, 45BD71213)

You have an active rule in your rule system "Block outgoing Spam" blocking emails.

Your email got a score of 4.
18 12:48:05 mx-1 pmg-smtp-filter[32027]: F7B60533DF14C9AE: SA score=4/5 time=3.884 bayes=0.00 autolearn=no autolearn_force=no hits=AWL(1.099),BAYES_00(-1.9),DKIM_ADSP_CUSTOM_MED(0.001),FORGED_GMAIL_RCVD(1),FREEMAIL_FORGED_FROMDOMAIN(0.249),FREEMAIL_FROM(0.001),FREEMAIL_REPLYTO(1),FROM_EXCESS_BASE64(0.001),GB_FREEM_FROM_NOT_REPLY(0.4),HEADER_FROM_DIFFERENT_DOMAINS(0.25),HTML_MESSAGE(0.001),KAM_DMARC_STATUS(0.01),KAM_NUMSUBJECT(0.5),MPART_ALT_DIFF(0.79),NML_ADSP_CUSTOM_MED(0.9),SPF_HELO_NONE(0.001),SPF_PASS(-0.001),T_GB_FREEM_FROM_NOT_REPLY(0.01),T_REMOTE_IMAGE(0.01)
 
Yes the rule I get. It is obvious the mail get blocked when it is spam.
But I'm not sure why exactly this is marked as spam and how I can prevent it?
Looks like the bottleneck is the FREEMAIL_REPLYTO. Correct?
 
The log shows the list of tests and the score of each test.
 
Hi all,

Can anybody shed a light on why this message for example is bounced? It is an outgoing email using the PMG


Code:
Spam detection results: 4
AWL 1.099 Adjusted score from AWL reputation of From: address
BAYES_00 -1.9 Bayes spam probability is 0 to 1%
DKIM_ADSP_CUSTOM_MED 0.001 No valid author signature, adsp_override is CUSTOM_MED
FORGED_GMAIL_RCVD 1 'From' gmail.com does not match 'Received' headers
FREEMAIL_FORGED_FROMDOMAIN 0.249 2nd level domains in From and EnvelopeFrom freemail headers are different
FREEMAIL_FROM 0.001 Sender email is commonly abused enduser mail provider
FREEMAIL_REPLYTO 1 Reply-To/From or Reply-To/body contain different freemails
FROM_EXCESS_BASE64 0.001 From: base64 encoded unnecessarily
GB_FREEM_FROM_NOT_REPLY 0.4 From: and Reply-To: have different freemail domains
HEADER_FROM_DIFFERENT_DOMAINS 0.25 From and EnvelopeFrom 2nd level mail domains are different
HTML_MESSAGE 0.001 HTML included in message
KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment
KAM_NUMSUBJECT 0.5 Subject ends in numbers excluding current years
MPART_ALT_DIFF 0.79 HTML and text parts are different
NML_ADSP_CUSTOM_MED 0.9 ADSP custom_med hit, and not from a mailing list
SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record
SPF_PASS -0.001 SPF: sender matches SPF record
T_GB_FREEM_FROM_NOT_REPLY 0.01 From: and Reply-To: have different freemail domains
T_REMOTE_IMAGE 0.01 Message contains an external image
All this score add up to 4.
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!