PMG 8 ignores User Blacklist

M

MarvinE

Active Member
Proxmox Subscriber
Jan 16, 2020
119
17
38
26
Hello,

our pmg does not block the mails from the user blacklist.
I think it should set the SPAM score to 100 but it's 0.

Code: 
proxmox-mailgateway: 8.0.1
pmg-api: 8.0.7
pmg-gui: 4.0.2
pve-kernel-6.2: 8.0.5
proxmox-kernel-helper: 8.0.3
pve-kernel-5.15: 7.4-4
proxmox-kernel-6.2.16-14-pve: 6.2.16-14
proxmox-kernel-6.2: 6.2.16-14
proxmox-kernel-6.2.16-12-pve: 6.2.16-12
proxmox-kernel-6.2.16-8-pve: 6.2.16-8
proxmox-kernel-6.2.16-6-pve: 6.2.16-7
pve-kernel-6.2.16-5-pve: 6.2.16-6
pve-kernel-6.2.16-3-pve: 6.2.16-3
pve-kernel-5.15.108-1-pve: 5.15.108-1
pve-kernel-5.15.107-2-pve: 5.15.107-2
pve-kernel-5.13.19-2-pve: 5.13.19-4
clamav-daemon: 1.0.3+dfsg-1~deb12u1
ifupdown: 0.8.41
libarchive-perl: 3.6.2
libjs-extjs: 7.0.0-4
libjs-framework7: 4.4.7-2
libproxmox-acme-perl: 1.4.6
libproxmox-acme-plugins: 1.4.6
libpve-apiclient-perl: 3.3.0
libpve-common-perl: 8.0.9
libpve-http-server-perl: 5.0.4
libxdgmime-perl: 1.1.0
lvm2: 2.03.16-2
pmg-docs: 8.0.1
pmg-i18n: 3.0.7
pmg-log-tracker: 2.4.1
proxmox-mini-journalreader: 1.4.0
proxmox-offline-mirror-helper: 0.6.2
proxmox-spamassassin: 4.0.0-4
proxmox-widget-toolkit: 4.0.8
pve-firmware: 3.8-2
pve-xtermjs: 4.16.0-3
zfsutils-linux: 2.1.12-pve1

I tested it on pmg 7 there it seams to work.
 
Please share the logs for such a mail and also a screenshot of the appropriate user-blacklist entry...

P.S. I moved the thread to the English forum (was posted in the German one)
 
Hello,

mail log: (sender / receiver and IPs replaced)
Code: 
2023-09-25T08:47:42.750121+02:00 pmg postfix/smtpd[3720433]: connect from blockeddomain.tld[X.X.X.X]
2023-09-25T08:47:42.968264+02:00 pmg postfix/smtpd[3720433]: EC4F8C4C15: client=blockeddomain.tld[X.X.X.X]
2023-09-25T08:47:43.002924+02:00 pmg postfix/cleanup[3720409]: EC4F8C4C15: message-id=<0da551ae-a67e-4be8-9f28-6d45fb222ee6@blockeddomain.tld>
2023-09-25T08:47:43.037878+02:00 pmg postfix/qmgr[944164]: EC4F8C4C15: from=<spamsender@blockeddomain.tld>, size=12612, nrcpt=1 (queue active)
2023-09-25T08:47:43.039441+02:00 pmg postfix/smtpd[3720433]: disconnect from blockeddomain.tld[X.X.X.X] ehlo=2 starttls=1 mail=1 rcpt=1 data=1 quit=1 commands=7
2023-09-25T08:47:43.119514+02:00 pmg pmg-smtp-filter[3719327]: C4E9765112D0F16826: new mail message-id=<0da551ae-a67e-4be8-9f28-6d45fb222ee6@blockeddomain.tld>#012
2023-09-25T08:47:43.575083+02:00 pmg pmg-smtp-filter[3719327]: C4E9765112D0F16826: SA score=0/5 time=0.391 bayes=undefined autolearn=ham autolearn_force=no hits=AWL(0.082),DKIM_SIGNED(0.1),DKIM_VALID(-0.1),DKIM_VALID_AU(-0.1),DKIM_VALID_EF(-0.1),DMARC_PASS(-0.1),SPF_HELO_NONE(0.001),SPF_PASS(-0.001),TVD_SPACE_RATIO(0.001)
2023-09-25T08:47:43.581522+02:00 pmg postfix/smtpd[3720414]: connect from localhost.localdomain[127.0.0.1]
2023-09-25T08:47:43.583348+02:00 pmg postfix/smtpd[3720414]: 8E5F5C66EC: client=localhost.localdomain[127.0.0.1], orig_client=blockeddomain.tld[X.X.X.X]
2023-09-25T08:47:43.584656+02:00 pmg postfix/cleanup[3720409]: 8E5F5C66EC: message-id=<0da551ae-a67e-4be8-9f28-6d45fb222ee6@blockeddomain.tld>
2023-09-25T08:47:43.629971+02:00 pmg postfix/qmgr[944164]: 8E5F5C66EC: from=<spamsender@blockeddomain.tld>, size=13529, nrcpt=1 (queue active)
2023-09-25T08:47:43.633878+02:00 pmg postfix/smtpd[3720414]: disconnect from localhost.localdomain[127.0.0.1] ehlo=1 xforward=1 mail=1 rcpt=1 data=1 commands=5
2023-09-25T08:47:43.635341+02:00 pmg pmg-smtp-filter[3719327]: C4E9765112D0F16826: accept mail to <user@domain.tld> (8E5F5C66EC) (rule: default-accept)
2023-09-25T08:47:43.644207+02:00 pmg pmg-smtp-filter[3719327]: C4E9765112D0F16826: processing time: 0.541 seconds (0.391, 0.057, 0)
2023-09-25T08:47:43.645599+02:00 pmg postfix/lmtp[3720410]: EC4F8C4C15: to=<user@domain.tld>, relay=127.0.0.1[127.0.0.1]:10024, delay=0.7, delays=0.08/0/0.06/0.55, dsn=2.5.0, status=sent (250 2.5.0 OK (C4E9765112D0F16826))
2023-09-25T08:47:43.646790+02:00 pmg postfix/qmgr[944164]: EC4F8C4C15: removed
2023-09-25T08:47:43.757666+02:00 pmg postfix/smtp[3720415]: 8E5F5C66EC: to=<user@domain.tld>, relay=X.X.X.X[X.X.X.X]:25, delay=0.17, delays=0.05/0/0.1/0.03, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as B2F193433E)
2023-09-25T08:47:43.758738+02:00 pmg postfix/qmgr[944164]: 8E5F5C66EC: removed

The screenshot is schematic created for the replaced log file.
 

Attachments

  • Bildschirmfoto 2023-09-25 um 10.13.58.png
    Bildschirmfoto 2023-09-25 um 10.13.58.png
    27.1 KB · Views: 11
I don't understand how User Black/White lists work.

The documentation says:
Every user can add mail addresses to their white- and blacklist. When a user adds a mail address to the whitelist,the result of the spam analysis will be discarded for that recipient.
Click to expand...
By "every user", it means PMG user? Like, Administrator, Help Desk, Quarantine Manager, Auditor? These don't always have email addresses.

It seems there is no way for an Administrator to specify the receiving email address for these User Black/Whitelists except by creating a user for PMG, is that correct?
 
you can simply input the user in the drop down box and create new rules. After the save you can select it in the drop down.
Click to expand...
Ah, okay. Confusing screen, the caption above says:
"With this feature, you can manually mark E-mails from certain domains or addresses as spam."
then lists regexes for incoming E-mails to block, and the dropdown has the title "E-Mail".

One would expect to enter the email address like the examples above, not the destination email.

Thanks for the better description!

I should further note that blocking works on PMG 8.0 for me; here is the mail.log entry for a User Blacklist entry:

Code: 
2023-09-28T08:04:16.273509-07:00 pmg postfix/smtpd[168841]: connect from swaks.sender.domain.com[216.74.32.103]
2023-09-28T08:04:16.509637-07:00 pmg postfix/smtpd[168841]: 7C657C1320: client=swaks.sender.domain.com[216.74.32.103]
2023-09-28T08:04:16.657514-07:00 pmg postfix/cleanup[168845]: 7C657C1320: message-id=<20230928080415.1318073@gloria>
2023-09-28T08:04:16.658064-07:00 pmg postfix/qmgr[79176]: 7C657C1320: from=<test@test.com>, size=422, nrcpt=1 (queue active)
2023-09-28T08:04:16.695974-07:00 pmg pmg-smtp-filter[167466]: 2023/09/28-08:04:16 CONNECT TCP Peer: "[127.0.0.1]:48178" Local: "[127.0.0.1]:10024"
2023-09-28T08:04:16.731684-07:00 pmg postfix/smtpd[168841]: disconnect from swaks.sender.domain.com[216.74.32.103] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5
2023-09-28T08:04:16.745332-07:00 pmg pmg-smtp-filter[167466]: C1325651595F0B56C6: new mail message-id=<20230928080415.1318073@gloria>#012
2023-09-28T08:04:16.760607-07:00 pmg pmg-smtp-filter[167466]: WARNING: ^* matches null string many times in regex; marked by <-- HERE in m/^* <-- HERE vipcapitalfunding.com$/ at /usr/share/perl5/PMG/RuleDB/WhoRegex.pm line 103.
2023-09-28T08:04:16.760695-07:00 pmg pmg-smtp-filter[167466]: WARNING: ^* matches null string many times in regex; marked by <-- HERE in m/^* <-- HERE .shop$/ at /usr/share/perl5/PMG/RuleDB/WhoRegex.pm line 103.
2023-09-28T08:04:16.827933-07:00 pmg pmg-smtp-filter[167466]: C1325651595F0B56C6: SA score=2/5 time=0.066 bayes=undefined autolearn=disabled hits=FSL_HELO_NON_FQDN_1(2.361),HELO_NO_DOMAIN(0.001),KAM_NUMSUBJECT(0.5)
2023-09-28T08:04:16.828555-07:00 pmg pmg-smtp-filter[167466]: C1325651595F0B56C6: sender in user (recipient.address@recipient-domain.com) blocklist
2023-09-28T08:04:16.828643-07:00 pmg pmg-smtp-filter[167466]: C1325651595F0B56C6: sender in user (recipient.address@recipient-domain.com) blocklist
2023-09-28T08:04:16.829384-07:00 pmg pmg-smtp-filter[167466]: C1325651595F0B56C6: block mail to <recipient.address@recipient-domain.com> (rule: Block Spam (Level 7))
2023-09-28T08:04:16.830594-07:00 pmg pmg-smtp-filter[167466]: C1325651595F0B56C6: processing time: 0.086 seconds (0.066, 0.014, 0)
2023-09-28T08:04:16.830869-07:00 pmg postfix/lmtp[168846]: 7C657C1320: to=<recipient.address@recipient-domain.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=0.4, delays=0.23/0.04/0.05/0.09, dsn=2.7.0, status=sent (250 2.7.0 BLOCKED (C1325651595F0B56C6))
2023-09-28T08:04:16.830923-07:00 pmg postfix/qmgr[79176]: 7C657C1320: removed

I note that the score is actually 2 from the scoring engine, but it does show the mail being blocked for matching sender and recipient (and it is in fact blocked).
 
creeble said:
2023-09-28T08:04:16.760607-07:00 pmg pmg-smtp-filter[167466]: WARNING: ^* matches null string many times in regex; marked by <-- HERE in m/^* <-- HERE vipcapitalfunding.com$/ at /usr/share/perl5/PMG/RuleDB/WhoRegex.pm line 103.
Click to expand...
please check your rule-system - it seems some of your Regular expressions are not correct
e.g. '*vicaptialfunding.com' instead of '.*vicapitalfunding.com'....
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back