[SOLVED] Quarentine per domain

K

kleber.unixer

Member
Proxmox Subscriber
Aug 3, 2020
11
1
8
47
I intend to redirect SPAM LEVEL 3 AND SPAM LEVEL 5 to the domain's quarantine box inside my e-mail server.
I made the squinte form:

1) Created a quarantine account on my email server called quarantine@domain1.com with all the features of a standard quarantine account (retention, spam bypass, etc.);
2) I created an Action Object called Quantine Domain 1 with send bcc to: quarantine@domain1.com;
3) In Mail Filter I created Quarantine / Mark Spam (Level 3) Domain 1 with
"Action Objects" (Modify Spam Subject, Quantine Domain 1), "TO" domain1.com (Who Object), Spam Level 3 (What Object);
4) In Mail Filter I created Quarantine / Mark Spam (Level 5) Domain 1 with
"Action Objects" (Modify Spam Subject, Quantine Domain 1), "TO" domain1.com (Who Object), Spam Level 5 (What Object).

It worked but with an unpleasant side effect:
Upon receiving a level 5 spam Proxmox makes two BCC:

Aug 17 16:51:25 pmg-smtp-filter [60028]: 413335F3ADFB93E4BB: bcc to <quarantine@domain1.com> (rule: Quarantine / Mark Spam (Level 10) DOMAIN1, B62364134F)
Aug 17 16:51:25 %% # $ # $ #% #% pmg-smtp-filter [60028]: 413335F3ADFB93E4BB: bcc to <quarantine@domain1.com> (rule: Quarantine / Mark Spam (Level 5) DOMAIN1, B910241359)
Aug 17 16:51:25 %% # $ # $ #% #% pmg-smtp-filter [60028]: 413335F3ADFB93E4BB: bcc to <quarantine@domain1.com> (rule: Quarantine / Mark Spam (Level 3) DOMAIN1, BCA4A4135A)

Does anyone have any ideas?
 
Not quite sure I understand your setup and rules completely - could you share a (redacted) output of `pmgdb dump`?
also -
kleber.unixer said:
%% # $ # $ #% #% pmg-smtp-filter
Click to expand...
this seems odd - is this an artifact of pasting?!

EDIT: Additionally - I moved the thread from Proxmox VE Installation forum to the Proxmox Mailgateway Installation forum.
 
Good morning Stoiko.
Thank you very much for answering me.
I edited the name of my gateway when pasting this log for security reasons. But I can place the full log if you think it is necessary.
What is happening is that the message is being forwarded twice, a copy to SPAM LEVAL 3 and once to SPAM LEVEL 5. But it is the same message.
I'm not sure how to do a pmgdb dump. I attached the output of this command to a txt.
Please Stoiko, can you check if this is what you asked of me?
Thanks a lot for the help.
 

Attachments

kleber.unixer said:
can you check if this is what you asked of me?
Click to expand...
yes that was what I asked for - and it does provide the answer:
Found RULE 45 (prio: 91, in, active): Quarantine/Mark Spam (Level 5) domain2
FOUND TO GROUP 78: domain2.com
OBJECT 137: domain2.com
FOUND WHAT GROUP 63: Spam (Level 5)
OBJECT 113: Level 5
FOUND ACTION GROUP 79: Quarantine domain2
OBJECT 136: send bcc to: quarantine@domain2.com
FOUND ACTION GROUP 66: Modify Spam Subject
OBJECT 116: modify field: subject:SPAM: __SUBJECT__
...snip...
Found RULE 44 (prio: 90, in, active): Quarantine/Mark Spam (Level 3) domain2
FOUND TO GROUP 78: domain2.com
OBJECT 137: domain2.com
FOUND WHAT GROUP 62: Spam (Level 3)
OBJECT 112: Level 3
FOUND ACTION GROUP 79: Quarantine domain2
OBJECT 136: send bcc to: quarantine@domain2.com
FOUND ACTION GROUP 66: Modify Spam Subject
OBJECT 116: modify field: subject:SPAM: __SUBJECT__
Found RULE 34 (prio: 90, in, active): Modify Header
FOUND ACTION GROUP 65: Modify Spam Level
OBJECT 115: modify field: X-SPAM-LEVEL:__SPAM_INFO__
Click to expand...

These 2 rules cause the 2 bcc-mails to quarantine@domain2.com
(the bcc action is nothing which terminates further processing - only Block, Quarantine and Accept do)

depending on whether you want copies of all mails with a score greater then 3 or 5 remove the bcc-action on the other rule (a mail with score 5 will also trigger a What Object matching spam level 3)


one further odd thing:
Found RULE 48 (prio: 90, in, active): Quarantine/Mark Spam domain1
FOUND TO GROUP 81: domain1.com
OBJECT 139: domain1.com
FOUND WHAT GROUP 62: Spam (Level 3)
OBJECT 112: Level 3
FOUND WHAT GROUP 63: Spam (Level 5)
OBJECT 113: Level 5
FOUND WHAT GROUP 64: Spam (Level 10)
OBJECT 114: Level 10
FOUND ACTION GROUP 80: Quarantine domain1
OBJECT 138: send bcc to: quarantine@domain1.com
FOUND ACTION GROUP 66: Modify Spam Subject
OBJECT 116: modify field: subject:SPAM: __SUBJECT__
Click to expand...

You have set 3 what objects matching spam (level 3,5 and 10) - this makes no sense since the object matching spam level 3 also matches everything above 3 - you can get rid of the 2 what object matching level 5 and level 10



I hope this helps!
 
  • Like
Reactions: kleber.unixer
Glad that worked :)
please mark the thread as 'SOLVED' - Thanks!
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom