[SOLVED] Quarentine per domain

[kleber.unixer]

I intend to redirect SPAM LEVEL 3 AND SPAM LEVEL 5 to the domain's quarantine box inside my e-mail server.
I made the squinte form:

1) Created a quarantine account on my email server called quarantine@domain1.com with all the features of a standard quarantine account (retention, spam bypass, etc.);
2) I created an Action Object called Quantine Domain 1 with send bcc to: quarantine@domain1.com;
3) In Mail Filter I created Quarantine / Mark Spam (Level 3) Domain 1 with
"Action Objects" (Modify Spam Subject, Quantine Domain 1), "TO" domain1.com (Who Object), Spam Level 3 (What Object);
4) In Mail Filter I created Quarantine / Mark Spam (Level 5) Domain 1 with
"Action Objects" (Modify Spam Subject, Quantine Domain 1), "TO" domain1.com (Who Object), Spam Level 5 (What Object).

It worked but with an unpleasant side effect:
Upon receiving a level 5 spam Proxmox makes two BCC:

Aug 17 16:51:25 pmg-smtp-filter [60028]: 413335F3ADFB93E4BB: bcc to <quarantine@domain1.com> (rule: Quarantine / Mark Spam (Level 10) DOMAIN1, B62364134F)
Aug 17 16:51:25 %% # $ # $ #% #% pmg-smtp-filter [60028]: 413335F3ADFB93E4BB: bcc to <quarantine@domain1.com> (rule: Quarantine / Mark Spam (Level 5) DOMAIN1, B910241359)
Aug 17 16:51:25 %% # $ # $ #% #% pmg-smtp-filter [60028]: 413335F3ADFB93E4BB: bcc to <quarantine@domain1.com> (rule: Quarantine / Mark Spam (Level 3) DOMAIN1, BCA4A4135A)

Does anyone have any ideas?

 

[Stoiko Ivanov]

Not quite sure I understand your setup and rules completely - could you share a (redacted) output of `pmgdb dump`?
also -

%% # $ # $ #% #% pmg-smtp-filter

this seems odd - is this an artifact of pasting?!

EDIT: Additionally - I moved the thread from Proxmox VE Installation forum to the Proxmox Mailgateway Installation forum.

 

[kleber.unixer]

Good morning Stoiko.
Thank you very much for answering me.
I edited the name of my gateway when pasting this log for security reasons. But I can place the full log if you think it is necessary.
What is happening is that the message is being forwarded twice, a copy to SPAM LEVAL 3 and once to SPAM LEVEL 5. But it is the same message.
I'm not sure how to do a pmgdb dump. I attached the output of this command to a txt.
Please Stoiko, can you check if this is what you asked of me?
Thanks a lot for the help.

 

[Stoiko Ivanov]

can you check if this is what you asked of me?

yes that was what I asked for - and it does provide the answer:

Found RULE 45 (prio: 91, in, active): Quarantine/Mark Spam (Level 5) domain2
FOUND TO GROUP 78: domain2.com
OBJECT 137: domain2.com
FOUND WHAT GROUP 63: Spam (Level 5)
OBJECT 113: Level 5
FOUND ACTION GROUP 79: Quarantine domain2
OBJECT 136: send bcc to: quarantine@domain2.com
FOUND ACTION GROUP 66: Modify Spam Subject
OBJECT 116: modify field: subject:SPAM: __SUBJECT__
...snip...
Found RULE 44 (prio: 90, in, active): Quarantine/Mark Spam (Level 3) domain2
FOUND TO GROUP 78: domain2.com
OBJECT 137: domain2.com
FOUND WHAT GROUP 62: Spam (Level 3)
OBJECT 112: Level 3
FOUND ACTION GROUP 79: Quarantine domain2
OBJECT 136: send bcc to: quarantine@domain2.com
FOUND ACTION GROUP 66: Modify Spam Subject
OBJECT 116: modify field: subject:SPAM: __SUBJECT__
Found RULE 34 (prio: 90, in, active): Modify Header
FOUND ACTION GROUP 65: Modify Spam Level
OBJECT 115: modify field: X-SPAM-LEVEL:__SPAM_INFO__

These 2 rules cause the 2 bcc-mails to quarantine@domain2.com
(the bcc action is nothing which terminates further processing - only Block, Quarantine and Accept do)

depending on whether you want copies of all mails with a score greater then 3 or 5 remove the bcc-action on the other rule (a mail with score 5 will also trigger a What Object matching spam level 3)


one further odd thing:

Found RULE 48 (prio: 90, in, active): Quarantine/Mark Spam domain1
FOUND TO GROUP 81: domain1.com
OBJECT 139: domain1.com
FOUND WHAT GROUP 62: Spam (Level 3)
OBJECT 112: Level 3
FOUND WHAT GROUP 63: Spam (Level 5)
OBJECT 113: Level 5
FOUND WHAT GROUP 64: Spam (Level 10)
OBJECT 114: Level 10
FOUND ACTION GROUP 80: Quarantine domain1
OBJECT 138: send bcc to: quarantine@domain1.com
FOUND ACTION GROUP 66: Modify Spam Subject
OBJECT 116: modify field: subject:SPAM: __SUBJECT__

You have set 3 what objects matching spam (level 3,5 and 10) - this makes no sense since the object matching spam level 3 also matches everything above 3 - you can get rid of the 2 what object matching level 5 and level 10



I hope this helps!

 

[kleber.unixer]

This worked perfectly.
Thank you very much Stoiko.

 

[Stoiko Ivanov]

Glad that worked
please mark the thread as 'SOLVED' - Thanks!