[SOLVED] Spam detect with Regex in subject

Netzblicker

Member
Mar 13, 2022
48
4
13
59
Regensburg, Germany
Hello,
I'm quite new with PMG and have one (for me) important question and cannot find the solution. I want to mark a mail as Spam in which the subject is "Schnell Abnehmen". Tried a few things but nothing worked. I think I have to go to the "What Objects", create a new object and add a match field like
field: subject=(?i)(\W|^)(Schnell Abnehmen)(\W|$)
value: subject=(?i)(\W|^)(Schnell Abnehmen)(\W|$)
but I get a error.
Any help would be great.
 
I think yes: i go to "What Object", make a new rule with name "Schnell Abnehmen" and then I want to create a new object "Match Field" - but what is the right entry for "Field" and "Value" ?
 
Ok, next step: I make a few "What objects" with different Match Fields, for example this:
subject=(?i)(\W|^)(Fettverbrenner)(\W|$)
I add this to the default Rule in Mail Filter "Quarantine/Mark Spam (Level 3)".
The Tracking Center shows this line:
Mar 14 17:43:31 pmg pmg-smtp-filter[129912]: 1BE1198622F70B2324C8: accept mail to <erich@blabla.de> (EC2E61BE11A0) (rule: default-accept)
Mar 14 17:43:31 pmg pmg-smtp-filter[129912]: 1BE1198622F70B2324C8: processing time: 1.775 seconds (1.733, 0.017, 0)

What is wrong in my system? The Email with the subject "Fettverbrenner" should go in quarantine..
 
Show the email in raw format.
The what object rule work for me.

Code:
Delivered-To: recipient@mydomain.com
Return-Path: sender@gmail.com
Received-SPF: pass (gmail.com ... _spf.google.com: Sender is authorized to use 'sender@gmail.com' in 'mfrom' identity (mechanism 'include:_netblocks.google.com' matched)) receiver=pmg.mydomain.com; identity=mailfrom; envelope-from="sender@gmail.com"; helo=mail-ej1-f52.google.com; client-ip=209.85.218.52
Received: from mail-ej1-f52.google.com (mail-ej1-f52.google.com [209.85.218.52])
    by pmg.mydomain.com (Proxmox) with ESMTP
    for <recipient@mydomain.com>; Tue, 15 Mar 2022 11:35:03 +0800 (+08)
Received: by mail-ej1-f52.google.com with SMTP id p15so38387171ejc.7
        for <recipient@mydomain.com>; Mon, 14 Mar 2022 20:35:03 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20210112;
        h=mime-version:from:date:message-id:subject:to;
        bh=vonNCGwcrabTa3Qspzl9wya9ZitXm9iPTW8ieSK0Sw4=;
        b=YL6OjXwMA3YXOKd4UUrszzuIa+9czpk3YlY+WqKpKuSQ2gaqnyyfO4GFB9DQd3KvqJ
         TnTbaX+86bgBZA7CiMdYie9ysQ9hqeWZD/GrV5M2Nl5434PQkIanDVDU97htZ2zRsJxK
         u3h339gRnR2qbOyssmhUrIz0WFBrYNTRPHlT79itTL1X5yaV5YKuNaOWUs0Vo73StXur
         i55HZCGKU8Al/xCaqIpzfMRZWevS4FUqSBqWbBWNPRkC51z90YRAbOnEU3ufA1y/Hc/H
         lVv6dRJEqqdmgnUgAFq0KFkQ73zvKGEv94bB3yYn1H+HW4FUyZxaRHScS5JAACMzg65Q
         vhng==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:mime-version:from:date:message-id:subject:to;
        bh=vonNCGwcrabTa3Qspzl9wya9ZitXm9iPTW8ieSK0Sw4=;
        b=nKrx9fPhAsioonylgO5dOD8jEAP/zfZaH4cMdm6Y9Fmfde2F721mlawiad1oX80mHM
         ILF37IzGqoUrTuxuxhuqSwjHe7UHdJSZ4fxm/r8sjIH2AlO75XUQGy1tCNMPk5FqLXWu
         2iQ3Rw1SdWahCT2/2tH3Wwy0vCFLKZ3l74waYaSUB9F1cdh1k7O5F+gdMui2gRUOpc73
         VgGlR2L6Mup7IWfmVbQw4Si5pd1syB4tCTufzunkro2SgLR80SNnQs4FvuYKuN5tzby8
         HLxmUTewVvZQrCBTzEEsAxbNBkcMxwPlCBZADn7tPz+SCPY+fem3k2PQ/y1NI//tqtIo
         jLsA==
X-Gm-Message-State: AOAM530uJ6POiU6oDrJyw8NkUS+vd4RMZhn1KP7P+EXioaXI3arQkdXa
    H1eP6wt9SCykbZX0mVUDJOXiT6wtRRaMhr6+8XQIYB+n
X-Google-Smtp-Source: ABdhPJxY++YL5kbYkCjuMYczTkby7ZfVGWGrqKN058rgWAZR8f2Z7nIZkIZhcS9CgHZap/jMKD7uAUdOS7OwhK9NGbU=
X-Received: by 2002:a17:907:d8c:b0:6db:d2a6:9b2c with SMTP id
 go12-20020a1709070d8c00b006dbd2a69b2cmr6809394ejc.731.1647315292114; Mon, 14
 Mar 2022 20:34:52 -0700 (PDT)
MIME-Version: 1.0
From: sender <sender@gmail.com>
Date: Tue, 15 Mar 2022 11:34:40 +0800
Message-ID: <CAKETK8H9uw8obY7KRw8V6c4vmYD5QUETSOQ4cwVMHPO38t6LcQ@mail.gmail.com>
Subject: no fettverbrenner
To: "recipient" <recipient@mydomain.com>
Content-Type: multipart/alternative; boundary="000000000000d1d32c05da397a91"
X-SPAM-LEVEL: Spam detection results:  0
    AWL                     1.179 Adjusted score from AWL reputation of From: address
    BAYES_00                 -1.9 Bayes spam probability is 0 to 1%
    DKIM_SIGNED               0.1 Message has a DKIM or DK signature, not necessarily valid
    DKIM_VALID               -0.1 Message has at least one valid DKIM or DK signature
    DKIM_VALID_AU            -0.1 Message has a valid DKIM or DK signature from author's domain
    DKIM_VALID_EF            -0.1 Message has a valid DKIM or DK signature from envelope-from domain
    FREEMAIL_FROM           0.001 Sender email is commonly abused enduser mail provider
    HTML_MESSAGE            0.001 HTML included in message
    RCVD_IN_DNSWL_NONE     -0.0001 Sender listed at https://www.dnswl.org/, no trust
    RCVD_IN_MSPIKE_H3       0.001 Good reputation (+3)
    RCVD_IN_MSPIKE_WL       0.001 Mailspike good senders
    SPF_PASS               -0.001 SPF: sender matches SPF record
    TVD_SPACE_RATIO         0.001 -
    T_SCC_BODY_TEXT_LINE    -0.01 -
    T_SPF_HELO_TEMPERROR     0.01 SPF: test of HELO record failed (temperror)


--000000000000d1d32c05da397a91
Content-Type: text/plain; charset="UTF-8"

testing

--000000000000d1d32c05da397a91
Content-Type: text/html; charset="UTF-8"

<div dir="ltr">testing<br></div>

--000000000000d1d32c05da397a91--

Code:
Mar 15 11:35:03 pmg postfix/smtpd[43531]: connect from mail-ej1-f52.google.com[209.85.218.52]
Mar 15 11:35:04 pmg postfix/smtpd[43531]: NOQUEUE: client=mail-ej1-f52.google.com[209.85.218.52]
Mar 15 11:35:04 pmg pmg-smtp-filter[43551]: 4103362300968CEE3C: new mail message-id=<CAKETK8H9uw8obY7KRw8V6c4vmYD5QUETSOQ4cwVMHPO38t6LcQ@mail.gmail.com>#012
Mar 15 11:35:11 pmg pmg-smtp-filter[43551]: 4103362300968CEE3C: SA score=0/5 time=6.509 bayes=0.00 autolearn=ham autolearn_force=no hits=AWL(1.179),BAYES_00(-1.9),DKIM_SIGNED(0.1),DKIM_VALID(-0.1),DKIM_VALID_AU(-0.1),DKIM_VALID_EF(-0.1),FREEMAIL_FROM(0.001),HTML_MESSAGE(0.001),RCVD_IN_DNSWL_NONE(-0.0001),RCVD_IN_MSPIKE_H3(0.001),RCVD_IN_MSPIKE_WL(0.001),SPF_PASS(-0.001),TVD_SPACE_RATIO(0.001),T_SCC_BODY_TEXT_LINE(-0.01),T_SPF_HELO_TEMPERROR(0.01)
Mar 15 11:35:11 pmg pmg-smtp-filter[43551]: 4103362300968CEE3C: notify <recipient@mydomain.com> (rule: Quarantine bad mail subject, 60E2A41079)
Mar 15 11:35:11 pmg pmg-smtp-filter[43551]: 4103362300968CEE3C: moved mail for <recipient@mydomain.com> to spam quarantine - 4107B6230096F62A26 (rule: Quarantine bad mail subject)
Mar 15 11:35:11 pmg pmg-smtp-filter[43551]: 4103362300968CEE3C: processing time: 6.559 seconds (6.509, 0.019, 0)
Mar 15 11:35:11 pmg postfix/smtpd[43531]: proxy-accept: END-OF-MESSAGE: 250 2.5.0 OK (4103362300968CEE3C); from=<sender@gmail.com> to=<recipient@mydomain.com> proto=ESMTP helo=<mail-ej1-f52.google.com>
Mar 15 11:35:11 pmg postfix/smtpd[43531]: disconnect from mail-ej1-f52.google.com[209.85.218.52] ehlo=1 mail=1 rcpt=1 bdat=1 quit=1 commands=5
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!