Spam level 0, quarantine.

Niels

Active Member
Dec 17, 2018
4
0
41
52
Hi All,

Happy new year!
Long-time lurker here, who finally switched to the pmg.
Which is absolutely amazing so far. Though, i have a question which i cant seem to find in the manual and/ or on the forum:

Several emails (mostly newsletters) are moved to the quarantaine, with Sa-score 0.
(And sometimes emails with a negative score are getting moved as well.)
Which is a bit of a puzzle for me, and im trying to understand why they are moved to the quarantaine.
ie. the email below is moved to quarantine.

Any ideas ?

Syslog:
Jan 03 14:48:41 filter pmg-smtp-filter[27112]: reloading configuration Proxmox_ruledb
Jan 03 14:48:41 filter pmg-smtp-filter[27112]: 82149D5C2E12B9C0C15: new mail message-id=<cd060f042e8821dc311fa9b112a0ebe1@swift.generated>
Jan 03 14:48:41 filter postfix/smtpd[30880]: disconnect from smtp001.experience-fidelite.com[178.32.123.50] ehlo=2 starttls=1 mail=1 rcpt=1 data=1 quit=1 commands=7
Jan 03 14:48:42 filter pmg-smtp-filter[27112]: 82149D5C2E12B9C0C15: SA score=0/5 time=1.085 bayes=undefined autolearn=ham autolearn_force=no hits=DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,HTML_FONT_LOW_CONTRAST,HTML_MESSAGE,SPF_HELO_PASS,SPF_PASS,T_KAM_HTML_FONT_INVALID
Jan 03 14:48:42 filter pmg-smtp-filter[27112]: 82149D5C2E12B9C0C15: moved mail for <user@email.com> to spam quarantine - 8214C75C2E12BAE761C
Jan 03 14:48:42 filter pmg-smtp-filter[27112]: 82149D5C2E12B9C0C15: processing time: 1.167 seconds (1.085, 0.046)
Jan 03 14:48:42 filter postfix/lmtp[30886]: A3DF88213E8: to=<user@email.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=1.3, delays=0.06/0/0.08/1.2, dsn=2.5.0, status=sent (250 2.5.0 OK (82149D5C2E12B9C0C15))
Jan 03 14:48:42 filter postfix/qmgr[14417]: A3DF88213E8: removed

Spam-report:
X-SPAM-LEVEL: Spam detection results: 0
DKIM_SIGNED 0.1 Message has a DKIM or DK signature, not necessarily valid
DKIM_VALID -0.1 Message has at least one valid DKIM or DK signature
DKIM_VALID_AU -0.1 Message has a valid DKIM or DK signature from author's domain
HEADER_FROM_DIFFERENT_DOMAINS 0.001 From and EnvelopeFrom 2nd level mail domains are different
HTML_FONT_LOW_CONTRAST 0.001 HTML font color similar or identical to background
HTML_MESSAGE 0.001 HTML included in message
SPF_HELO_PASS -0.001 SPF: HELO matches SPF record
SPF_PASS -0.001 SPF: sender matches SPF record
T_KAM_HTML_FONT_INVALID 0.01 Test for Invalidly Named or Formatted Colors in HTML
 
Hello,

and I need to move those bulletins to quarantine.

Do you know how to do that? How is your Spam Detector setup?

And about your doubt, I believe it is related to the Mail Filter, do you have any rules for Spam Level 0?
 
Well, thank you so much for the reply.
I tried playing around with a special level 0 spam rule, but without any succes.
Attached is my mail rule setup, which is pretty straight forward.
Still looking for some advice ?
 

Attachments

  • Screenshot 2019-01-04 at 11.06.24.png
    Screenshot 2019-01-04 at 11.06.24.png
    138 KB · Views: 45
Seems you totally mixed up your rules (your screenshot does not show the details)

Do a reset and start again, or provide all details of your rules.
 
Hi all,

I do have same behavior on two independent proxmail mail gateway servers.

Emails with spamscore of 0 or less are moved to users quarantine.

upload_2019-1-24_16-31-18.png

QENTRY: BD78C1A153E
CTIME: 5C49CDF5
SIZE: 167708
CLIENT: proxmox.mail.gateway[x.x.x.x]
MSGID: <acf53ba068a54863a231b3ae1587ce9d@sdemuca04641.de001.itgr.net>
TO:5C49CDF5:BD78C1A153E:Q: from <SENDER@DOMAIN> to <RECIPIENT@DOMAIN> (1A15415C49BFE53699C)
SMTP:
L00001994 Jan 24 14:38:42 proxmox postfix/smtpd[1957]: connect from proxmox.mail.gateway[]
L00001995 Jan 24 14:38:42 proxmox postfix/smtpd[1957]: BD78C1A153E: client=proxmox.mail.gateway[x.x.x.x]
L00001998 Jan 24 14:38:42 proxmox postfix/smtpd[1957]: disconnect from proxmox.mail.gateway[x.x.x.x] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5
FILTER: 1A153F5C49BFE2D4FF6
L0000199A Jan 24 14:38:42 proxmox pmg-smtp-filter[1126]: 1A153F5C49BFE2D4FF6: new mail message-id=<acf53ba068a54863a231b3ae1587ce9d@sdemuca04641.de001.itgr.net>
L0000199B Jan 24 14:38:45 proxmox pmg-smtp-filter[1126]: 1A153F5C49BFE2D4FF6: SA score=0/5 time=1.507 bayes=1.66533453693773e-16 autolearn=no autolearn_force=no hits=BAYES_00,HTML_MESSAGE,RCVD_IN_DNSWL_LOW,SPF_HELO_PASS,SPF_SOFTFAIL,T_FILL_THIS_FORM_SHORT
L0000199C Jan 24 14:38:45 proxmox pmg-smtp-filter[1126]: 1A153F5C49BFE2D4FF6: moved mail for <RECIPIENT@DOMAIN> to spam quarantine - 1A15415C49BFE53699C
L0000199D Jan 24 14:38:45 proxmox pmg-smtp-filter[1126]: 1A153F5C49BFE2D4FF6: processing time: 2.352 seconds (1.507, 0.773)
QMGR:
L00001996 Jan 24 14:38:42 proxmox postfix/cleanup[1961]: BD78C1A153E: message-id=<acf53ba068a54863a231b3ae1587ce9d@sdemuca04641.de001.itgr.net>
L00001997 Jan 24 14:38:42 proxmox postfix/qmgr[2663]: BD78C1A153E: from=<SENDER@DOMAIN>, size=167708, nrcpt=1 (queue active)
L0000199E Jan 24 14:38:45 proxmox postfix/lmtp[1962]: BD78C1A153E: to=<RECIPIENT@DOMAIN>, relay=127.0.0.1[127.0.0.1]:10024, delay=2.5, delays=0.04/0.01/0.06/2.4, dsn=2.5.0, status=sent (250 2.5.0 OK (1A153F5C49BFE2D4FF6))
L0000199F Jan 24 14:38:45 proxmox postfix/qmgr[2663]: BD78C1A153E: removed

Filter rules are very simple.

upload_2019-1-24_16-33-46.png

upload_2019-1-24_16-34-18.png
upload_2019-1-24_16-33-58.png

Are there any new infos on this?
Any help is appreciated.
 
Without full access to your rule set objects its impossible to tell you where the error is located.
 
Well actually there is. Like what @tom said, i somehow must have screwed up my rules.
I still have no clue in what i had screwed up, but i did a factory reset of my rules and everything started working again.
Thanks!
 
Without full access to your rule set objects its impossible to tell you where the error is located.
Hi Tom,

many thanks for your fast reply. What exactly do you need? Is it possible to export the rule set and send it to you?
 
Hi Tom,

many thanks for your fast reply. What exactly do you need? Is it possible to export the rule set and send it to you?

You need to check the details of every involved object. You just sent some screenshots, not all.

Our enterprise support team can to a check for you, just submit your backup to a support ticket via https://my.proxmox.com
But of course, you need a valid support subscription with support ticket support for this.
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!