Spam level 0, quarantine.

Discussion in 'Mail Gateway: Installation and configuration' started by Niels, Jan 3, 2019.

  1. Niels

    Niels New Member

    Joined:
    Dec 17, 2018
    Messages:
    4
    Likes Received:
    0
    Hi All,

    Happy new year!
    Long-time lurker here, who finally switched to the pmg.
    Which is absolutely amazing so far. Though, i have a question which i cant seem to find in the manual and/ or on the forum:

    Several emails (mostly newsletters) are moved to the quarantaine, with Sa-score 0.
    (And sometimes emails with a negative score are getting moved as well.)
    Which is a bit of a puzzle for me, and im trying to understand why they are moved to the quarantaine.
    ie. the email below is moved to quarantine.

    Any ideas ?

    Syslog:
    Jan 03 14:48:41 filter pmg-smtp-filter[27112]: reloading configuration Proxmox_ruledb
    Jan 03 14:48:41 filter pmg-smtp-filter[27112]: 82149D5C2E12B9C0C15: new mail message-id=<cd060f042e8821dc311fa9b112a0ebe1@swift.generated>
    Jan 03 14:48:41 filter postfix/smtpd[30880]: disconnect from smtp001.experience-fidelite.com[178.32.123.50] ehlo=2 starttls=1 mail=1 rcpt=1 data=1 quit=1 commands=7
    Jan 03 14:48:42 filter pmg-smtp-filter[27112]: 82149D5C2E12B9C0C15: SA score=0/5 time=1.085 bayes=undefined autolearn=ham autolearn_force=no hits=DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,HTML_FONT_LOW_CONTRAST,HTML_MESSAGE,SPF_HELO_PASS,SPF_PASS,T_KAM_HTML_FONT_INVALID
    Jan 03 14:48:42 filter pmg-smtp-filter[27112]: 82149D5C2E12B9C0C15: moved mail for <user@email.com> to spam quarantine - 8214C75C2E12BAE761C
    Jan 03 14:48:42 filter pmg-smtp-filter[27112]: 82149D5C2E12B9C0C15: processing time: 1.167 seconds (1.085, 0.046)
    Jan 03 14:48:42 filter postfix/lmtp[30886]: A3DF88213E8: to=<user@email.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=1.3, delays=0.06/0/0.08/1.2, dsn=2.5.0, status=sent (250 2.5.0 OK (82149D5C2E12B9C0C15))
    Jan 03 14:48:42 filter postfix/qmgr[14417]: A3DF88213E8: removed

    Spam-report:
    X-SPAM-LEVEL: Spam detection results: 0
    DKIM_SIGNED 0.1 Message has a DKIM or DK signature, not necessarily valid
    DKIM_VALID -0.1 Message has at least one valid DKIM or DK signature
    DKIM_VALID_AU -0.1 Message has a valid DKIM or DK signature from author's domain
    HEADER_FROM_DIFFERENT_DOMAINS 0.001 From and EnvelopeFrom 2nd level mail domains are different
    HTML_FONT_LOW_CONTRAST 0.001 HTML font color similar or identical to background
    HTML_MESSAGE 0.001 HTML included in message
    SPF_HELO_PASS -0.001 SPF: HELO matches SPF record
    SPF_PASS -0.001 SPF: sender matches SPF record
    T_KAM_HTML_FONT_INVALID 0.01 Test for Invalidly Named or Formatted Colors in HTML
     
  2. Andre Scrivener

    Andre Scrivener New Member

    Joined:
    Dec 27, 2018
    Messages:
    7
    Likes Received:
    1
    Hello,

    and I need to move those bulletins to quarantine.

    Do you know how to do that? How is your Spam Detector setup?

    And about your doubt, I believe it is related to the Mail Filter, do you have any rules for Spam Level 0?
     
  3. Niels

    Niels New Member

    Joined:
    Dec 17, 2018
    Messages:
    4
    Likes Received:
    0
    Well, thank you so much for the reply.
    I tried playing around with a special level 0 spam rule, but without any succes.
    Attached is my mail rule setup, which is pretty straight forward.
    Still looking for some advice ?
     

    Attached Files:

  4. Niels

    Niels New Member

    Joined:
    Dec 17, 2018
    Messages:
    4
    Likes Received:
    0
  5. tom

    tom Proxmox Staff Member
    Staff Member

    Joined:
    Aug 29, 2006
    Messages:
    13,338
    Likes Received:
    376
    Seems you totally mixed up your rules (your screenshot does not show the details)

    Do a reset and start again, or provide all details of your rules.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  6. MarkusM

    MarkusM New Member

    Joined:
    Jan 24, 2019
    Messages:
    2
    Likes Received:
    0
    Hi all,

    I do have same behavior on two independent proxmail mail gateway servers.

    Emails with spamscore of 0 or less are moved to users quarantine.

    upload_2019-1-24_16-31-18.png

    QENTRY: BD78C1A153E
    CTIME: 5C49CDF5
    SIZE: 167708
    CLIENT: proxmox.mail.gateway[x.x.x.x]
    MSGID: <acf53ba068a54863a231b3ae1587ce9d@sdemuca04641.de001.itgr.net>
    TO:5C49CDF5:BD78C1A153E:Q: from <SENDER@DOMAIN> to <RECIPIENT@DOMAIN> (1A15415C49BFE53699C)
    SMTP:
    L00001994 Jan 24 14:38:42 proxmox postfix/smtpd[1957]: connect from proxmox.mail.gateway[]
    L00001995 Jan 24 14:38:42 proxmox postfix/smtpd[1957]: BD78C1A153E: client=proxmox.mail.gateway[x.x.x.x]
    L00001998 Jan 24 14:38:42 proxmox postfix/smtpd[1957]: disconnect from proxmox.mail.gateway[x.x.x.x] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5
    FILTER: 1A153F5C49BFE2D4FF6
    L0000199A Jan 24 14:38:42 proxmox pmg-smtp-filter[1126]: 1A153F5C49BFE2D4FF6: new mail message-id=<acf53ba068a54863a231b3ae1587ce9d@sdemuca04641.de001.itgr.net>
    L0000199B Jan 24 14:38:45 proxmox pmg-smtp-filter[1126]: 1A153F5C49BFE2D4FF6: SA score=0/5 time=1.507 bayes=1.66533453693773e-16 autolearn=no autolearn_force=no hits=BAYES_00,HTML_MESSAGE,RCVD_IN_DNSWL_LOW,SPF_HELO_PASS,SPF_SOFTFAIL,T_FILL_THIS_FORM_SHORT
    L0000199C Jan 24 14:38:45 proxmox pmg-smtp-filter[1126]: 1A153F5C49BFE2D4FF6: moved mail for <RECIPIENT@DOMAIN> to spam quarantine - 1A15415C49BFE53699C
    L0000199D Jan 24 14:38:45 proxmox pmg-smtp-filter[1126]: 1A153F5C49BFE2D4FF6: processing time: 2.352 seconds (1.507, 0.773)
    QMGR:
    L00001996 Jan 24 14:38:42 proxmox postfix/cleanup[1961]: BD78C1A153E: message-id=<acf53ba068a54863a231b3ae1587ce9d@sdemuca04641.de001.itgr.net>
    L00001997 Jan 24 14:38:42 proxmox postfix/qmgr[2663]: BD78C1A153E: from=<SENDER@DOMAIN>, size=167708, nrcpt=1 (queue active)
    L0000199E Jan 24 14:38:45 proxmox postfix/lmtp[1962]: BD78C1A153E: to=<RECIPIENT@DOMAIN>, relay=127.0.0.1[127.0.0.1]:10024, delay=2.5, delays=0.04/0.01/0.06/2.4, dsn=2.5.0, status=sent (250 2.5.0 OK (1A153F5C49BFE2D4FF6))
    L0000199F Jan 24 14:38:45 proxmox postfix/qmgr[2663]: BD78C1A153E: removed

    Filter rules are very simple.

    upload_2019-1-24_16-33-46.png

    upload_2019-1-24_16-34-18.png
    upload_2019-1-24_16-33-58.png

    Are there any new infos on this?
    Any help is appreciated.
     
  7. tom

    tom Proxmox Staff Member
    Staff Member

    Joined:
    Aug 29, 2006
    Messages:
    13,338
    Likes Received:
    376
    Without full access to your rule set objects its impossible to tell you where the error is located.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  8. Niels

    Niels New Member

    Joined:
    Dec 17, 2018
    Messages:
    4
    Likes Received:
    0
    Well actually there is. Like what @tom said, i somehow must have screwed up my rules.
    I still have no clue in what i had screwed up, but i did a factory reset of my rules and everything started working again.
    Thanks!
     
  9. MarkusM

    MarkusM New Member

    Joined:
    Jan 24, 2019
    Messages:
    2
    Likes Received:
    0
    Hi Tom,

    many thanks for your fast reply. What exactly do you need? Is it possible to export the rule set and send it to you?
     
  10. tom

    tom Proxmox Staff Member
    Staff Member

    Joined:
    Aug 29, 2006
    Messages:
    13,338
    Likes Received:
    376
    You need to check the details of every involved object. You just sent some screenshots, not all.

    Our enterprise support team can to a check for you, just submit your backup to a support ticket via https://my.proxmox.com
    But of course, you need a valid support subscription with support ticket support for this.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice