Hi,
We've been using Proxmox for number of years and always been happy with spam catching rates. Very rarely we've seen spam slip through or legitimate email getting accidentally quarantined. Over last couple of months though things got worse and our power users get more spam slip through than before. Here is one example:
[FONT="]Apr 21 09:43:53[/FONT]
[FONT="]smtpd[/FONT]
[FONT="]connect from unknown[74.50.95.17][/FONT]
[FONT="]Apr 21 09:43:54[/FONT]
[FONT="]smtpd[/FONT]
[FONT="]89A481F8E56: client=unknown[74.50.95.17][/FONT]
[FONT="]Apr 21 09:43:55[/FONT]
[FONT="]proxprox[/FONT]
[FONT="]1F8F884BCE3C3B1DAAC: new mail
message-id=<2efe26c843c4e6d69f4a287904e63956@bluespan.pt> [/FONT]
[FONT="]Apr 21 09:43:55[/FONT]
[FONT="]cleanup[/FONT]
[FONT="]89A481F8E56: message-id=<2efe26c843c4e6d69f4a287904e63956@bluespan.pt>[/FONT]
[FONT="]Apr 21 09:43:55[/FONT]
[FONT="]qmgr[/FONT]
[FONT="]89A481F8E56: from=<orcascandy@bluespan.pt>, size=7048, nrcpt=1 (queue active)[/FONT]
[FONT="]Apr 21 09:43:57[/FONT]
[FONT="]smtpd[/FONT]
[FONT="]disconnect from unknown[74.50.95.17][/FONT]
[FONT="]Apr 21 09:43:58[/FONT]
[FONT="]proxprox[/FONT]
[FONT="]1F8F884BCE3C3B1DAAC: SA score=4/5 time=2.804 bayes=0.500214262838918
autolearn=no hits=BAYES_50,DRUGS_ERECTILE,FB_CIALIS_LEO3,HTML_MESSAGE
MIME_HTML_MOSTLY,RAZOR2_CF_RANGE_51_100,RAZOR2_CF_RANGE_E8_51_100,RAZOR2_CHECK
RCVD_IN_SORBS_WEB,RDNS_NONE,SUBJECT_DRUG_GAP_C [/FONT]
[FONT="]Apr 21 09:43:58[/FONT]
[FONT="]proxprox[/FONT]
[FONT="]1F8F884BCE3C3B1DAAC: accept mail to <bburns@bcc.com.au> (14E2A1F8F93) [/FONT]
[FONT="]Apr 21 09:43:58[/FONT]
[FONT="]proxprox[/FONT]
[FONT="]1F8F884BCE3C3B1DAAC: processing time: 3.037 seconds [/FONT]
[FONT="]Apr 21 09:43:58[/FONT]
[FONT="]lmtp[/FONT]
[FONT="]89A481F8E56: to=<user@bcc.com.au>, relay=127.0.0.1[127.0.0.1]:10024,
delay=3.9, delays=0.77/0/0.04/3.1, dsn=2.5.0, status=sent (250 2.5.0 OK
(1F8F884BCE3C3B1DAAC))[/FONT]
[FONT="]Apr 21 09:43:58[/FONT]
[FONT="]qmgr[/FONT]
[FONT="]89A481F8E56: removed[/FONT]
[FONT="]Apr 21 09:43:58[/FONT]
[FONT="]smtpd[/FONT]
[FONT="]connect from localhost[127.0.0.1][/FONT]
[FONT="]Apr 21 09:43:58[/FONT]
[FONT="]smtpd[/FONT]
[FONT="]14E2A1F8F93: client=unknown[74.50.95.17][/FONT]
[FONT="]Apr 21 09:43:58[/FONT]
[FONT="]smtpd[/FONT]
[FONT="]disconnect from localhost[127.0.0.1][/FONT]
[FONT="]Apr 21 09:43:58[/FONT]
[FONT="]cleanup[/FONT]
[FONT="]14E2A1F8F93: message-id=<2efe26c843c4e6d69f4a287904e63956@bluespan.pt>[/FONT]
[FONT="]Apr 21 09:43:58[/FONT]
[FONT="]qmgr[/FONT]
[FONT="]14E2A1F8F93: from=<orcascandy@bluespan.pt>, size=7230, nrcpt=1 (queue active)[/FONT]
[FONT="]Apr 21 09:43:58[/FONT]
[FONT="]smtp[/FONT]
[FONT="]14E2A1F8F93: to=<user@bcc.com.au>, relay=192.168.1.5[192.168.1.5]:25,
delay=0.2, delays=0.07/0.01/0.01/0.12, dsn=2.6.0, status=sent (250 2.6.0
<2efe26c843c4e6d69f4a287904e63956@bluespan.pt> Queued mail for delivery)[/FONT]
[FONT="]Apr 21 09:43:58[/FONT]
[FONT="]qmgr[/FONT]
[FONT="]14E2A1F8F93: removed[/FONT]
Looking at this log, it is bloody obvious to me this is spam. Subject contains words that identify spam 100%. Why is it calculating such a low spam probability score? Has anything changed in the product? I haven't had to touch config on our Proxmox for long time. It's always been working just fine. All I do is install latest service packs and hotfixes. Or do I need to change my config?
Can you please explain?
Regards,
Tomas Repka
We've been using Proxmox for number of years and always been happy with spam catching rates. Very rarely we've seen spam slip through or legitimate email getting accidentally quarantined. Over last couple of months though things got worse and our power users get more spam slip through than before. Here is one example:
[FONT="]Apr 21 09:43:53[/FONT]
[FONT="]smtpd[/FONT]
[FONT="]connect from unknown[74.50.95.17][/FONT]
[FONT="]Apr 21 09:43:54[/FONT]
[FONT="]smtpd[/FONT]
[FONT="]89A481F8E56: client=unknown[74.50.95.17][/FONT]
[FONT="]Apr 21 09:43:55[/FONT]
[FONT="]proxprox[/FONT]
[FONT="]1F8F884BCE3C3B1DAAC: new mail
message-id=<2efe26c843c4e6d69f4a287904e63956@bluespan.pt> [/FONT]
[FONT="]Apr 21 09:43:55[/FONT]
[FONT="]cleanup[/FONT]
[FONT="]89A481F8E56: message-id=<2efe26c843c4e6d69f4a287904e63956@bluespan.pt>[/FONT]
[FONT="]Apr 21 09:43:55[/FONT]
[FONT="]qmgr[/FONT]
[FONT="]89A481F8E56: from=<orcascandy@bluespan.pt>, size=7048, nrcpt=1 (queue active)[/FONT]
[FONT="]Apr 21 09:43:57[/FONT]
[FONT="]smtpd[/FONT]
[FONT="]disconnect from unknown[74.50.95.17][/FONT]
[FONT="]Apr 21 09:43:58[/FONT]
[FONT="]proxprox[/FONT]
[FONT="]1F8F884BCE3C3B1DAAC: SA score=4/5 time=2.804 bayes=0.500214262838918
autolearn=no hits=BAYES_50,DRUGS_ERECTILE,FB_CIALIS_LEO3,HTML_MESSAGE
MIME_HTML_MOSTLY,RAZOR2_CF_RANGE_51_100,RAZOR2_CF_RANGE_E8_51_100,RAZOR2_CHECK
RCVD_IN_SORBS_WEB,RDNS_NONE,SUBJECT_DRUG_GAP_C [/FONT]
[FONT="]Apr 21 09:43:58[/FONT]
[FONT="]proxprox[/FONT]
[FONT="]1F8F884BCE3C3B1DAAC: accept mail to <bburns@bcc.com.au> (14E2A1F8F93) [/FONT]
[FONT="]Apr 21 09:43:58[/FONT]
[FONT="]proxprox[/FONT]
[FONT="]1F8F884BCE3C3B1DAAC: processing time: 3.037 seconds [/FONT]
[FONT="]Apr 21 09:43:58[/FONT]
[FONT="]lmtp[/FONT]
[FONT="]89A481F8E56: to=<user@bcc.com.au>, relay=127.0.0.1[127.0.0.1]:10024,
delay=3.9, delays=0.77/0/0.04/3.1, dsn=2.5.0, status=sent (250 2.5.0 OK
(1F8F884BCE3C3B1DAAC))[/FONT]
[FONT="]Apr 21 09:43:58[/FONT]
[FONT="]qmgr[/FONT]
[FONT="]89A481F8E56: removed[/FONT]
[FONT="]Apr 21 09:43:58[/FONT]
[FONT="]smtpd[/FONT]
[FONT="]connect from localhost[127.0.0.1][/FONT]
[FONT="]Apr 21 09:43:58[/FONT]
[FONT="]smtpd[/FONT]
[FONT="]14E2A1F8F93: client=unknown[74.50.95.17][/FONT]
[FONT="]Apr 21 09:43:58[/FONT]
[FONT="]smtpd[/FONT]
[FONT="]disconnect from localhost[127.0.0.1][/FONT]
[FONT="]Apr 21 09:43:58[/FONT]
[FONT="]cleanup[/FONT]
[FONT="]14E2A1F8F93: message-id=<2efe26c843c4e6d69f4a287904e63956@bluespan.pt>[/FONT]
[FONT="]Apr 21 09:43:58[/FONT]
[FONT="]qmgr[/FONT]
[FONT="]14E2A1F8F93: from=<orcascandy@bluespan.pt>, size=7230, nrcpt=1 (queue active)[/FONT]
[FONT="]Apr 21 09:43:58[/FONT]
[FONT="]smtp[/FONT]
[FONT="]14E2A1F8F93: to=<user@bcc.com.au>, relay=192.168.1.5[192.168.1.5]:25,
delay=0.2, delays=0.07/0.01/0.01/0.12, dsn=2.6.0, status=sent (250 2.6.0
<2efe26c843c4e6d69f4a287904e63956@bluespan.pt> Queued mail for delivery)[/FONT]
[FONT="]Apr 21 09:43:58[/FONT]
[FONT="]qmgr[/FONT]
[FONT="]14E2A1F8F93: removed[/FONT]
Looking at this log, it is bloody obvious to me this is spam. Subject contains words that identify spam 100%. Why is it calculating such a low spam probability score? Has anything changed in the product? I haven't had to touch config on our Proxmox for long time. It's always been working just fine. All I do is install latest service packs and hotfixes. Or do I need to change my config?
Can you please explain?
Regards,
Tomas Repka
