Spam quarantine is empty

S

st060557

New Member
Nov 10, 2022
6
0
1
In tracking center I see that mail is moved to quarantine (moved mail for <user> to spam quarantine - 802CA636BB365A7CBF (rule: Quarantine/Mark Spam (Level 3))). E-mail field shows "no data in database", typing by hand also not working - the list of mails in quarantine is empty.
pmgsh get /quarantine/spamusers -starttime 0 -endtime $(date '+%s') returns:
200 OK
[]
I use the latest version of PMG, default rules are enabled.
How can I check that quarantine is working?
Thanks.
 
Last edited:
same issue. my guess after last update i have empty Spam quarantine. after 08/11/22
tracking center shows that emails quarantined
 
I have the same issue.
Yesterday, a mail was put into quarantine, but nothing was displayed in the quarantine screen.
Tracking center shows me it was put into quarantine.
Where is this email ?
 
st060557 said:
In tracking center I see that mail is moved to quarantine (moved mail for <user> to spam quarantine - 802CA636BB365A7CBF (rule: Quarantine/Mark Spam (Level 3))). E-mail field shows "no data in database", typing by hand also not working - the list of mails in quarantine is empty.
pmgsh get /quarantine/spamusers -starttime 0 -endtime $(date '+%s') returns:
200 OK
[]
I use the latest version of PMG, default rules are enabled.
How can I check that quarantine is working?
Thanks.
Click to expand...
please share:
* `pmgversion -v`
* the complete journal from 10 minutes before the mail was received to 10 minutes afterwards
 
  • Like
Reactions: st060557
Stoiko Ivanov said:
please share:
* `pmgversion -v`
* the complete journal from 10 minutes before the mail was received to 10 minutes afterwards
Click to expand...
Hi, Stoiko!
proxmox-mailgateway: 7.1-2 (API: 7.1-8/8be1bce7, running kernel: 5.15.64-1-pve)
pmg-api: 7.1-8
pmg-gui: 3.1-5
pve-kernel-5.15: 7.2-13
pve-kernel-helper: 7.2-13
pve-kernel-5.15.64-1-pve: 5.15.64-1
clamav-daemon: 0.103.7+dfsg-0+deb11u1
ifupdown: residual config
ifupdown2: 3.1.0-1+pmx3
libarchive-perl: 3.4.0-1
libjs-extjs: 7.0.0-1
libjs-framework7: 4.4.7-1
libproxmox-acme-perl: 1.4.2
libproxmox-acme-plugins: 1.4.2
libpve-apiclient-perl: 3.2-1
libpve-common-perl: 7.2-3
libpve-http-server-perl: 4.1-4
libxdgmime-perl: 1.0-1
lvm2: not correctly installed
pmg-docs: 7.1-2
pmg-i18n: 2.7-2
pmg-log-tracker: 2.3.1-1
postgresql-13: 13.8-0+deb11u1
proxmox-mini-journalreader: 1.3-1
proxmox-offline-mirror-helper: 0.5.0-1
proxmox-spamassassin: 3.4.6-4
proxmox-widget-toolkit: 3.5.1
pve-firmware: 3.5-6
pve-xtermjs: 4.16.0-1

Nov 09 18:22:04 mail.mydomain.com pmgpolicy[729391]: starting policy database maintenance (greylist, rbl)
Nov 09 18:22:04 mail.mydomain.com pmgpolicy[729391]: end policy database maintenance (17 ms, 2 ms)
Nov 09 18:23:00 mail.mydomain.com pmg-smtp-filter[756215]: starting database maintenance
Nov 09 18:23:00 mail.mydomain.com pmg-smtp-filter[756215]: end database maintenance (34 ms)
Nov 09 18:23:49 mail.mydomain.com pmgdaemon[785914]: successful auth for user 'admin@pmg'
Nov 09 18:24:14 mail.mydomain.com pmgpolicy[729391]: starting policy database maintenance (greylist, rbl)
Nov 09 18:24:14 mail.mydomain.com pmgpolicy[729391]: end policy database maintenance (17 ms, 2 ms)
Nov 09 18:25:00 mail.mydomain.com pmg-smtp-filter[756215]: starting database maintenance
Nov 09 18:25:00 mail.mydomain.com pmg-smtp-filter[756215]: end database maintenance (31 ms)
Nov 09 18:25:01 mail.mydomain.com CRON[786807]: pam_unix(cron:session): session opened for user root(uid=0) by (uid=0)
Nov 09 18:25:01 mail.mydomain.com CRON[786808]: (root) CMD (command -v debian-sa1 > /dev/null && debian-sa1 1 1)
Nov 09 18:25:01 mail.mydomain.com CRON[786807]: pam_unix(cron:session): session closed for user root
Nov 09 18:26:24 mail.mydomain.com pmgpolicy[729391]: starting policy database maintenance (greylist, rbl)
Nov 09 18:26:24 mail.mydomain.com pmgpolicy[729391]: end policy database maintenance (17 ms, 2 ms)
Nov 09 18:27:01 mail.mydomain.com pmg-smtp-filter[756215]: starting database maintenance
Nov 09 18:27:01 mail.mydomain.com pmg-smtp-filter[756215]: end database maintenance (31 ms)
Nov 09 18:28:34 mail.mydomain.com pmgpolicy[729391]: starting policy database maintenance (greylist, rbl)
Nov 09 18:28:34 mail.mydomain.com pmgpolicy[729391]: end policy database maintenance (17 ms, 2 ms)
Nov 09 18:29:01 mail.mydomain.com pmg-smtp-filter[756215]: starting database maintenance
Nov 09 18:29:01 mail.mydomain.com pmg-smtp-filter[756215]: end database maintenance (32 ms)
Nov 09 18:30:44 mail.mydomain.com pmgpolicy[729391]: starting policy database maintenance (greylist, rbl)
Nov 09 18:30:44 mail.mydomain.com pmgpolicy[729391]: end policy database maintenance (17 ms, 2 ms)
Nov 09 18:31:01 mail.mydomain.com pmg-smtp-filter[756215]: starting database maintenance
Nov 09 18:31:01 mail.mydomain.com pmg-smtp-filter[756215]: end database maintenance (34 ms)
Nov 09 18:32:45 mail.mydomain.com pmgpolicy[729391]: starting policy database maintenance (greylist, rbl)
Nov 09 18:32:45 mail.mydomain.com pmgpolicy[729391]: end policy database maintenance (17 ms, 2 ms)
Nov 09 18:33:01 mail.mydomain.com pmg-smtp-filter[756215]: starting database maintenance
Nov 09 18:33:01 mail.mydomain.com pmg-smtp-filter[756215]: end database maintenance (31 ms)
Nov 09 18:33:12 mail.mydomain.com postfix/postscreen[787432]: CONNECT from [sender_ip]:46501 to [pmg_ip]:25
Nov 09 18:33:18 mail.mydomain.com postfix/postscreen[787432]: PASS NEW [sender_ip]:46501
Nov 09 18:33:19 mail.mydomain.com postfix/smtpd[787441]: connect from mail.senderdomain.com[sender_ip]
Nov 09 18:33:19 mail.mydomain.com postfix/smtpd[787441]: Anonymous TLS connection established from mail.senderdomain.com[sender_ip]: TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
Nov 09 18:33:19 mail.mydomain.com pmgpolicy[784930]: reloading configuration Proxmox_ruledb
Nov 09 18:33:19 mail.mydomain.com pmgpolicy[784930]: SPF says pass
Nov 09 18:33:19 mail.mydomain.com postfix/smtpd[787441]: 5C77E7F1E6: client=mail.senderdomain.com[sender_ip]
Nov 09 18:33:19 mail.mydomain.com postfix/cleanup[787449]: 5C77E7F1E6: message-id=<1560612327-3711@mail.senderdomain.com>
Nov 09 18:33:19 mail.mydomain.com postfix/qmgr[55230]: 5C77E7F1E6: from=<sender@senderdomain.com>, size=74804, nrcpt=1 (queue active)
Nov 09 18:33:19 mail.mydomain.com postfix/smtpd[787441]: disconnect from mail.senderdomain.com[sender_ip] ehlo=2 starttls=1 mail=1 rcpt=1 data=1 quit=1 commands=7
Nov 09 18:33:19 mail.mydomain.com pmg-smtp-filter[763952]: 2022/11/09-18:33:19 CONNECT TCP Peer: "[127.0.0.1]:57996" Local: "[127.0.0.1]:10024"
Nov 09 18:33:19 mail.mydomain.com pmg-smtp-filter[763952]: 802DC636BC83F7A69E: new mail message-id=<1560612327-3711@mail.senderdomain.com>
Nov 09 18:33:22 mail.mydomain.com postfix/postscreen[787432]: warning: dnsblog reply timeout 10s for b.barracudacentral.org
Nov 09 18:33:22 mail.mydomain.com pmg-smtp-filter[763952]: 802DC636BC83F7A69E: SA score=3/5 time=3.350 bayes=undefined autolearn=no autolearn_force=no hits=DKIM_SIGNED(0.1),DKIM_VALID(-0.1),DKIM_VALID_AU(-0.1),DKIM_VALID_EF(-0.1),HTML_MESSAGE(0.001),KAM_LINEPADDING(1.2),MIXED_ES(2.499),SPF_HELO_NONE(0.001),SPF_PASS(-0.001)
Nov 09 18:33:22 mail.mydomain.com pmg-smtp-filter[763952]: WARNING: Wide character in print at /usr/lib/x86_64-linux-gnu/perl-base/IO/Handle.pm line 157.
Nov 09 18:33:22 mail.mydomain.com pmg-smtp-filter[763952]: ERROR: Wide character in subroutine entry at /usr/share/perl5/PMG/MailQueue.pm line 176.
Nov 09 18:33:22 mail.mydomain.com pmg-smtp-filter[763952]: 802DC636BC83F7A69E: moved mail for <user@mydomain.com> to spam quarantine - 802DE636BC842D522F (rule: Quarantine/Mark Spam (Level 3))
Nov 09 18:33:22 mail.mydomain.com pmg-smtp-filter[763952]: 802DC636BC83F7A69E: processing time: 3.375 seconds (3.35, 0, 0)
Nov 09 18:33:22 mail.mydomain.com postfix/lmtp[787450]: 5C77E7F1E6: to=<user@mydomain.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=3.6, delays=0.17/0.02/0.04/3.4, dsn=2.5.0, status=sent (250 2.5.0 OK (802DC636BC83F7A69E))
Nov 09 18:33:22 mail.mydomain.com postfix/qmgr[55230]: 5C77E7F1E6: removed
Nov 09 18:33:32 mail.mydomain.com pmgproxy[780065]: worker exit
Nov 09 18:33:33 mail.mydomain.com pmgproxy[1034]: worker 780065 finished
Nov 09 18:33:33 mail.mydomain.com pmgproxy[1034]: starting 1 worker(s)
Nov 09 18:33:33 mail.mydomain.com pmgproxy[1034]: worker 787468 started
Nov 09 18:34:55 mail.mydomain.com pmgpolicy[729391]: starting policy database maintenance (greylist, rbl)
Nov 09 18:34:55 mail.mydomain.com pmgpolicy[729391]: end policy database maintenance (17 ms, 2 ms)
Nov 09 18:35:01 mail.mydomain.com CRON[787579]: pam_unix(cron:session): session opened for user root(uid=0) by (uid=0)
Nov 09 18:35:01 mail.mydomain.com CRON[787580]: (root) CMD (command -v debian-sa1 > /dev/null && debian-sa1 1 1)
Nov 09 18:35:01 mail.mydomain.com CRON[787579]: pam_unix(cron:session): session closed for user root
Nov 09 18:35:02 mail.mydomain.com pmg-smtp-filter[756215]: starting database maintenance
Nov 09 18:35:03 mail.mydomain.com pmg-smtp-filter[756215]: end database maintenance (41 ms)
Nov 09 18:36:06 mail.mydomain.com pmgdaemon[780151]: worker exit
Nov 09 18:36:06 mail.mydomain.com pmgdaemon[1027]: worker 780151 finished
Nov 09 18:36:06 mail.mydomain.com pmgdaemon[1027]: starting 1 worker(s)
Nov 09 18:36:06 mail.mydomain.com pmgdaemon[1027]: worker 787672 started
Nov 09 18:36:39 mail.mydomain.com postfix/anvil[787445]: statistics: max connection rate 1/60s for (smtpd:sender_ip) at Nov 9 18:33:19
Nov 09 18:36:39 mail.mydomain.com postfix/anvil[787445]: statistics: max connection count 1 for (smtpd:sender_ip) at Nov 9 18:33:19
Nov 09 18:36:39 mail.mydomain.com postfix/anvil[787445]: statistics: max cache size 1 at Nov 9 18:33:19
Nov 09 18:37:03 mail.mydomain.com pmg-smtp-filter[756215]: starting database maintenance
Nov 09 18:37:03 mail.mydomain.com pmg-smtp-filter[756215]: end database maintenance (31 ms)
Nov 09 18:37:05 mail.mydomain.com pmgpolicy[729391]: starting policy database maintenance (greylist, rbl)
Nov 09 18:37:05 mail.mydomain.com pmgpolicy[729391]: end policy database maintenance (17 ms, 2 ms)
Nov 09 18:38:50 mail.mydomain.com pmgdaemon[785914]: successful auth for user 'admin@pmg'
Nov 09 18:39:03 mail.mydomain.com pmg-smtp-filter[756215]: starting database maintenance
Nov 09 18:39:03 mail.mydomain.com pmg-smtp-filter[756215]: end database maintenance (32 ms)
Nov 09 18:39:15 mail.mydomain.com pmgpolicy[729391]: starting policy database maintenance (greylist, rbl)
Nov 09 18:39:15 mail.mydomain.com pmgpolicy[729391]: end policy database maintenance (17 ms, 2 ms)
Nov 09 18:41:03 mail.mydomain.com pmg-smtp-filter[756215]: starting database maintenance
Nov 09 18:41:03 mail.mydomain.com pmg-smtp-filter[756215]: end database maintenance (31 ms)
Nov 09 18:41:25 mail.mydomain.com pmgpolicy[729391]: starting policy database maintenance (greylist, rbl)
Nov 09 18:41:25 mail.mydomain.com pmgpolicy[729391]: end policy database maintenance (17 ms, 2 ms)
Nov 09 18:43:03 mail.mydomain.com pmg-smtp-filter[756215]: starting database maintenance
Nov 09 18:43:03 mail.mydomain.com pmg-smtp-filter[756215]: end database maintenance (31 ms)
Nov 09 18:43:35 mail.mydomain.com pmgpolicy[729391]: starting policy database maintenance (greylist, rbl)
Nov 09 18:43:35 mail.mydomain.com pmgpolicy[729391]: end policy database maintenance (17 ms, 2 ms)
 
Last edited:
Thanks - could you please also share the output of `pmgdb dump` (to get an overview of your rulesystem)?
Thanks!
 
  • Like
Reactions: st060557
Stoiko Ivanov said:
Thanks - could you please also share the output of `pmgdb dump` (to get an overview of your rulesystem)?
Thanks!
Click to expand...
Found RULE 4 (prio: 98, in, active): Blacklist
FOUND FROM GROUP 2: Blacklist
OBJECT 1: nomail@fromthisdomain.com
FOUND ACTION GROUP 18: Block
OBJECT 30: block message
Found RULE 3 (prio: 96, out, inactive): Virus Alert
FOUND WHAT GROUP 9: Virus
OBJECT 21: active
FOUND ACTION GROUP 18: Block
OBJECT 30: block message
FOUND ACTION GROUP 20: Notify Admin
OBJECT 32: notify __ADMIN__
FOUND ACTION GROUP 21: Notify Sender
OBJECT 33: notify __SENDER__
Found RULE 2 (prio: 96, in, inactive): Block Viruses
FOUND WHAT GROUP 9: Virus
OBJECT 21: active
FOUND ACTION GROUP 19: Quarantine
OBJECT 31: Move to quarantine.
FOUND ACTION GROUP 20: Notify Admin
OBJECT 32: notify __ADMIN__
Found RULE 1 (prio: 93, in, inactive): Block Dangerous Files
FOUND WHAT GROUP 8: Dangerous Content
OBJECT 16: content-type=application/javascript
OBJECT 17: content-type=application/x-executable
OBJECT 15: content-type=application/x-java
OBJECT 14: content-type=application/x-ms-dos-executable
OBJECT 18: content-type=message/partial
OBJECT 19: filename=.*\.(vbs|pif|lnk|shs|shb)
OBJECT 20: filename=.*\.\{.+\}
FOUND ACTION GROUP 15: Remove attachments
OBJECT 27: remove matching attachments
Found RULE 5 (prio: 90, in, inactive): Modify Header
FOUND ACTION GROUP 13: Modify Spam Level
OBJECT 25: modify field: X-SPAM-LEVEL:__SPAM_INFO__
Found RULE 13 (prio: 89, in, inactive): Quarantine Office Files
FOUND WHAT GROUP 7: Office Files
OBJECT 9: content-type=application/msword
OBJECT 7: content-type=application/vnd\.ms-excel
OBJECT 8: content-type=application/vnd\.ms-powerpoint
OBJECT 11: content-type=application/vnd\.oasis\.opendocument\..*
OBJECT 10: content-type=application/vnd\.openxmlformats-officedocument\..*
OBJECT 12: content-type=application/vnd\.stardivision\..*
OBJECT 13: content-type=application/vnd\.sun\.xml\..*
FOUND ACTION GROUP 23: Attachment Quarantine (remove matching)
OBJECT 35: remove matching attachments
Found RULE 12 (prio: 87, in+out, inactive): Block Multimedia Files
FOUND WHAT GROUP 6: Multimedia
OBJECT 5: content-type=audio/.*
OBJECT 6: content-type=video/.*
FOUND ACTION GROUP 15: Remove attachments
OBJECT 27: remove matching attachments
Found RULE 6 (prio: 85, in, active): Whitelist
FOUND FROM GROUP 3: Whitelist
OBJECT 2: mail@fromthisdomain.com
FOUND ACTION GROUP 17: Accept
OBJECT 29: accept message
Found RULE 9 (prio: 82, in, active): Block Spam (Level 10)
FOUND WHAT GROUP 12: Spam (Level 10)
OBJECT 24: Level 10
FOUND ACTION GROUP 18: Block
OBJECT 30: block message
Found RULE 8 (prio: 81, in, active): Quarantine/Mark Spam (Level 5)
FOUND WHAT GROUP 11: Spam (Level 5)
OBJECT 23: Level 5
FOUND ACTION GROUP 14: Modify Spam Subject
OBJECT 26: modify field: subject:SPAM: __SUBJECT__
FOUND ACTION GROUP 19: Quarantine
OBJECT 31: Move to quarantine.
Found RULE 7 (prio: 80, in, inactive): Quarantine/Mark Spam (Level 3)
FOUND WHAT GROUP 10: Spam (Level 3)
OBJECT 22: Level 3
FOUND ACTION GROUP 14: Modify Spam Subject
OBJECT 26: modify field: subject:SPAM: __SUBJECT__
FOUND ACTION GROUP 19: Quarantine
OBJECT 31: Move to quarantine.
Found RULE 10 (prio: 70, out, active): Block outgoing Spam
FOUND WHAT GROUP 10: Spam (Level 3)
OBJECT 22: Level 3
FOUND ACTION GROUP 18: Block
OBJECT 30: block message
FOUND ACTION GROUP 20: Notify Admin
OBJECT 32: notify __ADMIN__
FOUND ACTION GROUP 21: Notify Sender
OBJECT 33: notify __SENDER__
Found RULE 11 (prio: 60, out, inactive): Add Disclaimer
FOUND ACTION GROUP 22: Disclaimer
OBJECT 34: disclaimer
 
From my short tests with the default rule-setup the patch (also linked in the thread I linked above):
https://lists.proxmox.com/pipermail/pmg-devel/2022-November/002144.html

does fix the issue with lost quarantine mails.

If you want you can apply it manually for the time being.
else downgrading to `pmg-api_7.1-7_all.deb` with: `apt install pmg-api=7.1-7`
should also work as mitigation.

We'll try to get the patch applied and packaged in a timely manner.
 
  • Like
Reactions: st060557
Stoiko Ivanov said:
From my short tests with the default rule-setup the patch (also linked in the thread I linked above):
https://lists.proxmox.com/pipermail/pmg-devel/2022-November/002144.html

does fix the issue with lost quarantine mails.

If you want you can apply it manually for the time being.
else downgrading to `pmg-api_7.1-7_all.deb` with: `apt install pmg-api=7.1-7`
should also work as mitigation.

We'll try to get the patch applied and packaged in a timely manner.
Click to expand...
Hello

After updating to version 7.1.8, as the respected st060557 said, quarantined messages processed by antispam were no longer displayed. If the message is quarantined according to the mail rules, it is displayed in the quarantine. Could you suggest how to fix this moment? If you apply the patch you described. Will already quarantined messages be lost?
 
JSChasle said:
Is this still an issue in 7.2-1 as I am not seeing any emails in my quarantine?
Click to expand...
not sure if you have the same issue, but the curreng pmg version is 7.3, so maybe upgrade to that and check again
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back