We receive a lot of fake emails sent to our personal inbox.
How can I block them on proxmox mail gateway
How can I block them on proxmox mail gateway
Code:
Jul 23 17:14:15 mailgw01 postfix/smtpd[1588766]: connect from hwsrv-1232239.hostwindsdns.com[104.168.144.220]
Jul 23 17:14:16 mailgw01 postfix/smtpd[1588766]: Anonymous TLS connection established from hwsrv-1232239.hostwindsdns.com[104.168.144.220]: TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)
Jul 23 17:14:16 mailgw01 postfix/smtpd[1588766]: NOQUEUE: client=hwsrv-1232239.hostwindsdns.com[104.168.144.220]
Jul 23 17:15:40 mailgw01 pmg-smtp-filter[1588823]: 241FB5669F82CC034C9: new mail message-id=<20240723121412.37BAF0281C55058D@lab.com.vn>#012
Jul 23 17:15:40 mailgw01 pmg-smtp-filter[1588823]: 241FB5669F82CC034C9: found archive 'SWWQ24042702-1.rar' (application/vnd.rar)
Jul 23 17:15:40 mailgw01 pmg-smtp-filter[1588823]: 241FB5669F82CC034C9: unpack archive 'SWWQ24042702-1.rar' done (43 ms)
Jul 23 17:15:46 mailgw01 pmg-smtp-filter[1588823]: 241FB5669F82CC034C9: SA score=4/5 time=5.292 bayes=0.00 autolearn=no autolearn_force=no hits=BAYES_00(-1.9),DMARC_QUAR(0.1),FROM_MISSP_EH_MATCH(0.001),HTML_MESSAGE(0.001),KAM_DMARC_QUARANTINE(3),KAM_DMARC_STATUS(0.01),MIME_HTML_ONLY(0.1),SPF_HELO_NONE(0.001),SUBJ_ALL_CAPS(0.5),TO_NO_BRKTS_FROM_MSSP(2.499),T_SPF_PERMERROR(0.01)
Jul 23 17:15:46 mailgw01 pmg-smtp-filter[1588823]: 241FB5669F82CC034C9: moved mail for <nguyennv@mydomain.vn> to attachment quarantine - 241FB4669F82D224474 (rule: Block Dangerous Files)
Jul 23 17:15:46 mailgw01 pmg-smtp-filter[1588823]: 241FB5669F82CC034C9: removed attachment 3 ('SWWQ24042702.rar', rule: Block Dangerous Files)
Jul 23 17:15:46 mailgw01 pmg-smtp-filter[1588823]: 241FB5669F82CC034C9: adding disclaimer failed (rule: Block Dangerous Files)
Jul 23 17:15:46 mailgw01 postfix/smtpd[1588776]: connect from localhost.localdomain[127.0.0.1]
Jul 23 17:15:46 mailgw01 postfix/smtpd[1588776]: 2882A241FB8: client=localhost.localdomain[127.0.0.1], orig_client=hwsrv-1232239.hostwindsdns.com[104.168.144.220]
Jul 23 17:15:46 mailgw01 postfix/cleanup[1588778]: 2882A241FB8: message-id=<pmg-aquar-1588823-20240723121412.37BAF0281C55058D@lab.com.vn>
Jul 23 17:15:46 mailgw01 postfix/qmgr[1176658]: 2882A241FB8: from=<lisa@lab.com.vn>, size=13101, nrcpt=1 (queue active)
Jul 23 17:15:46 mailgw01 postfix/smtpd[1588776]: disconnect from localhost.localdomain[127.0.0.1] ehlo=1 xforward=1 mail=1 rcpt=1 data=1 commands=5
Jul 23 17:15:46 mailgw01 pmg-smtp-filter[1588823]: 241FB5669F82CC034C9: accept mail to <nguyennv@mydomain.vn> (2882A241FB8) (rule: _exception_)
Jul 23 17:15:46 mailgw01 postfix/smtp[1588838]: Trusted TLS connection established to 172.16.1.200[172.16.1.200]:25: TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)
Jul 23 17:15:46 mailgw01 pmg-smtp-filter[1588823]: 241FB5669F82CC034C9: processing time: 6.184 seconds (5.292, 0.75, 0)
Jul 23 17:15:46 mailgw01 postfix/smtpd[1588766]: proxy-accept: END-OF-MESSAGE: 250 2.5.0 OK (241FB5669F82CC034C9); from=<lisa@lab.com.vn> to=<nguyennv@mydomain.vn> proto=ESMTP helo=<hwsrv-1232239.hostwindsdns.com>
Jul 23 17:15:46 mailgw01 postfix/smtpd[1588766]: disconnect from hwsrv-1232239.hostwindsdns.com[104.168.144.220] ehlo=2 starttls=1 mail=1 rcpt=1 data=1 quit=1 commands=7
Jul 23 17:15:46 mailgw01 postfix/smtp[1588838]: 2882A241FB8: to=<nguyennv@mydomain.vn>, relay=172.16.1.200[172.16.1.200]:25, delay=0.13, delays=0.05/0/0.05/0.03, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 406E3C47177B)
Jul 23 17:15:46 mailgw01 postfix/qmgr[1176658]: 2882A241FB8: removed
Last edited:
