Step by step improving antispam protection.


Jul 5, 2021
Hello to everyone.
Exuse me, I'm not so familiar with antispam protection.

We have Exchange 2013 installed with Proxmox Mail Gateway 7.3-3 as an incoming mail point. I have setuped DNS black lists and it works well, but i still has several SPAM mails in my mailbox almost every day. Other users have it too.

Can anyone explain to me STEP BY STEP, what should i do to improve our antispam protection? What should i search for in PMG to understand why SPAM mails are not filtered and how can i fix it (which tools there are in PMG for that)?

Is it possible to make SPAM folders for all the users so that they can move junk mail to it and antispam can learn from it? Is there any manual to make it?

Thank you in advance.
Last edited:
Today example:
Sep 22 09:39:29 postfix/smtpd[473550]: connect from[]
Sep 22 09:39:29 postfix/smtpd[473550]: A700D16104E:[]
Sep 22 09:39:29 postfix/cleanup[473526]: A700D16104E: message-id=<>
Sep 22 09:39:29 postfix/qmgr[846]: A700D16104E: from=<>, size=34410, nrcpt=1 (queue active)
Sep 22 09:39:29 postfix/smtpd[473550]: disconnect from[] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5
Sep 22 09:39:29 pmg-smtp-filter[473611]: 1613A6650D36A1BE6CA: new mail message-id=<>#012
Sep 22 09:39:31 pmg-smtp-filter[473611]: 1613A6650D36A1BE6CA: SA score=0/5 time=1.280 bayes=0.00 autolearn=no autolearn_force=no hits=AWL(-0.001),BAYES_00(-1.9),DKIM_INVALID(0.1),DKIM_SIGNED(0.1),HEADER_FROM_DIFFERENT_DOMAINS(0.249),HTML_MESSAGE(0.001),KAM_DMARC_STATUS(0.01),MIME_HTML_ONLY(0.1),RCVD_IN_DNSWL_NONE(-0.0001),RCVD_IN_MSPIKE_BL(0.001),RCVD_IN_MSPIKE_L4(0.001),SPF_HELO_PASS(-0.001),SPF_NONE(0.001)
Sep 22 09:39:31 postfix/smtpd[473557]: connect from comhost.comdomain[]
Sep 22 09:39:31 postfix/smtpd[473557]: 1B1571613C6: client=comhost.comdomain[],[]
Sep 22 09:39:31 postfix/cleanup[473591]: 1B1571613C6: message-id=<>
Sep 22 09:39:31 postfix/qmgr[846]: 1B1571613C6: from=<>, size=35612, nrcpt=1 (queue active)
Sep 22 09:39:31 postfix/smtpd[473557]: disconnect from comhost.comdomain[] ehlo=1 xforward=1 mail=1 rcpt=1 data=1 commands=5
Sep 22 09:39:31 pmg-smtp-filter[473611]: 1613A6650D36A1BE6CA: accept mail to <> (1B1571613C6) (rule: default-accept)
Sep 22 09:39:31 pmg-smtp-filter[473611]: 1613A6650D36A1BE6CA: processing time: 1.378 seconds (1.28, 0.034, 0)
Sep 22 09:39:31 postfix/lmtp[473610]: A700D16104E: to=<>, relay=[]:10024, delay=1.5, delays=0.06/0/0.04/1.4, dsn=2.5.0, status=sent (250 2.5.0 OK (1613A6650D36A1BE6CA))
Sep 22 09:39:31 postfix/qmgr[846]: A700D16104E: removed
Sep 22 09:39:31 postfix/smtp[473618]: 1B1571613C6: to=<>, relay=MAIL04.domain.local[]:25, delay=0.25, delays=0.05/0/0.06/0.14, dsn=2.6.0, status=sent (250 2.6.0 <> [InternalId=44049184588034, Hostname=MAIL04.domain.local] Queued mail for delivery)
Sep 22 09:39:31 postfix/qmgr[846]: 1B1571613C6: removed

But i received it even with other sender:
Received: from MAIL04.domain.local ( by MAIL04.domain.local
( with Microsoft SMTP Server (TLS) id 15.0.1497.2 via Mailbox
Transport; Fri, 22 Sep 2023 09:39:31 +0300
Received: from MAIL04.domain.local ( by MAIL04.domain.local
( with Microsoft SMTP Server (TLS) id 15.0.1497.2; Fri, 22 Sep
2023 09:39:31 +0300
Received: from EDGE02.domain.local ( by MAIL04.domain.local
( with Microsoft SMTP Server (TLS) id 15.0.1497.2 via Frontend
Transport; Fri, 22 Sep 2023 09:39:31 +0300
Received: from EDGE02.domain.local (localhost.localdomain [])
by EDGE02.domain.local (Proxmox) with ESMTP id 1B1571613C6
for <>; Fri, 22 Sep 2023 09:39:31 +0300 (MSK)
Received-SPF: SoftFail (MAIL04.domain.local: domain of transitioning discourages use of as permitted sender)
Received-SPF: none ( No applicable sender policy available) receiver=EDGE02.domain.local; identity=mailfrom; envelope-from="";; client-ip=
Received: from ( [])
by EDGE02.domain.local (Proxmox) with ESMTP id A700D16104E
for <>; Fri, 22 Sep 2023 09:39:29 +0300 (MSK)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=dkim;;
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=dkim;;
DomainKey-Signature: a=rsa-sha1; c=nofws; q=dns; s=dkim;;
Content-Type: text/html; charset=utf-8
MIME-Version: 1.0
To: =?utf-8?B?IA==?= <>
From: =?utf-8?B?0J7QpiDQkNGA0LPQtdC90YLRg9C8?= <>
X-Mailru-Msgtype: mass2-viptolstobokov
X-Smart-Mailer: 2/6
X-Smart-QID: 1466966806
Reply-To: =?utf-8?B?0J7QpiDQkNGA0LPQtdC90YLRg9C8?= <>
Precedence: bulk
Message-ID: <>
List-Unsubscribe: <>
Date: Fri, 22 Sep 2023 09:39:22 +0300
Subject: =?utf-8?B?0J3QvtCy0L7QtSDQsiDQsdGD0YXQs9Cw0LvRgtC10YDRgdC60L7QvCDRg9GH0LXRgtC1INC4INC90LDQu9C+0LPQvtC+0LHQu9C+0LbQtdC90LjQuC4g0K3QutGB0L/QtdGA0YLQvdGL0Lkg0LDQvdCw0LvQuNC3INC/0L7RgdC70LXQtNC90LjRhSDQuNC30LzQtdC90LXQvdC40Lkg0LfQsNC60L7QvdC+0LTQsNGC0LXQu9GM0YHRgtCy0LAuINCe0YfQvdC+INC4INC+0L3Qu9Cw0LnQvQ==?=
X-SPAM-LEVEL: Spam detection results: 0
AWL -0.001 Adjusted score from AWL reputation of From: address
BAYES_00 -1.9 Bayes spam probability is 0 to 1%
DKIM_INVALID 0.1 DKIM or DK signature exists, but is not valid
DKIM_SIGNED 0.1 Message has a DKIM or DK signature, not necessarily valid
HEADER_FROM_DIFFERENT_DOMAINS 0.249 From and EnvelopeFrom 2nd level mail domains are different
HTML_MESSAGE 0.001 HTML included in message
KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment
MIME_HTML_ONLY 0.1 Message only has text/html MIME parts
RCVD_IN_DNSWL_NONE -0.0001 Sender listed at, no trust
RCVD_IN_MSPIKE_BL 0.001 Mailspike blocklisted
RCVD_IN_MSPIKE_L4 0.001 Bad reputation (-4)
SPF_HELO_PASS -0.001 SPF: HELO matches SPF record
SPF_NONE 0.001 SPF: sender does not publish an SPF Record
X-MS-Exchange-Organization-SenderIdResult: SoftFail
X-MS-Exchange-Organization-Network-Message-Id: 4e95c836-c85e-47fd-a253-08dbbb36ad47
X-Auto-Response-Suppress: DR, OOF, AutoReply
X-MS-Exchange-Organization-AuthSource: MAIL04.domain.local
X-MS-Exchange-Organization-AuthAs: Anonymous

What should i setup to filter such mails?
Thank you.
See the Getting Started Page in the PMG wiki:

and the reference documentation:

first 2 Things I'd recommend is disabling autowhitelists and bayes in the SpamDetector settings

(on a sidenote Exchange 2013 is End of Support since April 2023)
Thank you for answer.

Yes. I have studied your guides and i have setuped DNS black lists. And there is no additional info in your documentation what can i do if i I still get SPAM?

I'm not that familiar with this topic so please don't be too hard on me.

I have given SPAM example and i dont understand why this mail was not filtered. Could you please give me clear STEP BY STEP algorithm what should i do (what should i search in logs for and where are right logs in PMG?) when i receive SPAM despite the configured antispam?


The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!