Tighten up spam filtering

Discussion in 'Mail Gateway: Installation and configuration' started by Nhoague, Jan 19, 2018.

  1. Nhoague

    Nhoague Member

    Joined:
    Sep 29, 2012
    Messages:
    68
    Likes Received:
    0
    How can I make the PMG even tighter? We seem to be getting more spam still slipping through the filter. I want it to be almost "too" tight.

    Is it possible I could send you my backup file so you can check our settings for validity?

    Thanks!
     
  2. tom

    tom Proxmox Staff Member
    Staff Member

    Joined:
    Aug 29, 2006
    Messages:
    12,899
    Likes Received:
    320
  3. Nhoague

    Nhoague Member

    Joined:
    Sep 29, 2012
    Messages:
    68
    Likes Received:
    0
    I'm still seeing alot of spam come through the PMG. After review of our file, were you able to find other ways to tighten up our spam server? Here is an example of some headers that have come through. Based on this, shouldnt the PMG have caught it? Or am I missing something?

    X-Spf-Status: ⁨soft_fail⁩

    X-Spam-Score: ⁨100⁩

    X-Spam-Level: ⁨Spam detection results: 0 BAYES_00 -1.9 Bayes spam probability is 0 to 1% DKIM_SIGNED 0.1 Message has a DKIM or DK signature, not necessarily valid DKIM_VALID -0.1 Message has at least one valid DKIM or DK signature EXCUSE_24 1 Claims you wanted this ad HEADER_FROM_DIFFERENT_DOMAINS 0.25 From and EnvelopeFrom 2nd level mail domains are different HTML_FONT_SIZE_LARGE 0.001 HTML font size is large HTML_MESSAGE 0.001 HTML included in message RCVD_IN_DNSWL_NONE -0.0001 Sender listed at http://www.dnswl.org/, no trust SPF_HELO_PASS -0.001 SPF: HELO matches SPF record SPF_PASS -0.001 SPF: sender matches SPF record T_RP_MATCHES_RCVD -0.01 Envelope sender domain matches handover relay domain URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information.⁩

    X-Ms-Exchange-Organization-Authas: ⁨Anonymous⁩

    Spam-Stopper-V2: ⁨Yes⁩

    Return-Path: ⁨bounce-md_30868966.5a70205d.v1-3f2e19b9ff30417ba3f9e30bd9c7d907@mandrillapp.com⁩

    X-Ms-Exchange-Organization-Network-Message-Id: ⁨35f36f46-8421-40ef-7a50-08d567b420c6⁩

    ⁨<e8b79ce0-8df2-e63d-b3c2-e6f36d11226b@silverlakepub.com>⁩

    X-Rdns-Status: ⁨pass⁩

    X-Cmae-Analysis: ⁨v=2.2 cv=XoaKARN9 c=1 sm=1 tr=0 p=tyELC3BHFfKCGWu3JVsA:9 a=iYSc8k3P5xvkQTAjsMZoCA==:117 a=iYSc8k3P5xvkQTAjsMZoCA==:17 a=lU03Z4yc7+u8VQHnwYB+2V2ltmY=:19 a=RgaUWeydRksA:10 a=-uNXE31MpBQA:10 a=3IXqxcDpAAAA:8 a=pcclQ6hiAAAA:8 a=-HJwH1y9AAAA:8 a=sxfOT_yiAAAA:8 a=Byojahs553LUA_ZZ:21 a=ab_5XBfUJr7Hm8NI:21 a=QEXdDO2ut3YA:10 a=xx-eWKR--goA:10 a=lAq7YOjDHfkA:10 a=oBomYAqOkJMA:10 a=noLWSlgggUcA:10 a=t_WNRh-AI6CPB-cc8DAA:9 a=r8up1xOQTrhxmcx0:21 a=o7V0xdXdxUzq402p:21 a=wR8JSuMmlo1qJicN:21 a=6UIaq3Bcl8oA:10 a=_W_S_7VecoQA:10 a=frz4AuCg-hUA:10 a=jjxgvnocCX0A:10 a=uwgIXyJJh-Lc7q4L-ymd:22 a=HdP1VN2mBm2NwMIM4jCI:22 a=xha5XVv8otAmwIV9NdAo:22 a=wQjUK3rAPQmmWTtgHBQJ:22⁩

    ⁨<e8b79ce0-8df2-e63d-b3c2-e6f36d11226b@silverlakepub.com>⁩

    X-Aes-Category: ⁨MARKETING⁩

    X-Spam-Reasons: ⁨Cause=gggruggvucftvghtrhhoucdtuddrgedtvddrvdekgdduudduucdltddurdegtddurddttddmucetufdoteggodetrfdotffvucfrrhhofhhilhgvmecutddurdegtddvrdduledpkffpvffgtffogfffkfetpdggtfgfnhhsuhgsshgtrhhisggvnecuuegrihhlohhuthemuceftddtnecundfotefknffkpffiucdludejmdenucfjughrpefhufhfkfgjjffvffggtgesrgdtreertddtjeenucfhrhhomhepifhushcujfgvrhhrvghrrgcuoehsrghlvghssehsihhlvhgvrhhlrghkvghpuhgsrdgtohhmqeenucffohhmrghinhepshhilhhvvghrlhgrkhgvphhusgdrtghomhdpmhgrnhgurhhilhhlrghpphdrtghomhenucfkphephedtrddvtdeirdduuddrvdehtddpjeefrddvvddurdelledrvdehudenucevlhhushhtvghrufhiiigvpedt Unsub=mailto:unsubscribe-md_30868966.5a70205d.v1-3f2e19b9ff30417ba3f9e30bd9c7d907@mailin1.us2.mcsv.net?subject=unsub Unsub=UNSUB:http://www.silverlakepub.com/unsub Unsub=https://mandrillapp.com/track/click...mYzk3ODAwYTU3MDdlYTIwMmMzYTA0NTAwZmE0XCJdfSJ9 Unsub=http://www.silverlakepub.com/unsub Unsub=http://mandrillapp.com/track/unsub....com/unsub?md_email=nhoague@networkdynamix.com To=<nhoague@networkdynamix.com> From=Gus Herrera <sales@silverlakepub.com>⁩

    X-Report-Abuse: ⁨Please forward a copy of this message, including all headers, to abuse@mandrill.com

    X-Report-Abuse: ⁨You can also report abuse here: http://mandrillapp.com/contact/abuse?id=30868966.3f2e19b9ff30417ba3f9e30bd9c7d907⁩

    ⁨<c3935dc6-7c19-66d8-cfda-3292c06a4a9b@silverlakepub.com>⁩

    X-Spam-Category: ⁨MCE⁩

    Mime-Version: ⁨1.0⁩

    X-Mandrill-User: ⁨md_30868966⁩

    X-Forwarded-Message-Id: ⁨<e8b79ce0-8df2-e63d-b3c2-e6f36d11226b@silverlakepub.com>⁩

    X-Ms-Exchange-Organization-Authsource: ⁨MBX090-E1-VA-2.EXCH090.serverpod.net⁩

    Received: ⁨from MBX090-E2-VA-1.EXCH090.serverpod.net (10.216.177.122) by MBX090-E2-VA-5.EXCH090.serverpod.net (10.216.177.130) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P521) id 15.1.544.27 via Mailbox Transport; Tue, 30 Jan 2018 02:36:08 -0500⁩

    Received: ⁨from MBX090-E1-VA-2.EXCH090.serverpod.net (10.216.177.112) by MBX090-E2-VA-1.EXCH090.serverpod.net (10.216.177.122) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P521) id 15.1.544.27; Tue, 30 Jan 2018 02:36:08 -0500⁩

    Received: ⁨from aesmt090-co-1-2.serverpod.net (10.224.74.23) by MBX090-E1-VA-2.EXCH090.serverpod.net (10.216.177.113) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P521) id 15.1.544.27 via Frontend Transport; Tue, 30 Jan 2018 02:36:08 -0500⁩

    Received: ⁨from aesc090-co-1-4.serverpod.net (aesc090-co-1-4.serverpod.net [10.224.76.77]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aesmt090-co-1.serverpod.net (Postfix) with ESMTPS id 0A67E1634 for <nhoague@networkdynamix.com>; Mon, 29 Jan 2018 23:36:08 -0800 (PST)⁩

    Received: ⁨from exmx090-co-1-2.serverpod.net (exmx090-co-1-2.serverpod.net [10.224.72.23]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aesmt090-co-1.serverpod.net (Postfix) with ESMTPS id C38C2DD8 for <nhoague@networkdynamix.com>; Mon, 29 Jan 2018 23:36:07 -0800 (PST)⁩

    Received: ⁨from pmg01.onepointsync.com (50-206-11-250-static.hfc.comcastbusiness.net [50.206.11.250]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by west.smtp.mx.exch090.serverdata.net (Postfix) with ESMTPS id 97AD713C for <nhoague@networkdynamix.com>; Mon, 29 Jan 2018 23:36:07 -0800 (PST)⁩

    Received: ⁨from pmg01.onepointsync.com (localhost.localdomain [127.0.0.1]) by pmg01.onepointsync.com (Proxmox) with ESMTP id 638B12408B3 for <nhoague@networkdynamix.com>; Tue, 30 Jan 2018 00:36:07 -0700 (MST)⁩

    Received: ⁨from mail186-2.suw21.mandrillapp.com (mail186-2.suw21.mandrillapp.com [198.2.186.2]) by pmg01.onepointsync.com (Proxmox) with ESMTPS id B616E2408AA for <nhoague@networkdynamix.com>; Tue, 30 Jan 2018 00:36:03 -0700 (MST)⁩

    Received: ⁨from pmta02.mandrill.prod.suw01.rsglab.com (127.0.0.1) by mail186-2.suw21.mandrillapp.com id he0g66174bki for <nhoague@networkdynamix.com>; Tue, 30 Jan 2018 07:35:57 +0000 (envelope-from <bounce-md_30868966.5a70205d.v1-3f2e19b9ff30417ba3f9e30bd9c7d907@mandrillapp.com>)⁩

    Received: ⁨from [73.221.99.251] by mandrillapp.com id 3f2e19b9ff30417ba3f9e30bd9c7d907; Tue, 30 Jan 2018 07:35:57 +0000⁩

    Content-Type: ⁨multipart/alternative; boundary="_av-Vq--UHK6lLIJW5hDoTaIgA"⁩

    X-Cmae-Score: ⁨100⁩

    X-Source-Ip: ⁨50.206.11.250⁩

    Spam-Stopper-Id: ⁨0f39ac8a-0262-4ed0-a722-586f81d814c8⁩

    Received-Spf: ⁨pass (mandrillapp.com: Sender is authorized to use 'bounce-md_30868966.5a70205d.v1-3f2e19b9ff30417ba3f9e30bd9c7d907@mandrillapp.com' in 'mfrom' identity (mechanism 'include:spf.mandrillapp.com' matched)) receiver=pmg01.onepointsync.com; identity=mailfrom; envelope-from="bounce-md_30868966.5a70205d.v1-3f2e19b9ff30417ba3f9e30bd9c7d907@mandrillapp.com"; helo=mail186-2.suw21.mandrillapp.com; client-ip=198.2.186.2⁩

    List-Unsubscribe: ⁨<mailto:unsubscribe-md_30868966.5a70205d.v1-3f2e19b9ff30417ba3f9e30bd9c7d907@mailin1.us2.mcsv.net?subject=unsub>⁩

    X-Cmae-Verdict: ⁨spam⁩

    X-Ms-Exchange-Transport-Endtoendlatency: ⁨00:00:00.3784040⁩

    Dkim-Signature: ⁨v=1; a=rsa-sha256; c=relaxed/relaxed; s=mandrill; d=silverlakepub.com; h=From:Subject:References:Message-Id:In-Reply-To:List-Unsubscribe:To:Date:MIME-Version:Content-Type; i=sales@silverlakepub.com; bh=SaGItYXpunHCcASgibvoHbcM2U1p+N6usOZ/1TWMt0g=; b=e9ZWTozDMXpP0LXMaeFPZOJEYnLvRWOq8v75MdqR8uQwKocHmgdWPdcJh0WmUYxEJhEnEdXrLGv2 T6bOD2AEBJEwi1Ob3m4bIWJJyoiHx9fjEdpwAWT1mO+NcUx2xOeLu65lhTk+KSGRsZ+VyXcyHcy7 r01DPAAHvYzc44+yxR8=⁩

    Dkim-Signature: ⁨v=1; a=rsa-sha256; c=relaxed/relaxed; d=mandrillapp.com; i=@mandrillapp.com; q=dns/txt; s=mandrill; t=1517297757; h=From : Subject : References : Message-Id : In-Reply-To : List-Unsubscribe : To : Date : MIME-Version : Content-Type : From : Subject : Date : X-Mandrill-User : List-Unsubscribe; bh=SaGItYXpunHCcASgibvoHbcM2U1p+N6usOZ/1TWMt0g=; b=VFgPu3/y5VwjrHU+8gaNFmlgyKPFW5bUp5hcAz938GYXPv05Op40RHyuzKAO48N1vbrDnA /QnEgCPHX4zRayhbPukRlwYTFvUS8Z2CWS0MytpueurcbSmPhC7RlfoGWI+pObvGhaHzrvvr iIbY4Bmdvni1NNQL7IZJmmRobgPHg=
     
  4. heutger

    heutger Active Member

    Joined:
    Apr 25, 2018
    Messages:
    206
    Likes Received:
    62
    Did you check the spam filter tag/quarantine settings. Check my feature request thread, you need some adjustments. First of all use a local nameserver like bind or untangle.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice