Re: SPF custom rule
Bret Miller wrote: Thanks for the info Bret. What I've come up with is this: header _FROM_DOMAIN From ~= /example\.com/i header _SPF_TRUE /\bSPF_FAIL\b/ meta DOMAIN_SPF_TRUE (_FROM_DOMAIN_SPF_TRUE) score DOMAIN_SPF_TRUE 10.0 Will this work? Kinda, with few changes: header __FROM_DOMAIN From ~= /\bexample\.com\b/i header __SPF_TRUE ALL ~= /\bSPF_FAIL\b/ This will make sure you get example.com and not myexample.communists. However, the From header is *really* easy to spoof, so this isn't much of a check. You would probaly be better off looking for the host name in one of the received headers. You also need to give a target to the second header test. I used "ALL" to search all of the headers for the string you want. However, if you know the name of the header you are looking for, you could better do something like header __SPF_CHECKSPF_FAIL:Exists Assuming the header was named "SPF_FAIL" Note also you want two leading underscores, not one, on those meta parts, so the final line becomes: meta DOMAIN_SPF_TRUE (__FROM_DOMAIN __SPF_TRUE) Loren Hi Loren Thank you very much. I'll give it a try. The final filter will then look like this? header __FROM_DOMAIN From ~= /\bexample\.com\b/i header __SPF_TRUE ALL ~= /\bSPF_FAIL\b/ meta DOMAIN_SPF_TRUE (__FROM_DOMAIN__SPF_TRUE) score DOMAIN_SPF_TRUE 10.0 Just a question though.. This whole process happens in Spamassassin... Will there be a SPF_FAIL in the header already at the time of this check?? I get the feeling there won't.. If the SPF test is happening in SA anyway, then you can reduce this to two rules: header __FROM_DOMAIN From ~= /\bexample\.com\b/i meta DOMAIN_SPF_TRUE (__FROM_DOMAINSPF_FAIL) score DOMAIN_SPF_TRUE 10.0 SPF_FAIL is part of the standard rule set in 25_spf.cf. No sense in checking the condition twice. Bret The rule works 100%. Had to tweak it a bit and clean out some syntax errors, but it works. :) header __DOMAIN_FROM From =~ /\bexample\.com\b/i meta DOMAIN_SPF_TRUE (__DOMAIN_FROM (SPF_SOFTFAIL || SPF_FAIL)) score DOMAIN_SPF_TRUE 5.0 Thanks for all the help . Regards JvdW
Re: SPF custom rule
Bret Miller wrote: I need to look at setting up a custom rule based on a SPF result. If mail is sent from domain xyz.com and the SPF record matches, let it pass as per normal. If on the other hand the SPF record fails for xyz.com, add +5 to the score. This has to happen ONLY for domain xyz.com. All others will be handled by Spamassassin the normal way. I can't specify the syntax directly for you, but a good method of doing this would be to create a rule to detect the message is from that domain then use a meta rule to score if the message hits both from that domain and SPF_FAIL. Bret Thanks for the info Bret. What I've come up with is this: header _FROM_DOMAIN From ~= /example\.com/i header _SPF_TRUE /\bSPF_FAIL\b/ meta DOMAIN_SPF_TRUE (_FROM_DOMAIN_SPF_TRUE) score DOMAIN_SPF_TRUE 10.0 Will this work? Regards JvdW
Re: SPF custom rule
Loren Wilton wrote: Thanks for the info Bret. What I've come up with is this: header _FROM_DOMAIN From ~= /example\.com/i header _SPF_TRUE /\bSPF_FAIL\b/ meta DOMAIN_SPF_TRUE (_FROM_DOMAIN_SPF_TRUE) score DOMAIN_SPF_TRUE 10.0 Will this work? Kinda, with few changes: header __FROM_DOMAIN From ~= /\bexample\.com\b/i header __SPF_TRUE ALL ~= /\bSPF_FAIL\b/ This will make sure you get example.com and not myexample.communists. However, the From header is *really* easy to spoof, so this isn't much of a check. You would probaly be better off looking for the host name in one of the received headers. You also need to give a target to the second header test. I used ALL to search all of the headers for the string you want. However, if you know the name of the header you are looking for, you could better do something like header __SPF_CHECKSPF_FAIL:Exists Assuming the header was named SPF_FAIL Note also you want two leading underscores, not one, on those meta parts, so the final line becomes: meta DOMAIN_SPF_TRUE (__FROM_DOMAIN __SPF_TRUE) Loren Hi Loren Thank you very much. I'll give it a try. The final filter will then look like this? header __FROM_DOMAIN From ~= /\bexample\.com\b/i header __SPF_TRUE ALL ~= /\bSPF_FAIL\b/ meta DOMAIN_SPF_TRUE (__FROM_DOMAIN__SPF_TRUE) score DOMAIN_SPF_TRUE 10.0 Just a question though.. This whole process happens in Spamassassin... Will there be a SPF_FAIL in the header already at the time of this check?? I get the feeling there won't.. Regards JvdW
SPF custom rule
Hi all I need to look at setting up a custom rule based on a SPF result. If mail is sent from domain xyz.com and the SPF record matches, let it pass as per normal. If on the other hand the SPF record fails for xyz.com, add +5 to the score. This has to happen ONLY for domain xyz.com. All others will be handled by Spamassassin the normal way. I'm new to these sort of rules so any help would be greatly appreciated. Regards JvdW