On 9 Aug 2016, at 17:56, Anthony Hoppe wrote:
My first thought is to increase the weight of SPF_FAIL, but I'm not
sure what unintended consequences this may create?
There are a substantial number of domains with overly-restrictive SPF.
There are also still transparent forwarders out there tha
On 2016-08-10 01:22, Anthony Hoppe wrote:
Our mail setup (Zimbra) uses postfix.
http://www.impsec.org/~jhardin/antispam/milter-regex.conf
and postfix support milters
Our mail setup (Zimbra) uses postfix.
- Original Message -
From: "John Hardin"
To: "SpamAssassin"
Sent: Tuesday, August 9, 2016 4:20:22 PM
Subject: Re: Spoofed Domain
On Tue, 9 Aug 2016, Anthony Hoppe wrote:
> Though I think I'd rather just reject...that seems to make more sense.
> I
On Tue, 9 Aug 2016, Anthony Hoppe wrote:
Though I think I'd rather just reject...that seems to make more sense.
I'll need to do some research on how to reject messages with a from and
to domain of my domain that match that are being sent from an external
network.
What's your MTA?
Here's how
On Wed, 10 Aug 2016, Benny Pedersen wrote:
On 2016-08-10 00:23, John Hardin wrote:
You could score a meta of SPF_FAIL + return-path in your domain as a
poison pill, but as others have said, these shouldn't make it all the
way to SA.
waste of time, mta stage should not accept local domains
On 2016-08-10 00:23, John Hardin wrote:
You could score a meta of SPF_FAIL + return-path in your domain as a
poison pill, but as others have said, these shouldn't make it all the
way to SA.
waste of time, mta stage should not accept local domains as sender on
port 25, simple, it does not even
Hmm. Tagging the message is an option. Though I think I'd rather just
reject...that seems to make more sense. I'll need to do some research on how to
reject messages with a from and to domain of my domain that match that are
being sent from an external network. In theory, these messages should a
You could "tag" messages though that originate externally, claim
to be From and destined To domain. I've thought of doing that
locally. You know, alter the Subject line with [PHISH?] or
something like that.
However SPF is really a terrible tool. By design it operates
on the envelope, which ma
On Tue, 9 Aug 2016, Anthony Hoppe wrote:
Someone out there has decided to spoof our domain and send us spam. My
first thought was that SPF checks were not working, but in analyzing the
headers of a message one of our users received SPF_FAIL is triggering,
but the weight is very low. My first t
When you say SPF is not a good tool for filtering, do you mean that it
shouldn't be used at all? Or if SPF_FAIL is triggered that an email should be
rejected altogether?
From: "Vincent Fox"
To: "Anthony Hoppe" , "SpamAssassin"
Sent: Tuesday, August 9, 2016 3:09:02 PM
Subject: Re: Spoofed
SPF is not a good tool for filtering IMO.
Scoring? Why score them? If you get to the SpamAssassin
layer with this you've already failed. Reject!
We use ClamAV Foxhole databases, to severely restrict attachment types.
Combined with a little bit of greet_pause, and a ton of greylist penalty
Hmm, that's not a bad idea for this particular instance. I may do that.
From: "Rob McEwen"
To: "SpamAssassin"
Sent: Tuesday, August 9, 2016 3:01:57 PM
Subject: Re: Spoofed Domain
On 8/9/2016 5:56 PM, Anthony Hoppe wrote:
> Here are the headers as an example:
> http://pastebin.com/bnU0np
On 8/9/2016 5:56 PM, Anthony Hoppe wrote:
Here are the headers as an example:
http://pastebin.com/bnU0npLR
This particular email has a macro-enabled Word document attached, but I
don't want to assume this will be the case every time.
Any tips/tricks/suggestions would be greatly appreciated!
I t
Hello All,
Although I've been a member of this list for a while, I'm still very much a
n00b when it comes to SpamAssassin. So please keep that in mind when you read
my message (don't hurt me!)... :-)
Someone out there has decided to spoof our domain and send us spam. My first
thought was tha
On Tue, 9 Aug 2016, li...@rhsoft.net wrote:
Am 09.08.2016 um 18:08 schrieb Kevin Golding:
Based on what you're trying to do:
man dig
don't help, see below
or depending on your resolver possibly:
man drill
don't help, see below
Whilst I agree it is slightly more effort to set-up w
Am 09.08.2016 um 18:08 schrieb Kevin Golding:
Based on what you're trying to do:
man dig
don't help, see below
or depending on your resolver possibly:
man drill
don't help, see below
Whilst I agree it is slightly more effort to set-up whitelisting by
looking up the details first it wou
On Tue, 09 Aug 2016 16:43:50 +0100, Nicola Piazzi
wrote:
WHITELIST_FROM_RCVD require to know mailserver name
Take this example :
whitelist_from_rcvd *@axkit.org sergeant.org
We want to accept all domain axkit.org and we are sure that is not
spoofing when it come from names that end w
WHITELIST_FROM_RCVD require to know mailserver name
Take this example :
whitelist_from_rcvd *@axkit.org sergeant.org
We want to accept all domain axkit.org and we are sure that is not spoofing
when it come from names that end with domain sergeant.org
But if I have only email address I cant
Am 09.08.2016 um 17:39 schrieb RW:
On Tue, 9 Aug 2016 15:19:08 +
Nicola Piazzi top-posted:
I dont know if you want to find a solution of if you want to say why
i am searching one. Reason is this :
I have SPF_PASS, a variable that tell me that who send is proprietary
of that domain I KNOW
On Tue, 9 Aug 2016 15:19:08 +
Nicola Piazzi top-posted:
> I dont know if you want to find a solution of if you want to say why
> i am searching one. Reason is this :
> I have SPF_PASS, a variable that tell me that who send is proprietary
> of that domain I KNOW PERFECTLY THAT SOMEONE CAN TELL
I dont know if you want to find a solution of if you want to say why i am
searching one.
Reason is this :
I have SPF_PASS, a variable that tell me that who send is proprietary of that
domain
I KNOW PERFECTLY THAT SOMEONE CAN TELL SPAM WITH A PURCHASED REGULAR NON
SPOOFED DOMAIN
But I can combine
> On Tue, 9 Aug 2016 08:45:54 +
> Nicola Piazzi wrote:
>
>> whitelist_from_rcvd is intended to legitimate a single somain,
>> specifiing domain by domain
>>
>> I need something that tell me that check all incoming email and say
>> if the originating ip (or class c) is the same of mx record
>>
>
On Tue, 9 Aug 2016 08:45:54 +
Nicola Piazzi wrote:
> whitelist_from_rcvd is intended to legitimate a single somain,
> specifiing domain by domain
>
> I need something that tell me that check all incoming email and say
> if the originating ip (or class c) is the same of mx record
>
> This can
Please keep list mail on the list.
Direct replies unless stated as OFFLIST are not welcome.
On 08/09/2016 10:51 AM, Nicola Piazzi wrote:
Hi,
I dont want to specify some names
I need a rule that tell me if an email was sent using the same ip of the domain
mx record
So I am sure that the email c
FTR: you can also do
whitelist_from_rcvd *@* gruppocomet.it
or
whitelist_from_rcvd *@*.it gruppocomet.it
or variations of...
On 08/09/2016 10:45 AM, Nicola Piazzi wrote:
whitelist_from_rcvd is intended to legitimate a single somain, specifiing
domain by domain
I need something that tell me t
whitelist_from_rcvd is intended to legitimate a single somain, specifiing
domain by domain
I need something that tell me that check all incoming email and say if the
originating ip (or class c) is the same of mx record
This can be intended like an SPF_PASS when people doesn t set spf at all.
On Tue, 09 Aug 2016 09:10:06 +0100, Nicola Piazzi
wrote:
Hi
A lot of time we receive mail that are SPF NONE and have no DKIM
Il will be useful a little plugin that be able to give another chance to
legitimate these emails
A lot of servers use the same machine to send and receive emails,
Pl
Hi
A lot of time we receive mail that are SPF NONE and have no DKIM
Il will be useful a little plugin that be able to give another chance to
legitimate these emails
A lot of servers use the same machine to send and receive emails,
Plugin must read sender domain and search if the IP used to send to
28 matches
Mail list logo