On Mon, 18 Jan 2010 10:40:14 -0500
s...@top-consulting.net wrote:
> If not, how do I stop this type of Spam ?
try making a meta rule that that looks for your domain in "from" and the
absence of a sensible hostname in "message-id"
header. If you
were to do SPF checks on the From header of this email it would be
rejected due to an SPF failure.
--
Mike Cardwell: UK based IT Consultant, LAMP developer, Linux admin
Cardwell IT Ltd. : UK Company - http://cardwellit.com/ #06920226
Technical Blog : Tech Blog - https
I am running Postfix with Amavisd-maia which in turn uses Mail::SpamAssassin..
I am running SPF checks with Postfix and that works reasonably well
but it fails at catching fake senders in the 'DATA' portion of the
SMTP conversation.
Say my domain is: test.com
the envelope of t
Am 2008-06-27 08:17:11, schrieb Richard Frovarp:
> The list is setup without a reply to field. Look at the headers. Anyone
> hitting reply will get the individual who sent who sent the message, not
> the list. I'm guessing people are taking the shortcut of hitting reply
> all (so that they get t
> Matus UHLAR - fantomas wrote:
> >IIRC there was already case provided when MTA didn' dns lookup so it was
> >made to be done via SA (and afaik SA did it before). If my memory is
> >correct, this would be just another case
> >(sorry, no time to search archives/bugs/google by now)
On 29.06.08 16:0
Matus UHLAR - fantomas wrote:
[snip]
IIRC there was already case provided when MTA didn' dns lookup so it was
made to be done via SA (and afaik SA did it before). If my memory is
correct, this would be just another case
(sorry, no time to search archives/bugs/google by now)
yes, it is prob
Matus UHLAR - fantomas wrote:
... and I thought I explained it in the sentence before. Since DNS lookup is
not made by MTA and SA expects it to be, the case where the RDNS is not in Received:
is taken as there is not rdns. Since there is verison's HELO but not RDNS,
it's FM_FAKE_HELO_VERIZON...
> >>Matt Kettler wrote:
> >>
> [snip]
> if so that fake helo should not be fake :=)
>
>
> >>>Well, it shouldn't be fake, because 206.46.173.3 really is
> >>>vms173003pub.verizon.net.
> >>>
> >>>However, it would appear that athena.apache.orgdidn't get an answer to
>
Matus UHLAR - fantomas wrote:
Matt Kettler wrote:
[snip]
if so that fake helo should not be fake :=)
Well, it shouldn't be fake, because 206.46.173.3 really is
vms173003pub.verizon.net.
However, it would appear that athena.apache.orgdidn't get an answer to
its PTR querry.. ei
> Matt Kettler wrote:
> >>[snip]
> >>if so that fake helo should not be fake :=)
> >>
> >Well, it shouldn't be fake, because 206.46.173.3 really is
> >vms173003pub.verizon.net.
> >
> >However, it would appear that athena.apache.orgdidn't get an answer to
> >its PTR querry.. either that or the h
Benny Pedersen wrote:
On Fri, June 27, 2008 03:09, Jo Rhett wrote:
Personal attacks are not relevant to the topic.
hmm
AppleMail is the only mua i have seen that cant make a reply to maillist
without sending cc
you talk like its my problem right ?
is AppleMail the only option you h
Matt Kettler wrote:
[snip]
if so that fake helo should not be fake :=)
Well, it shouldn't be fake, because 206.46.173.3 really is
vms173003pub.verizon.net.
However, it would appear that athena.apache.orgdidn't get an answer to
its PTR querry.. either that or the headers generated by
athen
Agreed! Guys, please take it offline. The SpamAssassin users list is
not an appropriate place for this.
--j.
Rubin Bennett writes:
> Fer the love of Pete guys, take this offline. This has *nothing* to do
> with SpamAssassin other than making me wish my system would toss this
> whole damn thre
Jo, didn't you get your answer several times now? I don't understand
why this thread continues.
Jo Rhett wrote:
On Jun 25, 2008, at 6:34 PM, Benny Pedersen wrote:
then stop cc me
X-ASF-Spam-Status: No, hits=-0.0 required=10.0
tests=FM_FAKE_HELO_VERIZON,SPF_PASS
X-Spam-Check-By: apache.or
Benny Pedersen wrote:
On Thu, June 26, 2008 04:40, Matt Kettler wrote:
I'll attempt to do so. Didn't realize you disliked it.
its like asking 2 times for the same answer and wonder why no answer
Well then set a Reply-to header to point to the list when you post
here... That's what
On Fri, June 27, 2008 04:28, Rubin Bennett wrote:
> ?People and their delicate egos...
> *grumble*
smile :)
X-Mailer: Evolution 2.22.0-4.1mdv2008.1
another mua is found brokken
--
Benny Pedersen
Need more webspace ? http://www.servage.net/?coupon=cust37098
Fer the love of Pete guys, take this offline. This has *nothing* to do
with SpamAssassin other than making me wish my system would toss this
whole damn thread.
People and their delicate egos...
*grumble*
Rubin
On Fri, 2008-06-27 at 04:13 +0200, Benny Pedersen wrote:
> On Fri, June 27, 2008 03:
On Fri, June 27, 2008 03:09, Jo Rhett wrote:
> Personal attacks are not relevant to the topic.
hmm
AppleMail is the only mua i have seen that cant make a reply to maillist
without sending cc
you talk like its my problem right ?
is AppleMail the only option you have ?
if i had to use such bad
Dave, what are you complaining about? This thread went sideways
without my involvement. I was replying to someone else's query about
Benny's mail servers sending back random SPF failure backscatter
messages.
On Jun 26, 2008, at 5:22 PM, Dave Koontz wrote:
Jo, didn't you get your answer se
On Jun 26, 2008, at 5:43 PM, Benny Pedersen wrote:
and you are a constant ignorant sending me cc
get a life
Personal attacks are not relevant to the topic.
Sending someone a CC to a message they sent, and to which their mail
headers sets reply-to, is only a problem in Bennys mind. But he
On Fri, June 27, 2008 02:08, Jo Rhett wrote:
> I'm sorry, but you're a constant source of backscatter, Benny.
and you are a constant ignorant sending me cc
get a life
--
Benny Pedersen
Need more webspace ? http://www.servage.net/?coupon=cust37098
On Jun 25, 2008, at 6:34 PM, Benny Pedersen wrote:
then stop cc me
X-ASF-Spam-Status: No, hits=-0.0 required=10.0
tests=FM_FAKE_HELO_VERIZON,SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass (athena.apache.org: domain of [EMAIL PROTECTED]
designates 206.46.173.3 as permitted sender)
Re
> Benny Pedersen wrote:
> >On Fredag, 20/6 2008, 10:04, Henrik K wrote:
> >
> >>On Fri, Jun 20, 2008 at 12:12:45AM -0400, Matt Kettler wrote:
> >>
> >>>That is correct, SPF checks are applied to the first untrusted host.
> >>>
&
On Thu, June 26, 2008 04:40, Matt Kettler wrote:
> I'll attempt to do so. Didn't realize you disliked it.
its like asking 2 times for the same answer and wonder why no answer
> I'm SA interpreted the Received header as meaning that athena.apache.org
> found no reverse-lookup the host, and that
Benny Pedersen wrote:
On Thu, June 26, 2008 02:54, Matt Kettler wrote:
It's a fine distinction, but one that does matter to some folks who are
set up this way. In most cases the two are equal, but that doesn't
excuse me from confusing the two. I should know better. :)
then stop cc me
On Thu, June 26, 2008 02:54, Matt Kettler wrote:
> It's a fine distinction, but one that does matter to some folks who are
> set up this way. In most cases the two are equal, but that doesn't
> excuse me from confusing the two. I should know better. :)
then stop cc me
X-ASF-Spam-Status: No, hit
Benny Pedersen wrote:
On Fredag, 20/6 2008, 10:04, Henrik K wrote:
On Fri, Jun 20, 2008 at 12:12:45AM -0400, Matt Kettler wrote:
That is correct, SPF checks are applied to the first untrusted host.
Matt, you should know better. ;) It's first _external_ host.
and is
> On Jun 25, 2008, at 2:34 AM, Henrik K wrote:
> >You have already your options:
> >
> >- Add all hosts to internal_networks.
> >- Don't call SA at all
> >
> >Why is this getting on and on?
On 25.06.08 03:00, Jo Rhett wrote:
> Why is it getting offtopic, I don't know.
>
> Why is the conversation
Jo Rhett wrote:
On Jun 22, 2008, at 8:22 PM, Matt Kettler wrote:
Just because a packet can get theredoesn't mean they can deliver
mail. (by the way, IMO you're *insane* for not having a something in
place that filters such things. A simple PIX firewall at your border
with "ip verify reverse-pa
On Wed, Jun 25, 2008 at 03:08:48AM -0700, Jo Rhett wrote:
>> On Wed, Jun 25, 2008 at 03:00:47AM -0700, Jo Rhett wrote:
>>> reading the code it implies that maybe I should make
>>> internal_networks explicitly defined (right now its implicit and
>>> thus ==
>>> trusted_networks) to be smaller tha
Jo Rhett wrote:
If you do get a connection attempt from a non routable address on your
SMTP servers external interface, you should have no way to acknowladge
the connection if your own border router is configured correctly.
You are assuming that there is enough infrastructure to provide a bor
On Wed, Jun 25, 2008 at 03:00:47AM -0700, Jo Rhett wrote:
reading the code it implies that maybe I should make
internal_networks explicitly defined (right now its implicit and
thus ==
trusted_networks) to be smaller than trusted networks. This will
probably solve my SPF problem. Is there a
On Jun 25, 2008, at 2:49 AM, Matus UHLAR - fantomas wrote:
slovakia ended on machine at german machine. I know that something
can be
broken at this level. I just think that SA should not take care about
this...
Hm. Not sure I agree. I'm not asking SA to prevent it from
happening. I just
On Wed, Jun 25, 2008 at 03:00:47AM -0700, Jo Rhett wrote:
> On Jun 25, 2008, at 2:34 AM, Henrik K wrote:
>> This is getting out of hand and offtopic..
>
> Yes
>
>> You have already your options:
>>
>> - Add all hosts to internal_networks.
>> - Don't call SA at all
>>
>> Why is this getting on and o
On Jun 25, 2008, at 2:34 AM, Henrik K wrote:
This is getting out of hand and offtopic..
Yes
You have already your options:
- Add all hosts to internal_networks.
- Don't call SA at all
Why is this getting on and on?
Why is it getting offtopic, I don't know.
Why is the conversation still
> On Jun 23, 2008, at 12:23 AM, Matus UHLAR - fantomas wrote:
> >it one packet reaches your host, nothing happends. Fot the TCP/SMTP
> >connections to be opened, (at least) three packets must be sent, in
> >both
> >directions. If you can trace to 10.x address that is not part of your
> >network,
On Wed, Jun 25, 2008 at 02:18:01AM -0700, Jo Rhett wrote:
>
> NOW, let's return to securing SA properly.
This is getting out of hand and offtopic..
You have already your options:
- Add all hosts to internal_networks.
- Don't call SA at all
Why is this getting on and on?
On Jun 23, 2008, at 12:23 AM, Matus UHLAR - fantomas wrote:
it one packet reaches your host, nothing happends. Fot the TCP/SMTP
connections to be opened, (at least) three packets must be sent, in
both
directions. If you can trace to 10.x address that is not part of your
network, it's a problem
On Jun 22, 2008, at 8:22 PM, Matt Kettler wrote:
Just because a packet can get theredoesn't mean they can deliver
mail. (by the way, IMO you're *insane* for not having a something in
place that filters such things. A simple PIX firewall at your border
with "ip verify reverse-path" enabled wo
On Jun 22, 2008, at 4:09 PM, Jonas Eckerman wrote:
If you do get a connection attempt from a non routable address on
your SMTP servers external interface, you should have no way to
acknowladge the connection if your own border router is configured
correctly.
You are assuming that there is
On Jun 20, 2008, at 1:52 PM, mouss wrote:
I've never had an ISP/hoster block bogons, but I've never let them
in. it's part of the first rules in ipf/pf/iptables/router/$FW (and
in both directions. so my networks never send packets with bogon IPs
to the internet). if you don't partition the n
On Jun 20, 2008, at 1:13 PM, Henrik K wrote:
On Fri, Jun 20, 2008 at 12:58:55PM -0700, Jo Rhett wrote:
On Jun 20, 2008, at 12:44 PM, Henrik K wrote:
You _need_ to have everything internal, so there will be no SPF
lookups.
Your fear of IP spoofers makes no sense to me, how do you think
someone
c
> On Jun 20, 2008, at 11:49 AM, John Hardin wrote:
> >10.x is (supposedly) not routable on the public internet. If you see
> >10.x (or other RFC-1918) traffic coming in from the world, your ISP
> >is broken.
On 20.06.08 11:57, Jo Rhett wrote:
> Does your ISP filter egress packets on your inter
Jo Rhett wrote:
On Jun 20, 2008, at 11:49 AM, John Hardin wrote:
10.x is (supposedly) not routable on the public internet. If you see
10.x (or other RFC-1918) traffic coming in from the world, your ISP
is broken.
You don't run packet sniffers on your hosts much, do you? ;-)
Does your ISP fi
Jo Rhett wrote:
10.x is (supposedly) not routable on the public internet. If you see
10.x (or other RFC-1918) traffic coming in from the world, your ISP is
broken.
You don't run packet sniffers on your hosts much, do you? ;-)
If you do get a connection attempt from a non routable address o
Jo Rhett wrote:
On Jun 20, 2008, at 11:49 AM, John Hardin wrote:
10.x is (supposedly) not routable on the public internet. If you see
10.x (or other RFC-1918) traffic coming in from the world, your ISP
is broken.
You don't run packet sniffers on your hosts much, do you? ;-)
Does your ISP fi
On Fri, 20 Jun 2008, Jo Rhett wrote:
On Jun 20, 2008, at 11:49 AM, John Hardin wrote:
10.x is (supposedly) not routable on the public internet. If you see 10.x
(or other RFC-1918) traffic coming in from the world, your ISP is broken.
You don't run packet sniffers on your hosts much, do you? ;
On Fri, Jun 20, 2008 at 12:58:55PM -0700, Jo Rhett wrote:
> On Jun 20, 2008, at 12:44 PM, Henrik K wrote:
>> You _need_ to have everything internal, so there will be no SPF
>> lookups.
>> Your fear of IP spoofers makes no sense to me, how do you think
>> someone
>> could accomplish that? Just p
On Jun 20, 2008, at 12:44 PM, Henrik K wrote:
You _need_ to have everything internal, so there will be no SPF
lookups.
Your fear of IP spoofers makes no sense to me, how do you think
someone
could accomplish that? Just put the 10.something there.
You could have said that a lot easier ;-)
U
On Fri, Jun 20, 2008 at 12:31:06PM -0700, Jo Rhett wrote:
> On Jun 20, 2008, at 12:23 PM, Henrik K wrote:
>> Jo, you are unbelievable in a funny way.
>>
>> You always come up with dozens of posts seemingly with the attitude "I
>> must
>> be right". You don't configure things like they should be, a
On Jun 20, 2008, at 12:23 PM, Henrik K wrote:
Jo, you are unbelievable in a funny way.
You always come up with dozens of posts seemingly with the attitude
"I must
be right". You don't configure things like they should be, and then
complain
that things don't work. Just set up the friggin netw
On Fri, Jun 20, 2008 at 11:57:38AM -0700, Jo Rhett wrote:
> On Jun 20, 2008, at 11:49 AM, John Hardin wrote:
>> 10.x is (supposedly) not routable on the public internet. If you see
>> 10.x (or other RFC-1918) traffic coming in from the world, your ISP is
>> broken.
>
>
> You don't run packet sni
On Fredag, 20/6 2008, 20:49, John Hardin wrote:
> 10.x is (supposedly) not routable on the public internet. If you see 10.x
> (or other RFC-1918) traffic coming in from the world, your ISP is broken.
pppoe, but firewall it to be sure, rule is newer accept connections from non
routable ips from o
On Fri, Jun 20, 2008 at 11:01:40AM -0700, Jo Rhett wrote:
> On Jun 20, 2008, at 10:44 AM, Henrik K wrote:
>> On Fri, Jun 20, 2008 at 10:28:25AM -0700, Jo Rhett wrote:
>>>>> On Fri, Jun 20, 2008 at 12:12:45AM -0400, Matt Kettler wrote:
>>>>>> That is co
On Fredag, 20/6 2008, 19:59, Jo Rhett wrote:
>> netconsonance.com. IN TXT "v=spf1 ip4:64.13.134.178 ip4:64.13.143.17
>> ip4:209.157.140.144 mx ~all"
>> not you ?
> Nope ;-)
added .17 to the domain you are sending from, but its not you so not your
problem :)
Benny Pedersen
Need more webspace ?
On Jun 20, 2008, at 11:49 AM, John Hardin wrote:
10.x is (supposedly) not routable on the public internet. If you see
10.x (or other RFC-1918) traffic coming in from the world, your ISP
is broken.
You don't run packet sniffers on your hosts much, do you? ;-)
Does your ISP filter egress pac
2 PM, Matt Kettler wrote:
That is correct, SPF checks are applied to the first untrusted host. The
question here would be if 10.x.x.x is in fact an internal, and presumably
trusted, network, why isn't it trusted?
The mail server I'm receiving this on is in the outside world. If a 10.x
ad
On Jun 19, 2008, at 9:21 PM, John Hardin wrote:
/from \S+\.svcolo\.com (\S+ \[10\.\d+\.\d+\.\d+\]) by arran\.svcolo
\.com
(/
You actually need some backslashes too, but I figured it out. Thanks.
See my other note about trusted_hosts breaking all forms of
whitelisting, FYI. This kind of h
On Fredag, 20/6 2008, 10:04, Henrik K wrote:
> On Fri, Jun 20, 2008 at 12:12:45AM -0400, Matt Kettler wrote:
>> That is correct, SPF checks are applied to the first untrusted host.
> Matt, you should know better. ;) It's first _external_ host.
and is most of the time ols
On Jun 20, 2008, at 10:44 AM, Henrik K wrote:
On Fri, Jun 20, 2008 at 10:28:25AM -0700, Jo Rhett wrote:
On Fri, Jun 20, 2008 at 12:12:45AM -0400, Matt Kettler wrote:
That is correct, SPF checks are applied to the first untrusted
host
Henrik K wrote:
Matt, you should know better. ;) It
On Fredag, 20/6 2008, 05:37, Jo Rhett wrote:
I'm trying to figure out how to stop SPF_FAIL on messages generated
on
an internal rfc1918 network and routed through a trusted host.
On Jun 20, 2008, at 10:37 AM, Benny Pedersen wrote:
netconsonance.com. IN TXT "v=spf1 ip4:64.13.134.178 ip4:64.1
On Fri, Jun 20, 2008 at 10:28:25AM -0700, Jo Rhett wrote:
>>> On Fri, Jun 20, 2008 at 12:12:45AM -0400, Matt Kettler wrote:
>>>> That is correct, SPF checks are applied to the first untrusted host
>>>
>
>> Henrik K wrote:
>>> Matt, you should know b
On Fredag, 20/6 2008, 05:37, Jo Rhett wrote:
> I'm trying to figure out how to stop SPF_FAIL on messages generated on
> an internal rfc1918 network and routed through a trusted host.
netconsonance.com. IN TXT "v=spf1 ip4:64.13.134.178 ip4:64.13.143.17
ip4:209.157.140.144 mx ~all"
not you ?
>> R
On Fri, Jun 20, 2008 at 12:12:45AM -0400, Matt Kettler wrote:
That is correct, SPF checks are applied to the first untrusted host
Henrik K wrote:
Matt, you should know better. ;) It's first _external_ host.
On Jun 20, 2008, at 3:54 AM, Matt Kettler wrote:
Doh.. my bad.
Huh? Ho
On Jun 19, 2008, at 9:12 PM, Matt Kettler wrote:
That is correct, SPF checks are applied to the first untrusted host.
The question here would be if 10.x.x.x is in fact an internal, and
presumably trusted, network, why isn't it trusted?
The mail server I'm receiving this on is in t
On Fri, 20 Jun 2008, mouss wrote:
John Hardin wrote:
On Thu, 2008-06-19 at 20:54 -0700, John Hardin wrote:
> header XX Received =~ /from \S+\.svcolo\.com (\S+ \[10\.\d\.\d\.\d\])
> by arran\.svcolo\.com (/
> score XX -5
Oops. Need some plusses in there...
/from \S+\.svcolo\.com (\
Matt Kettler wrote:
Why do neither of those options make sense? I do both in my network,
albeit that version SPF is only in my internal view, and I actually
use 10.xx.0.0/16 not 10/8. (I only use a /16, not the whole /8)
Is there some detail that's missing here? ie: do you have a compelling
r
Henrik K wrote:
On Fri, Jun 20, 2008 at 12:12:45AM -0400, Matt Kettler wrote:
That is correct, SPF checks are applied to the first untrusted host.
Matt, you should know better. ;) It's first _external_ host.
Doh.. my bad.
On Fri, Jun 20, 2008 at 12:12:45AM -0400, Matt Kettler wrote:
>
> That is correct, SPF checks are applied to the first untrusted host.
Matt, you should know better. ;) It's first _external_ host.
John Hardin wrote:
On Thu, 2008-06-19 at 20:54 -0700, John Hardin wrote:
header XX Received =~ /from \S+\.svcolo\.com (\S+ \[10\.\d\.\d\.\d\]) by
arran\.svcolo\.com (/
score XX -5
Oops. Need some plusses in there...
/from \S+\.svcolo\.com (\S+ \[10\.\d+\.\d+\.\d+\]) by arran\.svc
On Thu, 2008-06-19 at 20:54 -0700, John Hardin wrote:
> header XX Received =~ /from \S+\.svcolo\.com (\S+ \[10\.\d\.\d\.\d\]) by
> arran\.svcolo\.com (/
> score XX -5
Oops. Need some plusses in there...
/from \S+\.svcolo\.com (\S+ \[10\.\d+\.\d+\.\d+\]) by arran\.svcolo\.com
(/
--
John H
eived header because B is trusted.
That is correct, SPF checks are applied to the first untrusted host. The
question here would be if 10.x.x.x is in fact an internal, and
presumably trusted, network, why isn't it trusted?
Also, presuming we're talking about your own domain, why aren
HTTP_TO_IP=0.001, SPF_FAIL=3.5
> >
> Obviously, putting 10/8 into the published SPF record makes no sense
> at all, nor does adding 10/8 to the trusted_networks.
>
> So... how can I say "I trust Host B so much that I don't want to go
> any farther for SPF checks?"
P=0.001, SPF_FAIL=3.5
Obviously, putting 10/8 into the published SPF record makes no sense
at all, nor does adding 10/8 to the trusted_networks.
So... how can I say "I trust Host B so much that I don't want to go
any farther for SPF checks?"
--
Jo Rhett
Net Conso
So I saw on this list a comment about skipping SPF checks for
authenticated users, to use LOCAL_AUTH_RCVD like so:
header LOCAL_AUTH_RCVDReceived =~ /\(authenticated as [EMAIL PROTECTED]) by
host.name.dom /
Well, I got this working properly but I found that it doesn't do
anythi
clients, so it's hard/impossible to put that in the SPF record
- so, mail submitted from desktop clients is getting marked as
failing the SPF check
So... is there a way to turn off SPF checks for mail coming from
authenticated clients, without turning off all the other checks (as,
for exa
cks to incoming mail, but...
- for SPF purposes, the envelope sender is now the dynamic IP of the
desktop clients, so it's hard/impossible to put that in the SPF record
- so, mail submitted from desktop clients is getting marked as failing
the SPF check
So... is there a way to turn off S
t...
- for SPF purposes, the envelope sender is now the dynamic IP of the
desktop clients, so it's hard/impossible to put that in the SPF record
- so, mail submitted from desktop clients is getting marked as failing
the SPF check
So... is there a way to turn off SPF checks for m
It looks like ihlas.net.tr is running SPF checks on mail relays within
their local network. This is a bad idea, since this will cause most if
not all SPF checks performed on internal relays to fail, as nobody
else can be assumed to have your maile gateway in their SPF list...
On 15 Aug 2006
>> Hmmm... Another potential SPF issue... I have a customer with AMEX,
>> received an email from them, and the SPF checks conflict with each
>> other:
>>
>>
>> helo=
>>
>> Received: from mta301.email.americanexpress.com
>> (mta301.email.ameri
Brian Taber wrote:
Hmmm... Another potential SPF issue... I have a customer with AMEX,
received an email from them, and the SPF checks conflict with each other:
helo=
Received: from mta301.email.americanexpress.com
(mta301.email.americanexpress.com [206.132.204.250])
From: [EMAIL PROTECTED
Hmmm... Another potential SPF issue... I have a customer with AMEX,
received an email from them, and the SPF checks conflict with each other:
helo=
Received: from mta301.email.americanexpress.com
(mta301.email.americanexpress.com [206.132.204.250])
From: [EMAIL PROTECTED]
And the scores
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Daryl C. W. O'Shea writes:
> Brian Taber wrote:
> > As for the scores, score of 0 for PASS makes perfect sense, but a FAIL
> > should receive at least the same score as a SOFTFAIL, because a FAIL means
> > the email is definately from a forged sender
Brian Taber wrote:
Figured that what are the mass-check's you mentioned? Is there
somewhere I can go to find out more? Is there a way to update
spamassassin with the newest scores?
http://wiki.apache.org/spamassassin/MassCheck
http://wiki.apache.org/spamassassin/RescoreDetails
http://wik
Brian Taber wrote:
As for the scores, score of 0 for PASS makes perfect sense, but a FAIL
should receive at least the same score as a SOFTFAIL, because a FAIL means
the email is definately from a forged sender (on the other hand the FAIL
may be because the person who created the SPF records had n
Since I am using spamassassin via MailScanner, I dug into my config files
more (took a while) I found an option in spam.assassin.prefs.conf called
envelope_sender_header that was not set properly, now all SPF checks
work...
As for the scores, score of 0 for PASS makes perfect sense, but a FAIL
Brian Taber wrote:
The second is about the scores assigned to SPF failures. SPF_HELO_SOFTFAIL
has a score of 3.140 (so if the provider has ~all in their SPF record,
they aren't really sure if their SPF record covers all of their servers,
you get SOFTFAIL), but SPF_HELO_FAIL has a score of 0.001 (
Brian Taber wrote:
I am using spamassassin 3.0.4-1 with MailScanner. I have 2
questions/issues about SPF checks.
It seams that SA is only doing HELO SPF checks (I didn't even know those
existed till now) and not actual checks on the from addresses. Is this a
config issue? I would li
Loren Wilton wrote on Sat, 2 Jul 2005 18:07:19 -0700:
> I think perhaps SPF is supposed to match against the sender in the envelope,
> or possibly the received header, rather than the From header, which is
> trivially forged
Now that you say that I remember that you can configure this in local.
I think perhaps SPF is supposed to match against the sender in the envelope,
or possibly the received header, rather than the From header, which is
trivially forged.
Others will be able to give more information. I know the rule score of .001
is deliberate, but I don't recall immediately why. It
I am using spamassassin 3.0.4-1 with MailScanner. I have 2
questions/issues about SPF checks.
It seams that SA is only doing HELO SPF checks (I didn't even know those
existed till now) and not actual checks on the from addresses. Is this a
config issue? I would like to enable these. I
Ronny Nussbaum wrote:
> Hello,
> I've tried to find an answer to this, but couldn't.
>
> I'm using SA 3.0.3, invoked by Amavisd-New (latest version), on Fedora
> Core 3.
>
> I've installed the Mail::SPF::Query module, and it works fine.
>
> My question is, how can I disable it from being used
Ronny Nussbaum wrote:
Hello,
I've tried to find an answer to this, but couldn't.
I'm using SA 3.0.3, invoked by Amavisd-New (latest version), on Fedora
Core 3.
I've installed the Mail::SPF::Query module, and it works fine.
My question is, how can I disable it from being used by SA?
I'm l
Hello,
I've tried to find an answer to this, but couldn't.
I'm using SA 3.0.3, invoked by Amavisd-New (latest version), on Fedora Core 3.
I've installed the Mail::SPF::Query module, and it works fine.
My question is, how can I disable it from being used by SA?
I'm looking for another way be
94 matches
Mail list logo