Re: SpamAssassin SPF Checks

On Mon, 18 Jan 2010 10:40:14 -0500 s...@top-consulting.net wrote: > If not, how do I stop this type of Spam ? try making a meta rule that that looks for your domain in "from" and the absence of a sensible hostname in "message-id"

Re: SpamAssassin SPF Checks

header. If you were to do SPF checks on the From header of this email it would be rejected due to an SPF failure. -- Mike Cardwell: UK based IT Consultant, LAMP developer, Linux admin Cardwell IT Ltd. : UK Company - http://cardwellit.com/ #06920226 Technical Blog : Tech Blog - https

SpamAssassin SPF Checks

I am running Postfix with Amavisd-maia which in turn uses Mail::SpamAssassin.. I am running SPF checks with Postfix and that works reasonably well but it fails at catching fake senders in the 'DATA' portion of the SMTP conversation. Say my domain is: test.com the envelope of t

Re: MODERATION REQUEST: how to stop SPF checks from going past trusted host?

Am 2008-06-27 08:17:11, schrieb Richard Frovarp: > The list is setup without a reply to field. Look at the headers. Anyone > hitting reply will get the individual who sent who sent the message, not > the list. I'm guessing people are taking the shortcut of hitting reply > all (so that they get t

Re: how to stop SPF checks from going past trusted host?

> Matus UHLAR - fantomas wrote: > >IIRC there was already case provided when MTA didn' dns lookup so it was > >made to be done via SA (and afaik SA did it before). If my memory is > >correct, this would be just another case > >(sorry, no time to search archives/bugs/google by now) On 29.06.08 16:0

Re: how to stop SPF checks from going past trusted host?

Matus UHLAR - fantomas wrote: [snip] IIRC there was already case provided when MTA didn' dns lookup so it was made to be done via SA (and afaik SA did it before). If my memory is correct, this would be just another case (sorry, no time to search archives/bugs/google by now) yes, it is prob

Re: how to stop SPF checks from going past trusted host?

Matus UHLAR - fantomas wrote: ... and I thought I explained it in the sentence before. Since DNS lookup is not made by MTA and SA expects it to be, the case where the RDNS is not in Received: is taken as there is not rdns. Since there is verison's HELO but not RDNS, it's FM_FAKE_HELO_VERIZON...

Re: how to stop SPF checks from going past trusted host?

> >>Matt Kettler wrote: > >> > [snip] > if so that fake helo should not be fake :=) > > > >>>Well, it shouldn't be fake, because 206.46.173.3 really is > >>>vms173003pub.verizon.net. > >>> > >>>However, it would appear that athena.apache.orgdidn't get an answer to >

Re: how to stop SPF checks from going past trusted host?

Matus UHLAR - fantomas wrote: Matt Kettler wrote: [snip] if so that fake helo should not be fake :=) Well, it shouldn't be fake, because 206.46.173.3 really is vms173003pub.verizon.net. However, it would appear that athena.apache.orgdidn't get an answer to its PTR querry.. ei

Re: how to stop SPF checks from going past trusted host?

> Matt Kettler wrote: > >>[snip] > >>if so that fake helo should not be fake :=) > >> > >Well, it shouldn't be fake, because 206.46.173.3 really is > >vms173003pub.verizon.net. > > > >However, it would appear that athena.apache.orgdidn't get an answer to > >its PTR querry.. either that or the h

Re: MODERATION REQUEST: how to stop SPF checks from going past trusted host?

Benny Pedersen wrote: On Fri, June 27, 2008 03:09, Jo Rhett wrote: Personal attacks are not relevant to the topic. hmm AppleMail is the only mua i have seen that cant make a reply to maillist without sending cc you talk like its my problem right ? is AppleMail the only option you h

Re: how to stop SPF checks from going past trusted host?

Matt Kettler wrote: [snip] if so that fake helo should not be fake :=) Well, it shouldn't be fake, because 206.46.173.3 really is vms173003pub.verizon.net. However, it would appear that athena.apache.orgdidn't get an answer to its PTR querry.. either that or the headers generated by athen

Re: MODERATION REQUEST: how to stop SPF checks from going past trusted host?

Agreed! Guys, please take it offline. The SpamAssassin users list is not an appropriate place for this. --j. Rubin Bennett writes: > Fer the love of Pete guys, take this offline. This has *nothing* to do > with SpamAssassin other than making me wish my system would toss this > whole damn thre

Re: how to stop SPF checks from going past trusted host?

Jo, didn't you get your answer several times now? I don't understand why this thread continues. Jo Rhett wrote: On Jun 25, 2008, at 6:34 PM, Benny Pedersen wrote: then stop cc me X-ASF-Spam-Status: No, hits=-0.0 required=10.0 tests=FM_FAKE_HELO_VERIZON,SPF_PASS X-Spam-Check-By: apache.or

Re: how to stop SPF checks from going past trusted host?

Benny Pedersen wrote: On Thu, June 26, 2008 04:40, Matt Kettler wrote: I'll attempt to do so. Didn't realize you disliked it. its like asking 2 times for the same answer and wonder why no answer Well then set a Reply-to header to point to the list when you post here... That's what

Re: MODERATION REQUEST: how to stop SPF checks from going past trusted host?

On Fri, June 27, 2008 04:28, Rubin Bennett wrote: > ?People and their delicate egos... > *grumble* smile :) X-Mailer: Evolution 2.22.0-4.1mdv2008.1 another mua is found brokken -- Benny Pedersen Need more webspace ? http://www.servage.net/?coupon=cust37098

Re: MODERATION REQUEST: how to stop SPF checks from going past trusted host?

Fer the love of Pete guys, take this offline. This has *nothing* to do with SpamAssassin other than making me wish my system would toss this whole damn thread. People and their delicate egos... *grumble* Rubin On Fri, 2008-06-27 at 04:13 +0200, Benny Pedersen wrote: > On Fri, June 27, 2008 03:

Re: MODERATION REQUEST: how to stop SPF checks from going past trusted host?

On Fri, June 27, 2008 03:09, Jo Rhett wrote: > Personal attacks are not relevant to the topic. hmm AppleMail is the only mua i have seen that cant make a reply to maillist without sending cc you talk like its my problem right ? is AppleMail the only option you have ? if i had to use such bad

Re: how to stop SPF checks from going past trusted host?

Dave, what are you complaining about? This thread went sideways without my involvement. I was replying to someone else's query about Benny's mail servers sending back random SPF failure backscatter messages. On Jun 26, 2008, at 5:22 PM, Dave Koontz wrote: Jo, didn't you get your answer se

MODERATION REQUEST: how to stop SPF checks from going past trusted host?

On Jun 26, 2008, at 5:43 PM, Benny Pedersen wrote: and you are a constant ignorant sending me cc get a life Personal attacks are not relevant to the topic. Sending someone a CC to a message they sent, and to which their mail headers sets reply-to, is only a problem in Bennys mind. But he

Re: how to stop SPF checks from going past trusted host?

On Fri, June 27, 2008 02:08, Jo Rhett wrote: > I'm sorry, but you're a constant source of backscatter, Benny. and you are a constant ignorant sending me cc get a life -- Benny Pedersen Need more webspace ? http://www.servage.net/?coupon=cust37098

Re: how to stop SPF checks from going past trusted host?

On Jun 25, 2008, at 6:34 PM, Benny Pedersen wrote: then stop cc me X-ASF-Spam-Status: No, hits=-0.0 required=10.0 tests=FM_FAKE_HELO_VERIZON,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of [EMAIL PROTECTED] designates 206.46.173.3 as permitted sender) Re

Re: how to stop SPF checks from going past trusted host?

> Benny Pedersen wrote: > >On Fredag, 20/6 2008, 10:04, Henrik K wrote: > > > >>On Fri, Jun 20, 2008 at 12:12:45AM -0400, Matt Kettler wrote: > >> > >>>That is correct, SPF checks are applied to the first untrusted host. > >>> &

Re: how to stop SPF checks from going past trusted host?

On Thu, June 26, 2008 04:40, Matt Kettler wrote: > I'll attempt to do so. Didn't realize you disliked it. its like asking 2 times for the same answer and wonder why no answer > I'm SA interpreted the Received header as meaning that athena.apache.org > found no reverse-lookup the host, and that

Re: how to stop SPF checks from going past trusted host?

Benny Pedersen wrote: On Thu, June 26, 2008 02:54, Matt Kettler wrote: It's a fine distinction, but one that does matter to some folks who are set up this way. In most cases the two are equal, but that doesn't excuse me from confusing the two. I should know better. :) then stop cc me

Re: how to stop SPF checks from going past trusted host?

On Thu, June 26, 2008 02:54, Matt Kettler wrote: > It's a fine distinction, but one that does matter to some folks who are > set up this way. In most cases the two are equal, but that doesn't > excuse me from confusing the two. I should know better. :) then stop cc me X-ASF-Spam-Status: No, hit

Re: how to stop SPF checks from going past trusted host?

Benny Pedersen wrote: On Fredag, 20/6 2008, 10:04, Henrik K wrote: On Fri, Jun 20, 2008 at 12:12:45AM -0400, Matt Kettler wrote: That is correct, SPF checks are applied to the first untrusted host. Matt, you should know better. ;) It's first _external_ host. and is

Re: how to stop SPF checks from going past trusted host?

> On Jun 25, 2008, at 2:34 AM, Henrik K wrote: > >You have already your options: > > > >- Add all hosts to internal_networks. > >- Don't call SA at all > > > >Why is this getting on and on? On 25.06.08 03:00, Jo Rhett wrote: > Why is it getting offtopic, I don't know. > > Why is the conversation

Re: how to stop SPF checks from going past trusted host?

Jo Rhett wrote: On Jun 22, 2008, at 8:22 PM, Matt Kettler wrote: Just because a packet can get theredoesn't mean they can deliver mail. (by the way, IMO you're *insane* for not having a something in place that filters such things. A simple PIX firewall at your border with "ip verify reverse-pa

Re: how to stop SPF checks from going past trusted host?

On Wed, Jun 25, 2008 at 03:08:48AM -0700, Jo Rhett wrote: >> On Wed, Jun 25, 2008 at 03:00:47AM -0700, Jo Rhett wrote: >>> reading the code it implies that maybe I should make >>> internal_networks explicitly defined (right now its implicit and >>> thus == >>> trusted_networks) to be smaller tha

re: how to stop SPF checks from going past trusted host?

Jo Rhett wrote: If you do get a connection attempt from a non routable address on your SMTP servers external interface, you should have no way to acknowladge the connection if your own border router is configured correctly. You are assuming that there is enough infrastructure to provide a bor

Re: how to stop SPF checks from going past trusted host?

On Wed, Jun 25, 2008 at 03:00:47AM -0700, Jo Rhett wrote: reading the code it implies that maybe I should make internal_networks explicitly defined (right now its implicit and thus == trusted_networks) to be smaller than trusted networks. This will probably solve my SPF problem. Is there a

Re: how to stop SPF checks from going past trusted host?

On Jun 25, 2008, at 2:49 AM, Matus UHLAR - fantomas wrote: slovakia ended on machine at german machine. I know that something can be broken at this level. I just think that SA should not take care about this... Hm. Not sure I agree. I'm not asking SA to prevent it from happening. I just

Re: how to stop SPF checks from going past trusted host?

On Wed, Jun 25, 2008 at 03:00:47AM -0700, Jo Rhett wrote: > On Jun 25, 2008, at 2:34 AM, Henrik K wrote: >> This is getting out of hand and offtopic.. > > Yes > >> You have already your options: >> >> - Add all hosts to internal_networks. >> - Don't call SA at all >> >> Why is this getting on and o

Re: how to stop SPF checks from going past trusted host?

On Jun 25, 2008, at 2:34 AM, Henrik K wrote: This is getting out of hand and offtopic.. Yes You have already your options: - Add all hosts to internal_networks. - Don't call SA at all Why is this getting on and on? Why is it getting offtopic, I don't know. Why is the conversation still

Re: how to stop SPF checks from going past trusted host?

> On Jun 23, 2008, at 12:23 AM, Matus UHLAR - fantomas wrote: > >it one packet reaches your host, nothing happends. Fot the TCP/SMTP > >connections to be opened, (at least) three packets must be sent, in > >both > >directions. If you can trace to 10.x address that is not part of your > >network,

Re: how to stop SPF checks from going past trusted host?

On Wed, Jun 25, 2008 at 02:18:01AM -0700, Jo Rhett wrote: > > NOW, let's return to securing SA properly. This is getting out of hand and offtopic.. You have already your options: - Add all hosts to internal_networks. - Don't call SA at all Why is this getting on and on?

Re: how to stop SPF checks from going past trusted host?

On Jun 23, 2008, at 12:23 AM, Matus UHLAR - fantomas wrote: it one packet reaches your host, nothing happends. Fot the TCP/SMTP connections to be opened, (at least) three packets must be sent, in both directions. If you can trace to 10.x address that is not part of your network, it's a problem

Re: how to stop SPF checks from going past trusted host?

On Jun 22, 2008, at 8:22 PM, Matt Kettler wrote: Just because a packet can get theredoesn't mean they can deliver mail. (by the way, IMO you're *insane* for not having a something in place that filters such things. A simple PIX firewall at your border with "ip verify reverse-path" enabled wo

Re: how to stop SPF checks from going past trusted host?

On Jun 22, 2008, at 4:09 PM, Jonas Eckerman wrote: If you do get a connection attempt from a non routable address on your SMTP servers external interface, you should have no way to acknowladge the connection if your own border router is configured correctly. You are assuming that there is

Re: how to stop SPF checks from going past trusted host?

On Jun 20, 2008, at 1:52 PM, mouss wrote: I've never had an ISP/hoster block bogons, but I've never let them in. it's part of the first rules in ipf/pf/iptables/router/$FW (and in both directions. so my networks never send packets with bogon IPs to the internet). if you don't partition the n

Re: how to stop SPF checks from going past trusted host?

On Jun 20, 2008, at 1:13 PM, Henrik K wrote: On Fri, Jun 20, 2008 at 12:58:55PM -0700, Jo Rhett wrote: On Jun 20, 2008, at 12:44 PM, Henrik K wrote: You _need_ to have everything internal, so there will be no SPF lookups. Your fear of IP spoofers makes no sense to me, how do you think someone c

Re: how to stop SPF checks from going past trusted host?

> On Jun 20, 2008, at 11:49 AM, John Hardin wrote: > >10.x is (supposedly) not routable on the public internet. If you see > >10.x (or other RFC-1918) traffic coming in from the world, your ISP > >is broken. On 20.06.08 11:57, Jo Rhett wrote: > Does your ISP filter egress packets on your inter

Re: how to stop SPF checks from going past trusted host?

Jo Rhett wrote: On Jun 20, 2008, at 11:49 AM, John Hardin wrote: 10.x is (supposedly) not routable on the public internet. If you see 10.x (or other RFC-1918) traffic coming in from the world, your ISP is broken. You don't run packet sniffers on your hosts much, do you? ;-) Does your ISP fi

Re: how to stop SPF checks from going past trusted host?

Jo Rhett wrote: 10.x is (supposedly) not routable on the public internet. If you see 10.x (or other RFC-1918) traffic coming in from the world, your ISP is broken. You don't run packet sniffers on your hosts much, do you? ;-) If you do get a connection attempt from a non routable address o

Re: how to stop SPF checks from going past trusted host?

Jo Rhett wrote: On Jun 20, 2008, at 11:49 AM, John Hardin wrote: 10.x is (supposedly) not routable on the public internet. If you see 10.x (or other RFC-1918) traffic coming in from the world, your ISP is broken. You don't run packet sniffers on your hosts much, do you? ;-) Does your ISP fi

Re: how to stop SPF checks from going past trusted host?

On Fri, 20 Jun 2008, Jo Rhett wrote: On Jun 20, 2008, at 11:49 AM, John Hardin wrote: 10.x is (supposedly) not routable on the public internet. If you see 10.x (or other RFC-1918) traffic coming in from the world, your ISP is broken. You don't run packet sniffers on your hosts much, do you? ;

Re: how to stop SPF checks from going past trusted host?

On Fri, Jun 20, 2008 at 12:58:55PM -0700, Jo Rhett wrote: > On Jun 20, 2008, at 12:44 PM, Henrik K wrote: >> You _need_ to have everything internal, so there will be no SPF >> lookups. >> Your fear of IP spoofers makes no sense to me, how do you think >> someone >> could accomplish that? Just p

Re: how to stop SPF checks from going past trusted host?

On Jun 20, 2008, at 12:44 PM, Henrik K wrote: You _need_ to have everything internal, so there will be no SPF lookups. Your fear of IP spoofers makes no sense to me, how do you think someone could accomplish that? Just put the 10.something there. You could have said that a lot easier ;-) U

Re: how to stop SPF checks from going past trusted host?

On Fri, Jun 20, 2008 at 12:31:06PM -0700, Jo Rhett wrote: > On Jun 20, 2008, at 12:23 PM, Henrik K wrote: >> Jo, you are unbelievable in a funny way. >> >> You always come up with dozens of posts seemingly with the attitude "I >> must >> be right". You don't configure things like they should be, a

Re: how to stop SPF checks from going past trusted host?

On Jun 20, 2008, at 12:23 PM, Henrik K wrote: Jo, you are unbelievable in a funny way. You always come up with dozens of posts seemingly with the attitude "I must be right". You don't configure things like they should be, and then complain that things don't work. Just set up the friggin netw

Re: how to stop SPF checks from going past trusted host?

On Fri, Jun 20, 2008 at 11:57:38AM -0700, Jo Rhett wrote: > On Jun 20, 2008, at 11:49 AM, John Hardin wrote: >> 10.x is (supposedly) not routable on the public internet. If you see >> 10.x (or other RFC-1918) traffic coming in from the world, your ISP is >> broken. > > > You don't run packet sni

Re: how to stop SPF checks from going past trusted host?

On Fredag, 20/6 2008, 20:49, John Hardin wrote: > 10.x is (supposedly) not routable on the public internet. If you see 10.x > (or other RFC-1918) traffic coming in from the world, your ISP is broken. pppoe, but firewall it to be sure, rule is newer accept connections from non routable ips from o

Re: how to stop SPF checks from going past trusted host?

On Fri, Jun 20, 2008 at 11:01:40AM -0700, Jo Rhett wrote: > On Jun 20, 2008, at 10:44 AM, Henrik K wrote: >> On Fri, Jun 20, 2008 at 10:28:25AM -0700, Jo Rhett wrote: >>>>> On Fri, Jun 20, 2008 at 12:12:45AM -0400, Matt Kettler wrote: >>>>>> That is co

Re: how to stop SPF checks from going past trusted host?

On Fredag, 20/6 2008, 19:59, Jo Rhett wrote: >> netconsonance.com. IN TXT "v=spf1 ip4:64.13.134.178 ip4:64.13.143.17 >> ip4:209.157.140.144 mx ~all" >> not you ? > Nope ;-) added .17 to the domain you are sending from, but its not you so not your problem :) Benny Pedersen Need more webspace ?

Re: how to stop SPF checks from going past trusted host?

On Jun 20, 2008, at 11:49 AM, John Hardin wrote: 10.x is (supposedly) not routable on the public internet. If you see 10.x (or other RFC-1918) traffic coming in from the world, your ISP is broken. You don't run packet sniffers on your hosts much, do you? ;-) Does your ISP filter egress pac

Re: how to stop SPF checks from going past trusted host?

2 PM, Matt Kettler wrote: That is correct, SPF checks are applied to the first untrusted host. The question here would be if 10.x.x.x is in fact an internal, and presumably trusted, network, why isn't it trusted? The mail server I'm receiving this on is in the outside world. If a 10.x ad

Re: how to stop SPF checks from going past trusted host?

On Jun 19, 2008, at 9:21 PM, John Hardin wrote: /from \S+\.svcolo\.com (\S+ \[10\.\d+\.\d+\.\d+\]) by arran\.svcolo \.com (/ You actually need some backslashes too, but I figured it out. Thanks. See my other note about trusted_hosts breaking all forms of whitelisting, FYI. This kind of h

Re: how to stop SPF checks from going past trusted host?

On Fredag, 20/6 2008, 10:04, Henrik K wrote: > On Fri, Jun 20, 2008 at 12:12:45AM -0400, Matt Kettler wrote: >> That is correct, SPF checks are applied to the first untrusted host. > Matt, you should know better. ;) It's first _external_ host. and is most of the time ols

Re: how to stop SPF checks from going past trusted host?

On Jun 20, 2008, at 10:44 AM, Henrik K wrote: On Fri, Jun 20, 2008 at 10:28:25AM -0700, Jo Rhett wrote: On Fri, Jun 20, 2008 at 12:12:45AM -0400, Matt Kettler wrote: That is correct, SPF checks are applied to the first untrusted host Henrik K wrote: Matt, you should know better. ;) It&#

Re: how to stop SPF checks from going past trusted host?

On Fredag, 20/6 2008, 05:37, Jo Rhett wrote: I'm trying to figure out how to stop SPF_FAIL on messages generated on an internal rfc1918 network and routed through a trusted host. On Jun 20, 2008, at 10:37 AM, Benny Pedersen wrote: netconsonance.com. IN TXT "v=spf1 ip4:64.13.134.178 ip4:64.1

Re: how to stop SPF checks from going past trusted host?

On Fri, Jun 20, 2008 at 10:28:25AM -0700, Jo Rhett wrote: >>> On Fri, Jun 20, 2008 at 12:12:45AM -0400, Matt Kettler wrote: >>>> That is correct, SPF checks are applied to the first untrusted host >>> > >> Henrik K wrote: >>> Matt, you should know b

Re: how to stop SPF checks from going past trusted host?

On Fredag, 20/6 2008, 05:37, Jo Rhett wrote: > I'm trying to figure out how to stop SPF_FAIL on messages generated on > an internal rfc1918 network and routed through a trusted host. netconsonance.com. IN TXT "v=spf1 ip4:64.13.134.178 ip4:64.13.143.17 ip4:209.157.140.144 mx ~all" not you ? >> R

Re: how to stop SPF checks from going past trusted host?

On Fri, Jun 20, 2008 at 12:12:45AM -0400, Matt Kettler wrote: That is correct, SPF checks are applied to the first untrusted host Henrik K wrote: Matt, you should know better. ;) It's first _external_ host. On Jun 20, 2008, at 3:54 AM, Matt Kettler wrote: Doh.. my bad. Huh? Ho

Re: how to stop SPF checks from going past trusted host?

On Jun 19, 2008, at 9:12 PM, Matt Kettler wrote: That is correct, SPF checks are applied to the first untrusted host. The question here would be if 10.x.x.x is in fact an internal, and presumably trusted, network, why isn't it trusted? The mail server I'm receiving this on is in t

Re: how to stop SPF checks from going past trusted host?

On Fri, 20 Jun 2008, mouss wrote: John Hardin wrote: On Thu, 2008-06-19 at 20:54 -0700, John Hardin wrote: > header XX Received =~ /from \S+\.svcolo\.com (\S+ \[10\.\d\.\d\.\d\]) > by arran\.svcolo\.com (/ > score XX -5 Oops. Need some plusses in there... /from \S+\.svcolo\.com (\

Re: how to stop SPF checks from going past trusted host?

Matt Kettler wrote: Why do neither of those options make sense? I do both in my network, albeit that version SPF is only in my internal view, and I actually use 10.xx.0.0/16 not 10/8. (I only use a /16, not the whole /8) Is there some detail that's missing here? ie: do you have a compelling r

Re: how to stop SPF checks from going past trusted host?

Henrik K wrote: On Fri, Jun 20, 2008 at 12:12:45AM -0400, Matt Kettler wrote: That is correct, SPF checks are applied to the first untrusted host. Matt, you should know better. ;) It's first _external_ host. Doh.. my bad.

Re: how to stop SPF checks from going past trusted host?

On Fri, Jun 20, 2008 at 12:12:45AM -0400, Matt Kettler wrote: > > That is correct, SPF checks are applied to the first untrusted host. Matt, you should know better. ;) It's first _external_ host.

Re: how to stop SPF checks from going past trusted host?

John Hardin wrote: On Thu, 2008-06-19 at 20:54 -0700, John Hardin wrote: header XX Received =~ /from \S+\.svcolo\.com (\S+ \[10\.\d\.\d\.\d\]) by arran\.svcolo\.com (/ score XX -5 Oops. Need some plusses in there... /from \S+\.svcolo\.com (\S+ \[10\.\d+\.\d+\.\d+\]) by arran\.svc

Re: how to stop SPF checks from going past trusted host?

On Thu, 2008-06-19 at 20:54 -0700, John Hardin wrote: > header XX Received =~ /from \S+\.svcolo\.com (\S+ \[10\.\d\.\d\.\d\]) by > arran\.svcolo\.com (/ > score XX -5 Oops. Need some plusses in there... /from \S+\.svcolo\.com (\S+ \[10\.\d+\.\d+\.\d+\]) by arran\.svcolo\.com (/ -- John H

Re: how to stop SPF checks from going past trusted host?

eived header because B is trusted. That is correct, SPF checks are applied to the first untrusted host. The question here would be if 10.x.x.x is in fact an internal, and presumably trusted, network, why isn't it trusted? Also, presuming we're talking about your own domain, why aren

Re: how to stop SPF checks from going past trusted host?

HTTP_TO_IP=0.001, SPF_FAIL=3.5 > > > Obviously, putting 10/8 into the published SPF record makes no sense > at all, nor does adding 10/8 to the trusted_networks. > > So... how can I say "I trust Host B so much that I don't want to go > any farther for SPF checks?"

how to stop SPF checks from going past trusted host?

P=0.001, SPF_FAIL=3.5 Obviously, putting 10/8 into the published SPF record makes no sense at all, nor does adding 10/8 to the trusted_networks. So... how can I say "I trust Host B so much that I don't want to go any farther for SPF checks?" -- Jo Rhett Net Conso

skipping SPF checks for authenticated users

So I saw on this list a comment about skipping SPF checks for authenticated users, to use LOCAL_AUTH_RCVD like so: header LOCAL_AUTH_RCVDReceived =~ /\(authenticated as [EMAIL PROTECTED]) by host.name.dom / Well, I got this working properly but I found that it doesn't do anythi

Re: question re. SPF checks

clients, so it's hard/impossible to put that in the SPF record - so, mail submitted from desktop clients is getting marked as failing the SPF check So... is there a way to turn off SPF checks for mail coming from authenticated clients, without turning off all the other checks (as, for exa

Re: question re. SPF checks

cks to incoming mail, but... - for SPF purposes, the envelope sender is now the dynamic IP of the desktop clients, so it's hard/impossible to put that in the SPF record - so, mail submitted from desktop clients is getting marked as failing the SPF check So... is there a way to turn off S

question re. SPF checks

t... - for SPF purposes, the envelope sender is now the dynamic IP of the desktop clients, so it's hard/impossible to put that in the SPF record - so, mail submitted from desktop clients is getting marked as failing the SPF check So... is there a way to turn off SPF checks for m

SPF checks on internal relays (attn: Halid Faith <[EMAIL PROTECTED]>)

It looks like ihlas.net.tr is running SPF checks on mail relays within their local network. This is a bad idea, since this will cause most if not all SPF checks performed on internal relays to fail, as nobody else can be assumed to have your maile gateway in their SPF list... On 15 Aug 2006

Re: SPF Checks

>> Hmmm... Another potential SPF issue... I have a customer with AMEX, >> received an email from them, and the SPF checks conflict with each >> other: >> >> >> helo= >> >> Received: from mta301.email.americanexpress.com >> (mta301.email.ameri

Re: SPF Checks

Brian Taber wrote: Hmmm... Another potential SPF issue... I have a customer with AMEX, received an email from them, and the SPF checks conflict with each other: helo= Received: from mta301.email.americanexpress.com (mta301.email.americanexpress.com [206.132.204.250]) From: [EMAIL PROTECTED

Re: SPF Checks

Hmmm... Another potential SPF issue... I have a customer with AMEX, received an email from them, and the SPF checks conflict with each other: helo= Received: from mta301.email.americanexpress.com (mta301.email.americanexpress.com [206.132.204.250]) From: [EMAIL PROTECTED] And the scores

Re: SPF Checks

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Daryl C. W. O'Shea writes: > Brian Taber wrote: > > As for the scores, score of 0 for PASS makes perfect sense, but a FAIL > > should receive at least the same score as a SOFTFAIL, because a FAIL means > > the email is definately from a forged sender

Re: SPF Checks

Brian Taber wrote: Figured that what are the mass-check's you mentioned? Is there somewhere I can go to find out more? Is there a way to update spamassassin with the newest scores? http://wiki.apache.org/spamassassin/MassCheck http://wiki.apache.org/spamassassin/RescoreDetails http://wik

Re: SPF Checks

Brian Taber wrote: As for the scores, score of 0 for PASS makes perfect sense, but a FAIL should receive at least the same score as a SOFTFAIL, because a FAIL means the email is definately from a forged sender (on the other hand the FAIL may be because the person who created the SPF records had n

Re: SPF Checks

Since I am using spamassassin via MailScanner, I dug into my config files more (took a while) I found an option in spam.assassin.prefs.conf called envelope_sender_header that was not set properly, now all SPF checks work... As for the scores, score of 0 for PASS makes perfect sense, but a FAIL

Re: SPF Checks

Brian Taber wrote: The second is about the scores assigned to SPF failures. SPF_HELO_SOFTFAIL has a score of 3.140 (so if the provider has ~all in their SPF record, they aren't really sure if their SPF record covers all of their servers, you get SOFTFAIL), but SPF_HELO_FAIL has a score of 0.001 (

Re: SPF Checks

Brian Taber wrote: I am using spamassassin 3.0.4-1 with MailScanner. I have 2 questions/issues about SPF checks. It seams that SA is only doing HELO SPF checks (I didn't even know those existed till now) and not actual checks on the from addresses. Is this a config issue? I would li

Re: SPF Checks

Loren Wilton wrote on Sat, 2 Jul 2005 18:07:19 -0700: > I think perhaps SPF is supposed to match against the sender in the envelope, > or possibly the received header, rather than the From header, which is > trivially forged Now that you say that I remember that you can configure this in local.

Re: SPF Checks

I think perhaps SPF is supposed to match against the sender in the envelope, or possibly the received header, rather than the From header, which is trivially forged. Others will be able to give more information. I know the rule score of .001 is deliberate, but I don't recall immediately why. It

SPF Checks

I am using spamassassin 3.0.4-1 with MailScanner. I have 2 questions/issues about SPF checks. It seams that SA is only doing HELO SPF checks (I didn't even know those existed till now) and not actual checks on the from addresses. Is this a config issue? I would like to enable these. I

Re: Question about SPF checks

Ronny Nussbaum wrote: > Hello, > I've tried to find an answer to this, but couldn't. > > I'm using SA 3.0.3, invoked by Amavisd-New (latest version), on Fedora > Core 3. > > I've installed the Mail::SPF::Query module, and it works fine. > > My question is, how can I disable it from being used

Re: Question about SPF checks

Ronny Nussbaum wrote: Hello, I've tried to find an answer to this, but couldn't. I'm using SA 3.0.3, invoked by Amavisd-New (latest version), on Fedora Core 3. I've installed the Mail::SPF::Query module, and it works fine. My question is, how can I disable it from being used by SA? I'm l

Question about SPF checks

Hello, I've tried to find an answer to this, but couldn't.   I'm using SA 3.0.3, invoked by Amavisd-New (latest version), on Fedora Core 3.   I've installed the Mail::SPF::Query module, and it works fine.   My question is, how can I disable it from being used by SA?   I'm looking for another way be