Am 10.12.2015 um 15:43 schrieb Alex:
Hi,If I wanted to use SPF in spamassassin to block spoofing attempts against my domain, how would I do that?Simply put all approved mail servers that you allow to send email with an envelope-from domain of your domain in your SPF record and it won't matter what the receiving server is. It can be your server, my server, or any SA will hit SPF_PASS. Then if any other server tries to send with an envelope-from of your domain, your SA and others will hit SPF_FAIL.The problem is that SPF_FAIL has a very low score. I need to make sure spoofing attempts using my domain are always blocked
then set it higher in "local.cf" or simpy accept that it makes no sense in SA when you can do that within 5 minutes in your postfix without any SPF
Can I create a meta that combines SPF_FAIL with the From header for my domain to do this?Yes you can but you don't have to. You should setup scoring and train your bayes database so all SPF_FAIL will be blocked equally. You don't have to do any thing special for your own domain spoofing. Focus on getting all domain spoofing detected properly and yours will automatically be included.More specifically, we're being hit by spear-phishing attacks, where there really are no other rules that hit. I realize this is only going to get the lazy spammer that actually tries to spoof the envelope-sender, but that seems to be quite a few of them.
most of them are using a From-Header which is not part of SPF but visible in the client with a different Envelope, you can't stop them anyways, for the lazy ones: do it in the MTA
combined SA metarules don't scale in the configuration
signature.asc
Description: OpenPGP digital signature
