Am 04.02.2016 um 11:04 schrieb Antony Stone:
On Thursday 04 February 2016 at 10:58:42, Reindl Harald wrote:Am 04.02.2016 um 10:55 schrieb Antony Stone:On Thursday 04 February 2016 at 10:47:18, Chandran Manikandan wrote:1. Our users received some spam emails which is showing our domain email account in From address.Nothing unusual in that - forged From addresses have been common for many years.like the mail from you From: Antony Stone <antony.st...@spamassassin.open.source.it> To: users@spamassassin.apache.orgUm, that's not a forged From address. I own the domain source.it and spamassassin.open.source.it is a valid subdomain of that.
technically *it is*the envelope sender is @spamassassin.apache.org, the message comes not from your server, but it has your "From" header and so the point is you CAN NOT distinct between a maling-list or a forged From-Header because technically it's the same
and yes it passes SPF - for the @spamassassin.apache.org envelope
Are you using DKIM / SPF for your domain? I mean, why do you accept email apparently from your own domain when it does not come from one of your authorised servers?because the From header has nothing to do with the envelope sender and so not with SPF and spoofing protectionsTrue, but given that the original poster said nothing about the envelope sender, we don't know what that is. I'd be prepared to bet that implementing this would improve his server's operation, though.
but he talks about From-HeadersBarracuda Networks was stupid enough to extend their spoofing protection after years to From-Headers and not only envelopes resulting in ruin mailing-lists by block your own messages because "customers complained that they still get spam where the MUA shows their own domain as sender"
result: disable the next filter on the appliance to stop harmful behavior
signature.asc
Description: OpenPGP digital signature