Thomas I've really taken a deep dive to make sure I have the understanding of Spoofing and it integration into ASSP to make sure I'm effectively using it correctly and to my advantage. Spoofing protections still seem to rely on SPF/DKIM/DMARC.
Reviewing the options with current ASSP may get me what I want now that you have explained the order in which check occur. If you'd review my thoughts here to confirm, I think I will get what I need. I'll remove the untrusted IPs from the noSpoofingCheckIP file. I'll add the 'From' address(es) into the noSpoofingCheckDomain file. If SPF and/or DKIM checks are being done later I still should get a SPF fail for a 'From' address that bypassed SpoofCheck if not defined in the SPF record correct? Thanks, Brian S From: "Thomas Eckardt" <thomas.ecka...@thockar.com> To: "For Users of ASSP" <assp-user@lists.sourceforge.net> Sent: Wednesday, September 29, 2021 11:43:37 AM Subject: Re: [Assp-user] SpoofedSender flagged when they should not be The 'spoofing' check is done a long time before the 'SPF' check, because SPF may need a large amount of DNS queries, which should not be done for mails that are (can be) blocked by other reasons. This behavior will not be changed! It is highly not recommended to let "local" clients connect to the default listener (25). If this is required for any reason, use the spoofing exception options provided by assp. Thomas Von: t...@epiinc.com An: "For Users of ASSP" <assp-user@lists.sourceforge.net> Datum: 29.09.2021 17:02 Betreff: Re: [Assp-user] SpoofedSender flagged when they should not be Ken If that is truly the case and with the great list of options you've provided, I still believe there is room for enhancement here. I have many different domains that are local to this system and I feel that I'm opening a large hole in order to get this to work. While this may not be the best option, this would be closer to what I would like if I still had to go this route. Still using noSpoofingCheckIP, I'd like to be able to include the domain(s) with the IP in the file. Maybe like 1.1.1.1 1.1.1.2 domain1.com 1.1.1.3 domain1.com, domain2.com Maybe the end goal would be to have a setting in which there is a ' noSpoofingCheckSPF' option? If the sender IP is included in SPF, then perform noSpoofingCheck This could simply be just a yes/no question or a file listing of the domain(s) that would reference the SPF record for the check? Suggestions? Thanks, Brian S From: "K Post" <nntp.p...@gmail.com> To: "For Users of ASSP" <assp-user@lists.sourceforge.net> Sent: Wednesday, September 29, 2021 10:38:19 AM Subject: Re: [Assp-user] SpoofedSender flagged when they should not be The SPF helps other SMTP servers know that your domain is allowed to send out of those IP's, but ASSP will still flag as spoofed, since they're in the list of local domains. On Thu, Sep 23, 2021 at 7:15 AM < [ mailto:t...@epiinc.com | t...@epiinc.com ] > wrote: Ken Thank you for your detailed list of options here. In fact, I'm doing #4 already as a work around. I can agree if the emails were sent through my local system that I would then be covered. It might be an option in which I may have to further explore if I'm unable to come to an acceptable solution. (#1 and #3) While I'm using #4, the noSpoofingCheckIP, I still consider this a work around. The issue here is option opens up all the local domains to Spoofing whether I need it or not. Maybe if I had the option to narrow the IP to domain(s) and/or specific email addresses would I feel comfortable leaving this in place. This is why I'm think the SPF record should already cover this (at least at the domain level). Brian S From: "K Post" < [ mailto:nntp.p...@gmail.com | nntp.p...@gmail.com ] > To: "For Users of ASSP" < [ mailto:assp-user@lists.sourceforge.net | assp-user@lists.sourceforge.net ] > Sent: Wednesday, September 22, 2021 8:06:50 PM Subject: Re: [Assp-user] SpoofedSender flagged when they should not be When receiving mail into ASSP that is FROM another one of your local domain names from the outside (as I assume the sendgrid IP address you referenced is) you either need to: 1) authenticate or 2) have the sending IP be in acceptAllMail or 3) have the mail sent through the relayPort and the ip in acceptRelayCon or 4) have the sending IP be listed in noSpoofingCheckIP or 5) have the domain listed in the noSpoofingCheckDomain (which I don't suggest or you'll be susceptible to spoofing from everywhere) (I believe those are all of the options) If you don't do one of the above, ASSP will consider the mail as spoofed. Having the IP listed in the SPF record for the domain won't help in this case. Hope this helps. Ken On Wed, Sep 22, 2021 at 3:03 PM < [ mailto:t...@epiinc.com | t...@epiinc.com ] > wrote: Yes, the domain is listed in the localdomains. Correct, within the SPF TXT record the domain is referenced to be able to sent from the IP address noted in the log. From: "K Post" < [ mailto:nntp.p...@gmail.com | nntp.p...@gmail.com ] > To: "For Users of ASSP" < [ mailto:assp-user@lists.sourceforge.net | assp-user@lists.sourceforge.net ] > Sent: Wednesday, September 22, 2021 2:39:16 PM Subject: Re: [Assp-user] SpoofedSender flagged when they should not be Is SubZeroCompanyStore.com listed in localDomains? I don't follow what you mean by domains being "list in the TXT record." Are you talking about the SPF TXT record in DNS? On Thu, Sep 16, 2021 at 5:28 PM EPI Tech < [ mailto:t...@epiinc.com | t...@epiinc.com ] > wrote: I keep having similar issues show up in my logs which is causing issue in our emails being delivered. This domain and many others like it are list in the TXT record and in testing the TXT correctly formatted. As a workaround I have been using noSpoofingCheckIP to work around this issue, but I need to get this corrected as some of these IP I don't want to globally allow to Spoof the Sender. Any suggestions? Currently running ASSP version 2.6.6 build 21218 Thanks, Brian S Sep-16-21 13:17:16 m1-12636-04808 [Worker_6] [TLS-in] [TLS-out] [SpoofedSender] 149.72.229.238 < [ mailto:customerc...@subzerocompanystore.com | customerc...@subzerocompanystore.com ] > to: [ mailto:supp...@tmpcompany.com | supp...@tmpcompany.com ] [scoring] (No Spoofing Allowed ' [ mailto:customerc...@subzerocompanystore.com | customerc...@subzerocompanystore.com ] ' in 'from') Sep-16-21 13:17:16 m1-12636-04808 [Worker_6] [TLS-in] [TLS-out] [SpoofedSender] 149.72.229.238 < [ mailto:customerc...@subzerocompanystore.com | customerc...@subzerocompanystore.com ] > to: [ mailto:supp...@tmpcompany.com | supp...@tmpcompany.com ] [scoring] (No Spoofing Allowed ' [ mailto:customerc...@subzerocompanystore.com | customerc...@subzerocompanystore.com ] ' in 'sender') _______________________________________________ Assp-user mailing list [ mailto:Assp-user@lists.sourceforge.net | Assp-user@lists.sourceforge.net ] [ https://lists.sourceforge.net/lists/listinfo/assp-user | https://lists.sourceforge.net/lists/listinfo/assp-user ] _______________________________________________ Assp-user mailing list [ mailto:Assp-user@lists.sourceforge.net | Assp-user@lists.sourceforge.net ] [ https://lists.sourceforge.net/lists/listinfo/assp-user | https://lists.sourceforge.net/lists/listinfo/assp-user ] _______________________________________________ Assp-user mailing list [ mailto:Assp-user@lists.sourceforge.net | Assp-user@lists.sourceforge.net ] [ https://lists.sourceforge.net/lists/listinfo/assp-user | https://lists.sourceforge.net/lists/listinfo/assp-user ] _______________________________________________ Assp-user mailing list [ mailto:Assp-user@lists.sourceforge.net | Assp-user@lists.sourceforge.net ] [ https://lists.sourceforge.net/lists/listinfo/assp-user | https://lists.sourceforge.net/lists/listinfo/assp-user ] _______________________________________________ Assp-user mailing list [ mailto:Assp-user@lists.sourceforge.net | Assp-user@lists.sourceforge.net ] [ https://lists.sourceforge.net/lists/listinfo/assp-user | https://lists.sourceforge.net/lists/listinfo/assp-user ] _______________________________________________ Assp-user mailing list Assp-user@lists.sourceforge.net [ https://lists.sourceforge.net/lists/listinfo/assp-user | https://lists.sourceforge.net/lists/listinfo/assp-user ] _______________________________________________ Assp-user mailing list Assp-user@lists.sourceforge.net [ https://lists.sourceforge.net/lists/listinfo/assp-user | https://lists.sourceforge.net/lists/listinfo/assp-user ] DISCLAIMER: ******************************************************* This email and any files transmitted with it may be confidential, legally privileged and protected in law and are intended solely for the use of the individual to whom it is addressed. This email was multiple times scanned for viruses. There should be no known virus in this email! ******************************************************* _______________________________________________ Assp-user mailing list Assp-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-user
_______________________________________________ Assp-user mailing list Assp-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-user
