I'll chime in here before Thomas blows a gasket- "Spoofing protections still seem to rely on SPF/DKIM/DMARC."
Yes, ASSP pays attention to SPF & DKIM, but that doesn't have anything at all to do with whether ASSP detects if a LOCAL domain is being spoofed. If incoming mail fails SPF, has bad DKIM, or violates DMARC that will be scored and logged, but it'll never say "spoofed." Spoofing refers to incoming mail from your local domains. It's my opinion that your your new approach is much better and safer. We do this on occasion when we know we're using a third party like Constant Contact to send out a message from one of our subdomains that will hit local mailboxes here. On Wed, Sep 29, 2021 at 12:41 PM <t...@epiinc.com> wrote: > Thomas > > I've really taken a deep dive to make sure I have the understanding of > Spoofing and it integration into ASSP to make sure I'm effectively using it > correctly and to my advantage. Spoofing protections still seem to rely on > SPF/DKIM/DMARC. > > Reviewing the options with current ASSP may get me what I want now that > you have explained the order in which check occur. If you'd review my > thoughts here to confirm, I think I will get what I need. > > I'll remove the untrusted IPs from the noSpoofingCheckIP file. > I'll add the 'From' address(es) into the noSpoofingCheckDomain file. > If SPF and/or DKIM checks are being done later I still should get a SPF > fail for a 'From' address that bypassed SpoofCheck if not defined in the > SPF record correct? > > Thanks, > > Brian S > > ------------------------------ > *From: *"Thomas Eckardt" <thomas.ecka...@thockar.com> > *To: *"For Users of ASSP" <assp-user@lists.sourceforge.net> > *Sent: *Wednesday, September 29, 2021 11:43:37 AM > *Subject: *Re: [Assp-user] SpoofedSender flagged when they should not be > > The 'spoofing' check is done a long time before the 'SPF' check, because > SPF may need a large amount of DNS queries, which should not be done for > mails that are (can be) blocked by other reasons. > This behavior will not be changed! > > It is highly not recommended to let "local" clients connect to the default > listener (25). If this is required for any reason, use the spoofing > exception options provided by assp. > > Thomas > > > > > > Von: t...@epiinc.com > An: "For Users of ASSP" <assp-user@lists.sourceforge.net> > Datum: 29.09.2021 17:02 > Betreff: Re: [Assp-user] SpoofedSender flagged when they should > not be > ------------------------------ > > > > Ken > > If that is truly the case and with the great list of options you've > provided, I still believe there is room for enhancement here. > > I have many different domains that are local to this system and I feel > that I'm opening a large hole in order to get this to work. > > While this may not be the best option, this would be closer to what I > would like if I still had to go this route. > Still using noSpoofingCheckIP, I'd like to be able to include the > domain(s) with the IP in the file. Maybe like > 1.1.1.1 > 1.1.1.2 domain1.com > 1.1.1.3 domain1.com, domain2.com > > Maybe the end goal would be to have a setting in which there is a ' > noSpoofingCheckSPF' option? > If the sender IP is included in SPF, then perform noSpoofingCheck > This could simply be just a yes/no question or a file listing of the > domain(s) that would reference the SPF record for the check? > > Suggestions? > > Thanks, > > Brian S > > ------------------------------ > > *From: *"K Post" <nntp.p...@gmail.com> > * To: *"For Users of ASSP" <assp-user@lists.sourceforge.net> > * Sent: *Wednesday, September 29, 2021 10:38:19 AM > * Subject: *Re: [Assp-user] SpoofedSender flagged when they should not be > > The SPF helps other SMTP servers know that your domain is allowed to send > out of those IP's, but ASSP will still flag as spoofed, since they're in > the list of local domains. > > On Thu, Sep 23, 2021 at 7:15 AM <*t...@epiinc.com* <t...@epiinc.com>> > wrote: > Ken > > Thank you for your detailed list of options here. In fact, I'm doing #4 > already as a work around. > > I can agree if the emails were sent through my local system that I would > then be covered. It might be an option in which I may have to further > explore if I'm unable to come to an acceptable solution. (#1 and #3) > > While I'm using #4, the noSpoofingCheckIP, I still consider this a work > around. The issue here is option opens up all the local domains to > Spoofing whether I need it or not. Maybe if I had the option to narrow the > IP to domain(s) and/or specific email addresses would I feel comfortable > leaving this in place. This is why I'm think the SPF record should already > cover this (at least at the domain level). > > Brian S > > ------------------------------ > > *From: *"K Post" <*nntp.p...@gmail.com* <nntp.p...@gmail.com>> > * To: *"For Users of ASSP" <*assp-user@lists.sourceforge.net* > <assp-user@lists.sourceforge.net>> > * Sent: *Wednesday, September 22, 2021 8:06:50 PM > * Subject: *Re: [Assp-user] SpoofedSender flagged when they should not be > > > When receiving mail into ASSP that is FROM another one of your local > domain names from the outside (as I assume the sendgrid IP address you > referenced is) you either need to: > 1) authenticate or > 2) have the sending IP be in acceptAllMail or > 3) have the mail sent through the relayPort and the ip in acceptRelayCon or > 4) have the sending IP be listed in noSpoofingCheckIP or > 5) have the domain listed in the noSpoofingCheckDomain (which I don't > suggest or you'll be susceptible to spoofing from everywhere) > (I believe those are all of the options) > > If you don't do one of the above, ASSP will consider the mail as spoofed. > Having the IP listed in the SPF record for the domain won't help in this > case. > > Hope this helps. > Ken > > > > On Wed, Sep 22, 2021 at 3:03 PM <*t...@epiinc.com* <t...@epiinc.com>> > wrote: > Yes, the domain is listed in the localdomains. > > Correct, within the SPF TXT record the domain is referenced to be able to > sent from the IP address noted in the log. > > > *From: *"K Post" <*nntp.p...@gmail.com* <nntp.p...@gmail.com>> > * To: *"For Users of ASSP" <*assp-user@lists.sourceforge.net* > <assp-user@lists.sourceforge.net>> > * Sent: *Wednesday, September 22, 2021 2:39:16 PM > * Subject: *Re: [Assp-user] SpoofedSender flagged when they should not be > > Is SubZeroCompanyStore.com listed in localDomains? > I don't follow what you mean by domains being "list in the TXT record." > Are you talking about the SPF TXT record in DNS? > > > On Thu, Sep 16, 2021 at 5:28 PM EPI Tech <*t...@epiinc.com* > <t...@epiinc.com>> wrote: > I keep having similar issues show up in my logs which is causing issue in > our emails being delivered. This domain and many others like it are list > in the TXT record and in testing the TXT correctly formatted. > > As a workaround I have been using noSpoofingCheckIP to work around this > issue, but I need to get this corrected as some of these IP I don't want to > globally allow to Spoof the Sender. > > Any suggestions? Currently running ASSP version 2.6.6 build 21218 > > Thanks, > > Brian S > > > Sep-16-21 13:17:16 m1-12636-04808 [Worker_6] [TLS-in] [TLS-out] > [SpoofedSender] 149.72.229.238 <*customerc...@subzerocompanystore.com* > <customerc...@subzerocompanystore.com>> to: *supp...@tmpcompany.com* > <supp...@tmpcompany.com> [scoring] (No Spoofing Allowed ' > *customerc...@subzerocompanystore.com* > <customerc...@subzerocompanystore.com>' in 'from') > Sep-16-21 13:17:16 m1-12636-04808 [Worker_6] [TLS-in] [TLS-out] > [SpoofedSender] 149.72.229.238 <*customerc...@subzerocompanystore.com* > <customerc...@subzerocompanystore.com>> to: *supp...@tmpcompany.com* > <supp...@tmpcompany.com> [scoring] (No Spoofing Allowed ' > *customerc...@subzerocompanystore.com* > <customerc...@subzerocompanystore.com>' in 'sender') > > _______________________________________________ > Assp-user mailing list > *Assp-user@lists.sourceforge.net* <Assp-user@lists.sourceforge.net> > *https://lists.sourceforge.net/lists/listinfo/assp-user* > <https://lists.sourceforge.net/lists/listinfo/assp-user> > > > _______________________________________________ > Assp-user mailing list > *Assp-user@lists.sourceforge.net* <Assp-user@lists.sourceforge.net> > *https://lists.sourceforge.net/lists/listinfo/assp-user* > <https://lists.sourceforge.net/lists/listinfo/assp-user> > > _______________________________________________ > Assp-user mailing list > *Assp-user@lists.sourceforge.net* <Assp-user@lists.sourceforge.net> > *https://lists.sourceforge.net/lists/listinfo/assp-user* > <https://lists.sourceforge.net/lists/listinfo/assp-user> > > > _______________________________________________ > Assp-user mailing list > *Assp-user@lists.sourceforge.net* <Assp-user@lists.sourceforge.net> > *https://lists.sourceforge.net/lists/listinfo/assp-user* > <https://lists.sourceforge.net/lists/listinfo/assp-user> > > _______________________________________________ > Assp-user mailing list > *Assp-user@lists.sourceforge.net* <Assp-user@lists.sourceforge.net> > *https://lists.sourceforge.net/lists/listinfo/assp-user* > <https://lists.sourceforge.net/lists/listinfo/assp-user> > > > _______________________________________________ > Assp-user mailing list > Assp-user@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/assp-user > _______________________________________________ > Assp-user mailing list > Assp-user@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/assp-user > > > > > DISCLAIMER: > ******************************************************* > This email and any files transmitted with it may be confidential, legally > privileged and protected in law and are intended solely for the use of the > individual to whom it is addressed. > This email was multiple times scanned for viruses. There should be no > known virus in this email! > ******************************************************* > > > > _______________________________________________ > Assp-user mailing list > Assp-user@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/assp-user > > _______________________________________________ > Assp-user mailing list > Assp-user@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/assp-user >
_______________________________________________ Assp-user mailing list Assp-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-user
