bypass spam check if SPF is OK
Hi all There is anyway to bypass a spam when SPF check results result is equal to 'SPF_PASS'?
Re: bypass spam check if SPF is OK
On Thu, 22 Apr 2010, Rejaine Monteiro wrote: There is anyway to bypass a spam when SPF check results result is equal to 'SPF_PASS'? The appropriate place to do things like that is in the glue layer. It's not a good idea to whitelist on just SPF Pass. What is to prevent a spammer from publishing valid SPF records for their sources and thus whitelisting themselves to you? Whitelisting on SPF Pass + specific trusted domains is reasonable, and the place to do that is in your MTA. -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- You can't reason a person out of a position if he didn't use reason to get there in the first place. -- Kristopher, at Marko's --- Tomorrow: Max Planck's 152nd birthday
Re: bypass spam check if SPF is OK
On tor 22 apr 2010 15:09:32 CEST, Rejaine Monteiro wrote There is anyway to bypass a spam when SPF check results result is equal to 'SPF_PASS'? yes, but that rule will be silly spammers can also just add a spf with ipv4:0.0.0.0/0 -all in it, so atleast dont make spf pass stop just there remember +all is also valid ! -- xpoint http://www.unicom.com/pw/reply-to-harmful.html
Re: bypass spam check if SPF is OK
Sorry if I was not very clear (my english is a little poor) in fact, I wanted to decrease the score obtained if SPF return OK John Hardin escreveu: On Thu, 22 Apr 2010, Rejaine Monteiro wrote: The appropriate place to do things like that is in the glue layer. It's not a good idea to whitelist on just SPF Pass. What is to prevent a spammer from publishing valid SPF records for their sources and thus whitelisting themselves to you? Whitelisting on SPF Pass + specific trusted domains is reasonable, and the place to do that is in your MTA.
Re: bypass spam check if SPF is OK
On tor 22 apr 2010 15:20:47 CEST, John Hardin wrote It's not a good idea to whitelist on just SPF Pass. What is to prevent a spammer from publishing valid SPF records for their sources and thus whitelisting themselves to you? yep thats the problem, here i use def_whitelist_from_spf to grey domains, and if end users whitelist let them do with whitelist_from_spf at the same time i dont allow to have *...@domain.tld for anything that have not def_ in fron of the whitelist Whitelisting on SPF Pass + specific trusted domains is reasonable, and the place to do that is in your MTA. i reject softfail in mta :) -- xpoint http://www.unicom.com/pw/reply-to-harmful.html
Re: bypass spam check if SPF is OK
On tor 22 apr 2010 15:24:02 CEST, Rejaine Monteiro wrote Sorry if I was not very clear (my english is a little poor) in fact, I wanted to decrease the score obtained if SPF return OK perldoc Mail::SpamAssassin::Conf perldoc Mail::SpamAssassin::Plugin::SPF read them, search for whitelist and do test with spamassassin 21 -D -t hammsg | less make sure you dont just give -100 for a possible spam msg :( -- xpoint http://www.unicom.com/pw/reply-to-harmful.html
Re: bypass spam check if SPF is OK
Benny Pedersen escreveu: perldoc Mail::SpamAssassin::Conf perldoc Mail::SpamAssassin::Plugin::SPF read them, search for whitelist and do test with spamassassin 21 -D -t hammsg | less // ok, thanks for the tip!.. make sure you dont just give -100 for a possible spam msg :( hohoho.. off course not ;o)
Re: bypass spam check if SPF is OK
Rejaine Monteiro wrote: Sorry if I was not very clear (my english is a little poor) in fact, I wanted to decrease the score obtained if SPF return OK Probably not a good idea. The last set of stats that I saw indicated that SPF_PASS was more likely to occur in spam than in ham. This is why it does not already have a negative score in SA. -- Bowie
Re: bypass spam check if SPF is OK
On Thu, 22 Apr 2010, Rejaine Monteiro wrote: Sorry if I was not very clear (my english is a little poor) in fact, I wanted to decrease the score obtained if SPF return OK My point is still valid, you don't want to reduce the score on _just_ SPF Pass. Take a look at whitelist_auth. John Hardin escreveu: On Thu, 22 Apr 2010, Rejaine Monteiro wrote: It's not a good idea to whitelist on just SPF Pass. What is to prevent a spammer from publishing valid SPF records for their sources and thus whitelisting themselves to you? Whitelisting on SPF Pass + specific trusted domains is reasonable, and the place to do that is in your MTA. -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- You are in a maze of twisty little protocols, all written by Microsoft. -- Tomorrow: Max Planck's 152nd birthday