Re: [xmail] Enabling SPF howto?
On Thu, 29 Jan 2009, Ralf wrote: > Hmm... I think there are some misunderstandings here. > SPF is intended for servers only, not for end users. > If the user sends his mail via his mail server then > the receiving mail server just checks in the DNS DB > whether the sending mail server (not the user!) is > really permitted to send mails for that domain. > Nothing less, nothing more. The reason why SPF tanked, was exactly that there are many real case scenarios where you cannot fix that bill. SPF is/was used, unsuccesfully as it is clear at this point, to block SPAM. That was the whole point of it. Reject emails based on forged/fake return address. Besides, every anti-SPAM solution that in order to be successful, expect that all the SMTP servers in the world change something, is doomed from day 1. - Davide ___ xmail mailing list xmail@xmailserver.org http://xmailserver.org/mailman/listinfo/xmail
Re: [xmail] Enabling SPF howto?
In article <498198a5.1020...@amitrader.com>, r...@amitrader.com (Ralf) wrote: > Hmm... I think there are some misunderstandings here. Possibly. My understanding was that SPF stopped emails coming from what was apparently the wrong server for the domain. e.g. my email address is g...@bainb.co.uk. If I send any email it has that 'From' address, no matter which server I send it through. If I send this via the server where my domain is registered - in my case my own server, but previously the server belonging to my ISP - then it is accepted. However if I send an email with my 'From' address (g...@bainb.co.uk) via my cellphone company's server then it will be rejected by the recipient as that server is not in my domain's DNS record. Note that I have to use their server if I send an email via my phone (at least that's true unless I use my own webmail). >From the OpenSPF website: >When an AOL user sends mail to you, an email server that belongs to AOL > connects to an email server that belongs to you. AOL uses SPF to >publish the addresses of its email servers. When the message comes in, >your email servers can tell if the server on the other end of the >connection belongs to AOL or not. Have I misunderstood? Gary. ___ xmail mailing list xmail@xmailserver.org http://xmailserver.org/mailman/listinfo/xmail
Re: [xmail] Enabling SPF howto?
Gary Bainbridge wrote: In article <49810994.4020...@amitrader.com>, r...@amitrader.com (Ralf) wrote: Sorry Davide, but I _must_ use SPF. That's the policy here. The problem with SPF is too many false positives. For example, you might send me an email. I check the email using my mobile phone, then reply. But my mobile phone is not on my domain so SPF will reject my reply. Similarly if I use a mail to web service from an internet café or a hotel. It's a problem I've had several times with my emails being rejected by the recipient. As Davide rightly said, it's far less effective than black listing or other techniques. Try and get the policy changed. Hmm... I think there are some misunderstandings here. SPF is intended for servers only, not for end users. If the user sends his mail via his mail server then the receiving mail server just checks in the DNS DB whether the sending mail server (not the user!) is really permitted to send mails for that domain. Nothing less, nothing more. If you deliver your mail directly then you act as a server, and consequently you should add an SPF record to your domains' DNS entries. If that's not possible or is impractical then just send your mail via your mail server. I would say 99+% of the users send their mails thru their mail servers instead of sending it directly. And: nowadays most mail servers have also a web interface, so you can access your mail server where your account is from anywhere in the world directly, without using any 3rd party service. I also wonder how you can send mail from an 'alien' system with your credentials of your 'home' mail server. Surely you have to give your mail password to this other site, isn't it? :-) How insecure! I never would do so. ___ xmail mailing list xmail@xmailserver.org http://xmailserver.org/mailman/listinfo/xmail
Re: [xmail] Enabling SPF howto?
In article <49810994.4020...@amitrader.com>, r...@amitrader.com (Ralf) wrote: > > Sorry Davide, but I _must_ use SPF. That's the policy here. The problem with SPF is too many false positives. For example, you might send me an email. I check the email using my mobile phone, then reply. But my mobile phone is not on my domain so SPF will reject my reply. Similarly if I use a mail to web service from an internet café or a hotel. It's a problem I've had several times with my emails being rejected by the recipient. As Davide rightly said, it's far less effective than black listing or other techniques. Try and get the policy changed. Gary. ___ xmail mailing list xmail@xmailserver.org http://xmailserver.org/mailman/listinfo/xmail
Re: [xmail] Enabling SPF howto?
Besides the mentioned perl module there is also a native C library for SPF/SRS (and also a prebuilt package in the Debian repository), called libspf2, so it would IMO make sense to add native SPF capability into xmail. http://packages.debian.org/unstable/source/libspf2 " Source Package: libspf2 (1.2.9-1) Homepage www.libspf2.org The following binary packages are built from this source package: libspf2-2 library for validating mail senders with SPF libspf2-dev Header and development libraries for libspf2 spfquery query SPF (Sender Policy Framework) to validate mail senders The Sender Policy Framework (SPF) is one part of the SPF/SRS protocol pair. SPF allows email systems such as Sendmail, Postfix, Exim, Zmailer and MS Exchange to check SPF records and make sure that the email is authorized by the domain name that it is coming from. This prevents email forgery, commonly used by spammers, scammers and email viruses/worms. This package contains simple utilities that use libspf2 to test and query SPF records. " And here is a list of mail servers with SPF-support: http://www.openspf.org/Implementations Ralf wrote: Davide Libenzi wrote: On Thu, 29 Jan 2009, Ralf wrote: fred wrote: It might help you but this is the script that I have made / use: http://xmailforum.homelinux.net/index.php?showtopic=4260 Tnanks fred, but per our security policy I can use only C/C++ source and bash or perl scripts. But especially php and python aren't allowed on the Linux boxes where our mail servers run. I really don't remember. I only briefly used it, given its complete failure to stop anything. You prolly want to use filters.post-rcpt.tab with something like: "!aex"[TAB]"PATH/xm-spf.pl"[TAB]"--ip"[TAB]"$(REMOTEADDR)"[TAB] \ "--sender"[TAB]"$(FROM)"[TAB]"--rcpt-to"[TAB]"$(CRCPT)" Where [TAB] is the *real* TAB character, and that's a single line (' \ ') trimmed. I cannot ensure you any success though :) Thanks, will try it out. Here are some examples of SPF catches by my other mail server. It shows that SPF indeed catches spammers who misusingly use the same domain name of the destination mail server or of the To-adress for their own machine to trick the mail server to believe he is from the same domain... SPF is not a spam solution, it just checks whether the sending machine has been authorized (via DNS SPF/TXT record) to send mail for that domain. So it catches those spammers who illegally use other domain names in their own hostname / mail domain name... Log excerpt: Received-SPF: softfail (srv3.amitrader.com: transitioning SPF record at blue.plala.or.jp does not designate 92.39.220.216 as permitted sender) Received-SPF: softfail (srv3.amitrader.com: transitioning SPF record at dvdownunder.com.au does not designate 91.124.168.23 as permitted sender) Received-SPF: softfail (srv3.amitrader.com: transitioning SPF record at msn.com does not designate 213.21.33.60 as permitted sender) The return values (above "softfail"; there are some more) can help to decide whether to accept or reject mail from such a sender... In the above cases my mail server rejected to accept mail from those spammers. BTW, here is your own SPF entry: :-) Received-SPF: pass (srv3.amitrader.com: SPF record at xmailserver.org designates 64.71.152.41 as permitted sender) Received: (qmail 23732 invoked from network); 29 Jan 2009 03:18:32 +0100 Received: from x35.xmailserver.org (64.71.152.41) by srv3.amitrader.com with (DHE-RSA-AES256-SHA encrypted) SMTP; 29 Jan 2009 03:18:32 +0100 Received-SPF: pass (srv3.amitrader.com: SPF record at xmailserver.org designates 64.71.152.41 as permitted sender) Received: from x35.xmailserver.org ([:::127.0.0.1]:50052) by x35.xmailserver.org with [XMail 1.26 ESMTP Server] id for from ; Wed, 28 Jan 2009 21:17:44 -0500 X-AuthUser: davi...@xmailserver.org Received: from alien.or.mcafeemobile.com by x35.xmailserver.org with [XMail 1.26 ESMTP Server] id for from ; Wed, 28 Jan 2009 21:17:29 -0500 Date: Wed, 28 Jan 2009 18:17:28 -0800 (PST) From: Davide Libenzi X-X-Sender: dav...@alien.or.mcafeemobile.com To: XMail Users Mailing List In-Reply-To: <49810ea6.4090...@amitrader.com> Message-ID: References: <4980fb23.6070...@amitrader.com> <49810994.4020...@amitrader.com> <004901c981b3$9abf30c0$d03d92...@com> <49810ea6.4090...@amitrader.com> User-Agent: Alpine 1.10 (DEB 962 2008-03-14) X-GPG-FINGRPRINT: CFAE 5BEE FD36 F65E E640 56FE 0974 BF23 270F 474E X-GPG-PUBLIC_KEY: http://www.xmailserver.org/davidel.asc MIME-Version: 1.0 Subject: Re: [xmail] Enabling SPF howto? X-BeenThere: xmail@xmailserver.org X-Mailman-Version: 2.1.11 Precedence: list Reply-To: XMail Users Mailing List List-Id: XMail Users Mailing List List-Unsubscribe: <http://xmailserver.org/mailman/
Re: [xmail] Enabling SPF howto?
Davide Libenzi wrote: On Thu, 29 Jan 2009, Ralf wrote: fred wrote: It might help you but this is the script that I have made / use: http://xmailforum.homelinux.net/index.php?showtopic=4260 Tnanks fred, but per our security policy I can use only C/C++ source and bash or perl scripts. But especially php and python aren't allowed on the Linux boxes where our mail servers run. I really don't remember. I only briefly used it, given its complete failure to stop anything. You prolly want to use filters.post-rcpt.tab with something like: "!aex"[TAB]"PATH/xm-spf.pl"[TAB]"--ip"[TAB]"$(REMOTEADDR)"[TAB] \ "--sender"[TAB]"$(FROM)"[TAB]"--rcpt-to"[TAB]"$(CRCPT)" Where [TAB] is the *real* TAB character, and that's a single line (' \ ') trimmed. I cannot ensure you any success though :) Thanks, will try it out. Here are some examples of SPF catches by my other mail server. It shows that SPF indeed catches spammers who misusingly use the same domain name of the destination mail server or of the To-adress for their own machine to trick the mail server to believe he is from the same domain... SPF is not a spam solution, it just checks whether the sending machine has been authorized (via DNS SPF/TXT record) to send mail for that domain. So it catches those spammers who illegally use other domain names in their own hostname / mail domain name... Log excerpt: Received-SPF: softfail (srv3.amitrader.com: transitioning SPF record at blue.plala.or.jp does not designate 92.39.220.216 as permitted sender) Received-SPF: softfail (srv3.amitrader.com: transitioning SPF record at dvdownunder.com.au does not designate 91.124.168.23 as permitted sender) Received-SPF: softfail (srv3.amitrader.com: transitioning SPF record at msn.com does not designate 213.21.33.60 as permitted sender) The return values (above "softfail"; there are some more) can help to decide whether to accept or reject mail from such a sender... In the above cases my mail server rejected to accept mail from those spammers. BTW, here is your own SPF entry: :-) Received-SPF: pass (srv3.amitrader.com: SPF record at xmailserver.org designates 64.71.152.41 as permitted sender) Received: (qmail 23732 invoked from network); 29 Jan 2009 03:18:32 +0100 Received: from x35.xmailserver.org (64.71.152.41) by srv3.amitrader.com with (DHE-RSA-AES256-SHA encrypted) SMTP; 29 Jan 2009 03:18:32 +0100 Received-SPF: pass (srv3.amitrader.com: SPF record at xmailserver.org designates 64.71.152.41 as permitted sender) Received: from x35.xmailserver.org ([:::127.0.0.1]:50052) by x35.xmailserver.org with [XMail 1.26 ESMTP Server] id for from ; Wed, 28 Jan 2009 21:17:44 -0500 X-AuthUser: davi...@xmailserver.org Received: from alien.or.mcafeemobile.com by x35.xmailserver.org with [XMail 1.26 ESMTP Server] id for from ; Wed, 28 Jan 2009 21:17:29 -0500 Date: Wed, 28 Jan 2009 18:17:28 -0800 (PST) From: Davide Libenzi X-X-Sender: dav...@alien.or.mcafeemobile.com To: XMail Users Mailing List In-Reply-To: <49810ea6.4090...@amitrader.com> Message-ID: References: <4980fb23.6070...@amitrader.com> <49810994.4020...@amitrader.com> <004901c981b3$9abf30c0$d03d92...@com> <49810ea6.4090...@amitrader.com> User-Agent: Alpine 1.10 (DEB 962 2008-03-14) X-GPG-FINGRPRINT: CFAE 5BEE FD36 F65E E640 56FE 0974 BF23 270F 474E X-GPG-PUBLIC_KEY: http://www.xmailserver.org/davidel.asc MIME-Version: 1.0 Subject: Re: [xmail] Enabling SPF howto? X-BeenThere: xmail@xmailserver.org X-Mailman-Version: 2.1.11 Precedence: list Reply-To: XMail Users Mailing List List-Id: XMail Users Mailing List List-Unsubscribe: <http://xmailserver.org/mailman/options/xmail>, <mailto:xmail-requ...@xmailserver.org?subject=unsubscribe> List-Archive: <http://xmailserver.org/pipermail/xmail> List-Post: <mailto:xmail@xmailserver.org> List-Help: <mailto:xmail-requ...@xmailserver.org?subject=help> List-Subscribe: <http://xmailserver.org/mailman/listinfo/xmail>, <mailto:xmail-requ...@xmailserver.org?subject=subscribe> Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: xmail-boun...@xmailserver.org Errors-To: xmail-boun...@xmailserver.org ___ xmail mailing list xmail@xmailserver.org http://xmailserver.org/mailman/listinfo/xmail
Re: [xmail] Enabling SPF howto?
On Thu, 29 Jan 2009, Ralf wrote: > fred wrote: > > It might help you but this is the script that I have made / use: > > http://xmailforum.homelinux.net/index.php?showtopic=4260 > > Tnanks fred, > > but per our security policy I can use only C/C++ source and > bash or perl scripts. But especially php and python aren't allowed > on the Linux boxes where our mail servers run. I really don't remember. I only briefly used it, given its complete failure to stop anything. You prolly want to use filters.post-rcpt.tab with something like: "!aex"[TAB]"PATH/xm-spf.pl"[TAB]"--ip"[TAB]"$(REMOTEADDR)"[TAB] \ "--sender"[TAB]"$(FROM)"[TAB]"--rcpt-to"[TAB]"$(CRCPT)" Where [TAB] is the *real* TAB character, and that's a single line (' \ ') trimmed. I cannot ensure you any success though :) - Davide ___ xmail mailing list xmail@xmailserver.org http://xmailserver.org/mailman/listinfo/xmail
Re: [xmail] Enabling SPF howto?
fred wrote: It might help you but this is the script that I have made / use: http://xmailforum.homelinux.net/index.php?showtopic=4260 Tnanks fred, but per our security policy I can use only C/C++ source and bash or perl scripts. But especially php and python aren't allowed on the Linux boxes where our mail servers run. Best Regards, Ralf -Original Message- From: xmail-boun...@xmailserver.org [mailto:xmail-boun...@xmailserver.org] On Behalf Of Ralf Sent: 28 janvier 2009 20:43 To: XMail Users Mailing List Subject: Re: [xmail] Enabling SPF howto? Davide Libenzi wrote: On Thu, 29 Jan 2009, Ralf wrote: I'm trying to switch from qmail to xmail. There I had SPF activated and would like to use SPF also in xmail. I saw that there is a perl script for SPF (http://www.xmailserver.org/xm-spf.pl), but how do I integrate it into xmail? Suggestion. Leave SPF alone. Nobody is using it and its contribution on SPAM-cutting on my servers was totally irrelevant WRT greylisting and RBLs. The whole SPF project tanked, badly. Sorry Davide, but I _must_ use SPF. That's the policy here. I would very much appreciate it if you could show me how to activate SPF in xmail (maybe you should include this info into the comment header of the xm-spf.pl file). Best Regards, Ralf ___ xmail mailing list xmail@xmailserver.org http://xmailserver.org/mailman/listinfo/xmail
Re: [xmail] Enabling SPF howto?
It might help you but this is the script that I have made / use: http://xmailforum.homelinux.net/index.php?showtopic=4260 -Original Message- From: xmail-boun...@xmailserver.org [mailto:xmail-boun...@xmailserver.org] On Behalf Of Ralf Sent: 28 janvier 2009 20:43 To: XMail Users Mailing List Subject: Re: [xmail] Enabling SPF howto? Davide Libenzi wrote: > On Thu, 29 Jan 2009, Ralf wrote: > >> I'm trying to switch from qmail to xmail. >> There I had SPF activated and would like to use SPF also in xmail. >> I saw that there is a perl script for SPF >> (http://www.xmailserver.org/xm-spf.pl), >> but how do I integrate it into xmail? > > Suggestion. Leave SPF alone. Nobody is using it and its contribution on > SPAM-cutting on my servers was totally irrelevant WRT greylisting and RBLs. > The whole SPF project tanked, badly. Sorry Davide, but I _must_ use SPF. That's the policy here. I would very much appreciate it if you could show me how to activate SPF in xmail (maybe you should include this info into the comment header of the xm-spf.pl file). Best Regards, Ralf ___ xmail mailing list xmail@xmailserver.org http://xmailserver.org/mailman/listinfo/xmail ___ xmail mailing list xmail@xmailserver.org http://xmailserver.org/mailman/listinfo/xmail
Re: [xmail] Enabling SPF howto?
Davide Libenzi wrote: On Thu, 29 Jan 2009, Ralf wrote: I'm trying to switch from qmail to xmail. There I had SPF activated and would like to use SPF also in xmail. I saw that there is a perl script for SPF (http://www.xmailserver.org/xm-spf.pl), but how do I integrate it into xmail? Suggestion. Leave SPF alone. Nobody is using it and its contribution on SPAM-cutting on my servers was totally irrelevant WRT greylisting and RBLs. The whole SPF project tanked, badly. Sorry Davide, but I _must_ use SPF. That's the policy here. I would very much appreciate it if you could show me how to activate SPF in xmail (maybe you should include this info into the comment header of the xm-spf.pl file). Best Regards, Ralf ___ xmail mailing list xmail@xmailserver.org http://xmailserver.org/mailman/listinfo/xmail
Re: [xmail] Enabling SPF howto?
On Thu, 29 Jan 2009, Ralf wrote: > I'm trying to switch from qmail to xmail. > There I had SPF activated and would like to use SPF also in xmail. > I saw that there is a perl script for SPF > (http://www.xmailserver.org/xm-spf.pl), > but how do I integrate it into xmail? Suggestion. Leave SPF alone. Nobody is using it and its contribution on SPAM-cutting on my servers was totally irrelevant WRT greylisting and RBLs. The whole SPF project tanked, badly. - Davide ___ xmail mailing list xmail@xmailserver.org http://xmailserver.org/mailman/listinfo/xmail
[xmail] Enabling SPF howto?
I'm trying to switch from qmail to xmail. There I had SPF activated and would like to use SPF also in xmail. I saw that there is a perl script for SPF (http://www.xmailserver.org/xm-spf.pl), but how do I integrate it into xmail? I guess one has to have the perl module Mail::SPF::Query installed # perl -MCPAN -e shell cpan> install Mail::SPF::Query and the xm-spf.pl script must be copied to the MailRoot/bin directory, and in MailRoot/filters a new file must be created, and in the file MailRoot/filters.in.tab (right?) an entry must be made to this file in the filters directory. Right? How should the entries in filters.in.tab and the corrosponding file in the filters directory look like? TIA Ralf ___ xmail mailing list xmail@xmailserver.org http://xmailserver.org/mailman/listinfo/xmail