Re: SPF rules and my domain

On 10.12.15 22:54, Alex wrote: I don't understand why a message from tripadvisor.com would have SPF_FAIL, and as part of trying to understand how SPF works, I'd like to figure out what's happening. Would someone be able to take a look at this message and figure out why mail from tripadvisor.com

Re: SPF rules and my domain

Am 11.12.2015 um 17:11 schrieb Alex: On Fri, Dec 11, 2015 at 10:33 AM, Matus UHLAR - fantomas wrote: On 10.12.15 22:54, Alex wrote: I don't understand why a message from tripadvisor.com would have SPF_FAIL, and as part of trying to understand how SPF works, I'd like to

Re: SPF rules and my domain

Hi, On Fri, Dec 11, 2015 at 10:33 AM, Matus UHLAR - fantomas wrote: >> On 10.12.15 22:54, Alex wrote: >>> >>> I don't understand why a message from tripadvisor.com would have >>> SPF_FAIL, and as part of trying to understand how SPF works, I'd like >>> to figure out what's

Re: SPF rules and my domain

Am 11.12.2015 um 08:56 schrieb Matus UHLAR - fantomas: I don't understand why a message from tripadvisor.com would have SPF_FAIL, and as part of trying to understand how SPF works, I'd like to figure out what's happening. Would someone be able to take a look at this message and figure out why

Re: SPF rules and my domain

Am 10.12.2015 um 03:42 schrieb Alex: If I wanted to use SPF in spamassassin to block spoofing attempts against my domain, how would I do that? Can I create a meta that combines SPF_FAIL with the From header for my domain to do this? SPF *is not* about the From-Header signature.asc

Re: SPF rules and my domain

Yes, understood. This was always about my own MTA receiving a message appearing to be "FROM" my own domain, and my own SPF record would be used to check the IP of the remote system to determine if it was permitted. I may have made that especially clear at one point. Does this make sense now? I'm

Re: SPF rules and my domain

On December 10, 2015 3:49:56 PM Alex wrote: whitelist_from_spf: *@example.tld (your domain) header Return-Path =~ example.tld That's great. I'll investigate. or blacklist_from *@* with whitelist_auth *@* to hate all equal :)

Re: SPF rules and my domain

Benny Pedersen wrote: > Alex skrev den 2015-12-10 03:42: > >> If I wanted to use SPF in spamassassin to block spoofing attempts >> against my domain, how would I do that? >> Can I create a meta that combines SPF_FAIL with the From header for my >> domain to do this? > > setup pypolicyd-spf is

Re: SPF rules and my domain

r Alex (at the time) misunderstood SPF and asked a > question based on that misunderstanding, which I tried to clarify, or he > simply mistyped "by" when he should have typed "from". Yes, I have no idea why I would have written "by". I meant "from". Too ma

Re: SPF rules and my domain

yped "from". On 10.12.15 22:54, Alex wrote: Yes, I have no idea why I would have written "by". I meant "from". Too many hours of SPF at once, I suppose. I think I've misread the message in the correct way it was meant :-) Is it possible to test spamassassin

Re: SPF rules and my domain

Hi, > > Please help me understand why SPF_FAIL would not be triggered when > > > > > > an incoming email using my domain is received by a server that is > > > not in > > my SPF record. > > The SPF fail SHOULD be triggered in that case. But in your first mail you > have mentioned

Re: SPF rules and my domain

Hi, >>If I wanted to use SPF in spamassassin to block spoofing attempts >>against my domain, how would I do that? > > Simply put all approved mail servers that you allow to send email with an > envelope-from domain of your domain in your SPF record and it won't > matter what the receiving server

Re: SPF rules and my domain

Hi, >> If I wanted to use SPF in spamassassin to block spoofing attempts >> against my domain, how would I do that? >> Can I create a meta that combines SPF_FAIL with the From header for my >> domain to do this? > > setup pypolicyd-spf is not that hard is it ? I mentioned previously that there

Re: SPF rules and my domain

Hi, >> If I wanted to use SPF in spamassassin to block spoofing attempts >> against my domain, how would I do that? >> >> Can I create a meta that combines SPF_FAIL with the From header for my >> domain to do this? > > This all sounds like: > > I (Alex) want to use SPF for incoming email, and

Re: SPF rules and my domain

Am 10.12.2015 um 15:43 schrieb Alex: Hi, If I wanted to use SPF in spamassassin to block spoofing attempts against my domain, how would I do that? Simply put all approved mail servers that you allow to send email with an envelope-from domain of your domain in your SPF record and it won't

Re: SPF rules and my domain

Am 10.12.2015 um 15:47 schrieb Alex: data in spf must be with all mynetworks in postfix except all non routeble ips such as rfc1918 in the spf for mydestination and virtual domains Doesn't that introduce a trust issue with include: for example? We're including constant-contact, salesforce,

Re: SPF rules and my domain

On Thu, 10 Dec 2015, Matus UHLAR - fantomas wrote: > My response was based on how you worded your question, which has been > removed from the thread now: > > > > > Please help me understand why SPF_FAIL would not be triggered > > > > when an incoming email using my domain is received by a

Re: SPF rules and my domain

Am 10.12.2015 um 15:56 schrieb Alex: Please help me understand why SPF_FAIL would not be triggered when > > > an incoming email using my domain is received by a server that is > > > not in > > my SPF record. The SPF fail SHOULD be triggered in that case. But in your first mail you

Re: SPF rules and my domain

On Wed, 2015-12-09 at 08:11 +0100, Reindl Harald wrote: > > T_SPF_PERMERROR says pretty clear that you made something wrong > why do people not *verify* DNS changes? seen the same from a > lot of large companies > > http://www.kitterman.com/spf/validate.html > +1 for the Kitterman checking tool

Re: SPF rules and my domain

Hi, >> T_SPF_PERMERROR says pretty clear that you made something wrong >> why do people not *verify* DNS changes? seen the same from a >> lot of large companies >> >> http://www.kitterman.com/spf/validate.html >> > +1 for the Kitterman checking tool - still my first stop for SPF > checking. > > I

Re: SPF rules and my domain

Am 09.12.2015 um 15:44 schrieb Alex: T_SPF_PERMERROR says pretty clear that you made something wrong why do people not *verify* DNS changes? seen the same from a lot of large companies http://www.kitterman.com/spf/validate.html +1 for the Kitterman checking tool - still my first stop for

Re: SPF rules and my domain

On Wed, 2015-12-09 at 09:44 -0500, Alex wrote: > My main problem is understanding how to build a rule to block > spoofing attempts against my own domain? Do I need to build a meta > that combines envelope FROM with SPF_FAIL? > Don't forget that SPF fails and errors will always be related to the

Re: SPF rules and my domain

sible From-header (spoofing protection based on the header kills Yes, I understand that as well, and mentioned that earlier. > second: > spoofing protection belongs in the MTA long before spamassassin > > why? Yes, I agree, and also mentioned that, but I wanted to understand the SPF rules

Re: SPF rules and my domain

From-header (spoofing protection based on the header kills Yes, I understand that as well, and mentioned that earlier. second: spoofing protection belongs in the MTA long before spamassassin why? Yes, I agree, and also mentioned that, but I wanted to understand the SPF rules from within

Re: SPF rules and my domain

On Wed, 9 Dec 2015, Alex wrote: Please help me understand why SPF_FAIL would not be triggered when an incoming email using my domain is received by a server that is not in my SPF record. I think you mean, *FROM* a server that is not in your SPF record. SPF says nothing about the *recipient*

Re: SPF rules and my domain

>> Please help me understand why SPF_FAIL would not be triggered when an >> incoming email using my domain is received by a server that is not in >> my SPF record. > > I think you mean, *FROM* a server that is not in your SPF record. > > SPF says nothing about the *recipient* MTA. Unless that

Re: SPF rules and my domain

On Wed, 9 Dec 2015, Alex wrote: Please help me understand why SPF_FAIL would not be triggered when an incoming email using my domain is received by a server that is not in my SPF record. I think you mean, *FROM* a server that is not in your SPF record. SPF says nothing about the *recipient*

Re: SPF rules and my domain

Hi, >>> I think you mean, *FROM* a server that is not in your SPF record. >>> >>> SPF says nothing about the *recipient* MTA. >> >> >> Unless that recipient MTA is my own, correct? > > No. The recipient *does not matter*. SPF is vetting the *sending* MTA. > >> The SPF record contains a list of

Re: SPF rules and my domain

Am 09.12.2015 um 18:25 schrieb Alex: Please help me understand why SPF_FAIL would not be triggered when an incoming email using my domain is received by a server that is not in my SPF record. I think you mean, *FROM* a server that is not in your SPF record. SPF says nothing about the

Re: SPF rules and my domain

On Wed, 9 Dec 2015, Alex wrote: I think you mean, *FROM* a server that is not in your SPF record. SPF says nothing about the *recipient* MTA. Unless that recipient MTA is my own, correct? No. The recipient *does not matter*. SPF is vetting the *sending* MTA. The SPF record contains a

Re: SPF rules and my domain

Hi, >> Yes, understood. This was always about my own MTA receiving a message >> appearing to be "FROM" my own domain, and my own SPF record would be >> used to check the IP of the remote system to determine if it was >> permitted. I may have made that especially clear at one point. >> >> Does

Re: SPF rules and my domain

Alex skrev den 2015-12-10 03:42: If I wanted to use SPF in spamassassin to block spoofing attempts against my domain, how would I do that? Can I create a meta that combines SPF_FAIL with the From header for my domain to do this? setup pypolicyd-spf is not that hard is it ? when done, you

Re: SPF rules and my domain

>Spamassassin is just going to record a generic SPF_FAIL, regardless of >whether it's my SPF record or an email from some other domain. >If I wanted to use SPF in spamassassin to block spoofing attempts >against my domain, how would I do that? Simply put all approved mail servers that you allow

Re: SPF rules and my domain

On 10-12-15 03:42, Alex wrote: > Hi, > >>> Yes, understood. This was always about my own MTA receiving a message >>> appearing to be "FROM" my own domain, and my own SPF record would be >>> used to check the IP of the remote system to determine if it was >>> permitted. I may have made that

Re: SPF rules and my domain

Am 09.12.2015 um 05:03 schrieb Alex: I'm having some problems with SPF and hoped someone could help me to understand. I've just set up SPF for a domain and now trying to make sure that spamassassin for that domain is properly blocking/scoring mail attempting to spoof the envelope sender. I'm

SPF rules and my domain

Hi, I'm having some problems with SPF and hoped someone could help me to understand. I've just set up SPF for a domain and now trying to make sure that spamassassin for that domain is properly blocking/scoring mail attempting to spoof the envelope sender. I'm seeing a number of emails hit

Re: SPF rules do not look at spoofed From: address

My question has been misunderstood as commentary on SPF, etc. It is not about SPF, I'm just trying to steer the question towards a spamassassin tag that can be triggered. I found a solution with my own rule. I wasn't sure whether the SA rules referring to 'from' header were actually meaning

Re: SPF rules do not look at spoofed From: address

On Thu, 2015-02-12 at 15:07 -0400, francis picabia wrote: SPF works as designed. Forget SPF. Quite: the only real use for SPF is to prevent you inadvertently spraying innocent people with backscatter. If the sender has been forged by a spammer and your MTA can't deliver it (usually because the

Re: SPF rules do not look at spoofed From: address

On 2015-02-12 08:17, francis picabia wrote: Our spamassassin 3.3.1 is marking email with tags like and SPF_SOFTFAIL and SPF_FAIL, as long as the sender info is failing the SPF test. But if the sender passes the test and the From: address is from our domain, then there are no SPF tags appearing.

Re: SPF rules do not look at spoofed From: address

On 2015-02-12 11:27, Martin Gregorie wrote: On Thu, 2015-02-12 at 15:07 -0400, francis picabia wrote: SPF works as designed. Forget SPF. Quite: the only real use for SPF is to prevent you inadvertently spraying innocent people with backscatter. If the sender has been forged by a spammer and

Re: SPF rules do not look at spoofed From: address

On Thu, Feb 12, 2015 at 1:46 PM, Benny Pedersen m...@junc.eu wrote: On 12. feb. 2015 17.40.13 Kevin A. McGrail kmcgr...@pccc.com wrote: Spf deals with the envelope sender not the from address. envelope_sender_header From bad example to follow, it not really a spf question, sender-id is the

Re: SPF rules do not look at spoofed From: address

On 12. feb. 2015 20.17.44 Dave Warren da...@hireahit.com wrote: However, using a DMARC quarantine or reject policy causes breakage when users attempt to participate in discussion based mailing lists, or other systems which modify messages (adding subject tags, adding footers, removing existing

SPF rules do not look at spoofed From: address

Our spamassassin 3.3.1 is marking email with tags like and SPF_SOFTFAIL and SPF_FAIL, as long as the sender info is failing the SPF test. But if the sender passes the test and the From: address is from our domain, then there are no SPF tags appearing. The risk is that users don't look at the

Re: SPF rules do not look at spoofed From: address

Spf deals with the envelope sender not the from address. Beyond that it, you might find dkim to be a better solution to prevent others spoofing your domain. Regards, KAM On February 12, 2015 11:17:38 AM EST, francis picabia fpica...@gmail.com wrote: Our spamassassin 3.3.1 is marking email

Re: SPF rules do not look at spoofed From: address

Am 12.02.2015 um 17:17 schrieb francis picabia: Our spamassassin 3.3.1 is marking email with tags like and SPF_SOFTFAIL and SPF_FAIL, as long as the sender info is failing the SPF test. But if the sender passes the test and the From: address is from our domain, then there are no SPF tags

Re: SPF rules do not look at spoofed From: address

On Thu, Feb 12, 2015 at 12:33 PM, Kevin A. McGrail kmcgr...@pccc.com wrote: Spf deals with the envelope sender not the from address. Beyond that it, you might find dkim to be a better solution to prevent others spoofing your domain. Regards, KAM Thanks for the reply. Has anyone tried a

Re: SPF rules do not look at spoofed From: address

Am 12.02.2015 um 17:58 schrieb francis picabia: On Thu, Feb 12, 2015 at 12:33 PM, Kevin A. McGrail kmcgr...@pccc.com wrote: Spf deals with the envelope sender not the from address. Beyond that it, you might find dkim to be a better solution to prevent others spoofing your domain. Thanks for

Re: SPF rules do not look at spoofed From: address

On 12. feb. 2015 17.40.13 Kevin A. McGrail kmcgr...@pccc.com wrote: Spf deals with the envelope sender not the from address. envelope_sender_header From bad example to follow, it not really a spf question, sender-id is the untrusted version of dkim current dmarc rfc have design faults :(

SPF rules

Good morning, The SPF_PASS and SPF_HELO_PASS rules hit several hundred messages a day. I am doing SPF lockup's at the MTA. How do I go about stopping these tests from within SA? Thanks, Ray

Re: SPF rules

On 02.10.08 10:28, Ray Jette wrote: The SPF_PASS and SPF_HELO_PASS rules hit several hundred messages a day. I am doing SPF lockup's at the MTA. How do I go about stopping these tests from within SA? if your MTA pushes Received-SPF: headers to the mail, the SA will use it. There are still

Re: SPF rules

On Thu, 2008-10-02 at 10:28 -0400, Ray Jette wrote: Good morning, The SPF_PASS and SPF_HELO_PASS rules hit several hundred messages a day. I am doing SPF lockup's at the MTA. How do I go about stopping these tests from within SA? score SPF_PASS 0 score SPF_HELO_PASS 0 or just remove the

Re: SPF rules

Thanks for the quick reply. Do you know what .pre file this is contained in? From the /etc/spamassassin directory I ran the following: grep SPF_PASS *.pre but came up with nothing. Thanks. On Thu, 2008-10-02 at 09:44 -0500, McDonald, Dan wrote: or just remove the module from the .pre file that

Re: SPF rules

On Thu, 2008-10-02 at 10:28 -0400, Ray Jette wrote: Good morning, The SPF_PASS and SPF_HELO_PASS rules hit several hundred messages a day. I am doing SPF lockup's at the MTA. How do I go about stopping these tests from within SA? On 02.10.08 09:44, McDonald, Dan wrote: score SPF_PASS 0

Re: SPF rules

On Thu, 2008-10-02 at 10:57 -0400, Ray Jette wrote: Thanks for the quick reply. Do you know what .pre file this is contained in? From the /etc/spamassassin directory I ran the following: grep SPF_PASS *.pre but came up with nothing. [EMAIL PROTECTED] spamassassin]$ grep -i -C 1 spf *.pre

Re: SPF rules

Matus UHLAR - fantomas wrote: Of course, PASS tells nothing, but there are *FAIL, NEUTRAL etc. Actually, PASS can tell you quite a bit if you're trying to whitelist a specific address or domain (eg. whitelist_from_spf). -- Kelson Vibber SpeedGate Communications www.speed.net

Re: SPF rules

On Thu, October 2, 2008 16:28, Ray Jette wrote: Good morning, evening here :) The SPF_PASS and SPF_HELO_PASS rules hit several hundred messages a day. I am doing SPF lockup's at the MTA. How do I go about stopping these tests from within SA? perldoc Mail::SpamAssassin::Conf perldoc

Re: SPF rules

Benny Pedersen wrote: On Thu, October 2, 2008 16:28, Ray Jette wrote: Good morning, evening here :) it keeps changing here :) The SPF_PASS and SPF_HELO_PASS rules hit several hundred messages a day. I am doing SPF lockup's at the MTA. How do I go about stopping these tests from within