Re: How to get spam assassin to detect spoofed mails as SPF is clearly useless

On 10/15/16 20:56, David Jones wrote: > > >What I was hoping for was, that as someone who does bother checking, to > > >find out a solution that would help me prevent from receiving spoofed > >e-mails, because as I mentioned multiple times SPF, DKIM, and DMARC is > >not able to do that. I am

Re: How to get spam assassin to detect spoofed mails as SPF is clearly useless

On 15 Oct 2016, at 14:50, Petr Bena wrote: I was looking to accomplish something similar, but seems that SA can't do that and there are probably no open source plugins or postfix hooks that allow this (so far). This class of problem is one reason to pick MIMEDefang as your tool for

Re: How to get spam assassin to detect spoofed mails as SPF is clearly useless

On 10/15/16 20:35, Antony Stone wrote: > On Saturday 15 October 2016 at 20:30:25, Axb wrote: > >> On 10/15/2016 08:13 PM, Petr Bena wrote: >>> What I was hoping for was, that as someone who does bother checking, to >>> find out a solution that would help me prevent from receiving spoofed >>>

Re: How to get spam assassin to detect spoofed mails as SPF is clearly useless

On 15 Oct 2016, at 14:13, Petr Bena wrote: That would obviously work and blocked hackers from spoofing, No, it would not do so. It's clear that you didn't bother reading Dianne Skoll's message and considering or testing her counter-example. but as you said, it would also break some other

Re: How to get spam assassin to detect spoofed mails as SPF is clearly useless

>Thanks for that, I will do that, another thing that comes to my mind: >if my mail server sign every single e-mail with DKIM, that e-mail >should be signed even if it's redistributed by mailing list daemon >or not? I see my own e-mails here and e-mails of some other people >in this list to be

Re: How to get spam assassin to detect spoofed mails as SPF is clearly useless

Hello, What I was hoping for was, that as someone who does bother checking, to find out a solution that would help me prevent from receiving spoofed e-mails, because as I mentioned multiple times SPF, DKIM, and DMARC is not able to do that. I am looking for a way how to detect that e-mail is

Re: How to get spam assassin to detect spoofed mails as SPF is clearly useless

On 15.10.16 21:08, Petr Bena wrote: > if my mail server sign every single e-mail with DKIM, that e-mail should > be signed even if it's redistributed by mailing list daemon or not? Sadly, there are mailing list admins who think it wise to have subject lines or message bodies modified, e.g. by

Re: How to get spam assassin to detect spoofed mails as SPF is clearly useless

>What I was hoping for was, that as someone who does bother checking, to >find out a solution that would help me prevent from receiving spoofed >e-mails, because as I mentioned multiple times SPF, DKIM, and DMARC is >not able to do that. I am looking for a way how to detect that e-mail is

Re: How to get spam assassin to detect spoofed mails as SPF is clearly useless

On 10/15/2016 08:35 PM, Antony Stone wrote: On Saturday 15 October 2016 at 20:30:25, Axb wrote: On 10/15/2016 08:13 PM, Petr Bena wrote: What I was hoping for was, that as someone who does bother checking, to find out a solution that would help me prevent from receiving spoofed e-mails

Re: How to get spam assassin to detect spoofed mails as SPF is clearly useless

On 15.10.16 20:13, Petr Bena wrote: > One of solutions that I proposed is an optional SA plugin that would > treat the email found in "From:" header as envelope sender and check > against that, raising the score or doing something if it failed. A sending mail on behalf of B does not

Re: How to get spam assassin to detect spoofed mails as SPF is clearly useless

On Saturday 15 October 2016 at 20:30:25, Axb wrote: > On 10/15/2016 08:13 PM, Petr Bena wrote: > > > > What I was hoping for was, that as someone who does bother checking, to > > find out a solution that would help me prevent from receiving spoofed > > e-mails > There is no publicly available

Re: How to get spam assassin to detect spoofed mails as SPF is clearly useless

On 10/15/2016 08:13 PM, Petr Bena wrote: Hello, What I was hoping for was, that as someone who does bother checking, to find out a solution that would help me prevent from receiving spoofed e-mails, because as I mentioned multiple times SPF, DKIM, and DMARC is not able to do that. I am looking

Re: How to get spam assassin to detect spoofed mails as SPF is clearly useless

On 15.10.16 17:33, Petr Bena wrote: > I started this discussion stating the fact that SPF, DKIM and DMARC > don't prevent people from being able to spoof your email address. These mechanisms are not meant to prevent spoofing (and they can't), just to make it easier to detect spoofing on the

Re: How to get spam assassin to detect spoofed mails as SPF is clearly useless

I don't understand your point. I started this discussion stating the fact that SPF, DKIM and DMARC don't prevent people from being able to spoof your email address. And you tell me that I don't understand email security because SPF, DKIM and DMARC don't prevent people from being able to spoof my

Re: How to get spam assassin to detect spoofed mails as SPF is clearly useless

On 15 Oct 2016, at 11:33, Petr Bena wrote: I don't understand your point. I started this discussion stating the fact that SPF, DKIM and DMARC don't prevent people from being able to spoof your email address. And you tell me that I don't understand email security because SPF, DKIM and DMARC

Re: How to get spam assassin to detect spoofed mails as SPF is clearly useless

On 10/15/2016 1:51 PM, Matus UHLAR - fantomas wrote: I can immediately guess this rule would need way too many exceptions to be useful. And when anyone in the world subscribed to any list, it would need an exception. On 15.10.16 15:35, Petr Bena wrote: Nope, the exception would go for a whole

Re: Dynamic black listing - locally blacklist sender domain / IP

I already do that I use DNSBL but they have too small expiry time, if they blacklist someone, in two days they are free to spam again. If it worked and I didn't keep getting spammed by same IP's and same senders all time I wouldn't have to hardcode them into my configuration, which is indeed

Re: How to get spam assassin to detect spoofed mails as SPF is clearly useless

Nope, the exception would go for a whole mailing list, not for every of its users. Anyway given that this would be optional plugin for sa, it would be only used by people / organizations who care about authenticity of the message sender and these that would be OK with the fact that mail

Re: How to get spam assassin to detect spoofed mails as SPF is clearly useless

On 10/15/2016 04:57 PM, Dianne Skoll wrote: On Sat, 15 Oct 2016 15:35:25 +0200 Petr Bena wrote: Believe me, there are people or organizations who would happily exchange ability to use mailing lists within some domain for guarantee that their emails can't be spoofed in no way

Re: How to get spam assassin to detect spoofed mails as SPF is clearly useless

On Sat, 15 Oct 2016 15:35:25 +0200 Petr Bena wrote: > Believe me, there are people or organizations who would happily > exchange ability to use mailing lists within some domain for > guarantee that their emails can't be spoofed in no way (at least > within their own domain).

Re: How to get spam assassin to detect spoofed mails as SPF is clearly useless

On Fri, 14 Oct 2016 23:24:21 +0200 Petr Bena wrote: > How does DKIM prevent others from spoofing your mail address? People > will still receive unsigned e-mails that look like they were sent by > you even if they were not. DKIM by iself does not. DKIM plus DMARC sort-of does.

Re: Dynamic black listing - locally blacklist sender domain / IP

On 10/15/2016 04:13 PM, Petr Bena wrote: I already do that I use DNSBL but they have too small expiry time, if they blacklist someone, in two days they are free to spam again. If it worked and I didn't keep getting spammed by same IP's and same senders all time I wouldn't have to hardcode them

Dynamic black listing - locally blacklist sender domain / IP

Hi, I would like to implement some sort of semi-automated or dynamic sender black listing. Basically what I would like to accomplish is to have a dynamic blacklist (not something hardcoded in config files, but rather some sort of a database, possibly SQL based) so that I could relatively

Re: Dynamic black listing - locally blacklist sender domain / IP

On 10/15/2016 01:45 PM, Petr Bena wrote: Hi, I would like to implement some sort of semi-automated or dynamic sender black listing. Basically what I would like to accomplish is to have a dynamic blacklist (not something hardcoded in config files, but rather some sort of a database, possibly SQL

Re: AM.WBL?

On 15.10.16 07:04, Thomas Barth wrote: I got a false positive because the test AM.WBL results in score 7. It was a mail by email.apple.com (a bill). What is AM.WBL? I cant find it in the test list: https://spamassassin.apache.org/tests_3_3_x.html Do I have to set "score AM.WBL 0"?

Re: How to get spam assassin to detect spoofed mails as SPF is clearly useless

On 14.10.16 16:26, Bowie Bailey wrote: On the other hand, SA is a points-based system. If you checked SPF based on the From header, you could then whitelist known list servers and other exceptions and add a point or so to the rest. If you set the score at 0.001 and monitored the non-spam