I wrote this simple plugin, mxpf This plugin search B class of sender Ip Address and try to match B class of any Ip of mx records of declared domain So when it match is very difficolut that sender is a spoofed domain, you can use MXPF_PASS to combine with other rules in addition to SPF_PASS
1) Unpack mxpf.cf and mxpf.pm under /etc/mail/spamassassin dir 2) put your score in mxpf.cf Download here : https://forum.efa-project.org/viewtopic.php?f=14&t=1777 Nicola Piazzi CED - Sistemi COMET s.p.a. Via Michelino, 105 - 40127 Bologna - Italia Tel. +39 051.6079.293 Cell. +39 328.21.73.470 Web: www.gruppocomet.it -----Messaggio originale----- Da: John Hardin [mailto:jhar...@impsec.org] Inviato: martedì 9 agosto 2016 23:04 A: users@spamassassin.apache.org Oggetto: Re: A plugin to legitimate email when SPF and DKIM missing On Tue, 9 Aug 2016, li...@rhsoft.net wrote: > > Am 09.08.2016 um 18:08 schrieb Kevin Golding: >> Based on what you're trying to do: >> >> man dig > > don't help, see below > >> or depending on your resolver possibly: >> >> man drill > > don't help, see below > >> Whilst I agree it is slightly more effort to set-up whitelisting by >> looking up the details first it would still be far more resource >> efficient on your servers > > that don't catch the problem if the MX changes that you need to > permanently watch your "whitelist_from_rcvd" and maintain them So script it. Write a script that reads a list of domain names, does digs to get those domains' MX hosts, and writes whitelist_from_rcvd rules for them to a local config file. Run that every night as part of your scheduled sa-update script. -- John Hardin KA7OHZ http://www.impsec.org/~jhardin/ jhar...@impsec.org FALaholic #11174 pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 ----------------------------------------------------------------------- The question of whether people should be allowed to harm themselves is simple. They *must*. -- Charles Murray ----------------------------------------------------------------------- 6 days until the 71st anniversary of the end of World War II
