On 10/15/16 20:56, David Jones wrote:
>
> >What I was hoping for was, that as someone who does bother checking, to
>
> >find out a solution that would help me prevent from receiving spoofed
> >e-mails, because as I mentioned multiple times SPF, DKIM, and DMARC is
> >not able to do that. I am looking for a way how to detect that e-mail is
> >spoofed. Any way.
>
> >Now, for sure users who do not want to bother to check will always
> >receive spoofed e-mails easily, so how about users who do want to check?
> >What solution that works is out there? What can you actually do to
> >prevent receiving spoofed e-mails?
>
> >One of solutions that I proposed is an optional SA plugin that would
> >treat the email found in "From:" header as envelope sender and check
> >against that, raising the score or doing something if it failed.
>
> >That would obviously work and blocked hackers from spoofing, but as you
> >said, it would also break some other stuff, like mailing lists for
> >instance, so you deemed this solution evil and something what should
> >never be done on any mail server, even if that mail server was used only
> >by people who don't care about mailing lists at all.
>
> >So is there actually any other solution? That is what I am looking for,
> >and that is why I started this thread.
>
> The best thing you can do is setup postfix postscreen with as many
> RBLs properly weighted to block the marjority of spoofing senders.
> This has been documented on this list so search the archives.
>
> Second is setup an extensive list of whitelist_auth domains that are
> commonly spoofed (ups.com, fedex.com, dhl.com, etc. -- ebay.com
> and paypal.com are already in the default rules) then train your Bayes
> and adjust scoring on existing rules to block the spoofed spam.
>
> Depending on your user base and where your located, you can use
> language detection and country codes to add points to your SA score
> with ok_languages and the RelayCountry plugin. 
>
> There is no hard and fast way to detect spoofing so just try to block
> it in SA just like any other spam.  Try to reject as much as you can at
> the MTA level so SA only has to check a very small percentage of the
> mail connection attempts.
>
> Dave


Hi,


Thanks for that, I will do that, another thing that comes to my mind: if
my mail server sign every single e-mail with DKIM, that e-mail should be
signed even if it's redistributed by mailing list daemon or not? I see
my own e-mails here and e-mails of some other people in this list to be
DKIM signed.


So isn't there a way to get either postfix or SA to reject or flag
emails that are sent specifically "from my domain" but aren't signed
with DKIM? I even think that it's possible to set a DMARC policy to
require emails from a domain to be signed.


This would block forged e-mails but would not block e-mails from mailing
lists.


Isn't it somehow possible to tell SA to score-up these mails if they
fail this DMARC policy?

Reply via email to