On 2015-07-15 23:49, Matus UHLAR - fantomas wrote:
On 2015-07-15 13:53, David Jones wrote:
I have seen Microsoft Exchange servers use the header From: domain
instead of the envelope-from but this does not follow RFC 4408 spec.
On 15.07.15 15:06, Dave Warren wrote:
This is valid under Sender-ID
On 2015-07-15 13:53, David Jones wrote:
I have seen Microsoft Exchange servers use the header From: domain
instead of the envelope-from but this does not follow RFC 4408 spec.
On 15.07.15 15:06, Dave Warren wrote:
This is valid under Sender-ID, which was Microsoft's attempt at SPF
version 2. I
On Wed, 15 Jul 2015, @lbutlr wrote:
On Jul 15, 2015, at 6:53 PM, Jeremiah Rothschild wrote:
On Wed, Jul 15, 2015 at 07:42:15PM -0500, David B Funk wrote:
On Wed, 15 Jul 2015, Jeremiah Rothschild wrote:
Hello,
I am attempting to trigger SPF_FAIL (or SPF_HELO_FAIL) on a CentOS 6.6 box
runn
Jeremiah Rothschild skrev den 2015-07-16 02:53:
Ah. I didn't realize HELO had to be FQDN. Nice catch, David. Thanks!
http://www.postfix.org/postconf.5.html#smtp_helo_name
if using postfix, if its [127.0.0.1] as helo name postfix will accept
it, but reject 127.0.0.1
> On Jul 15, 2015, at 6:53 PM, Jeremiah Rothschild wrote:
>
> On Wed, Jul 15, 2015 at 07:42:15PM -0500, David B Funk wrote:
>> On Wed, 15 Jul 2015, Jeremiah Rothschild wrote:
>>
>>> Hello,
>>>
>>> I am attempting to trigger SPF_FAIL (or SPF_HELO_FAIL) on a CentOS 6.6 box
>>> running SA 3.3.1-3
On Wed, Jul 15, 2015 at 07:42:15PM -0500, David B Funk wrote:
> On Wed, 15 Jul 2015, Jeremiah Rothschild wrote:
>
> >Hello,
> >
> >I am attempting to trigger SPF_FAIL (or SPF_HELO_FAIL) on a CentOS 6.6 box
> >running SA 3.3.1-3. Upon funneling a message through SA, however, this is
> >what is occu
On Wed, 15 Jul 2015, Jeremiah Rothschild wrote:
Hello,
I am attempting to trigger SPF_FAIL (or SPF_HELO_FAIL) on a CentOS 6.6 box
running SA 3.3.1-3. Upon funneling a message through SA, however, this is
what is occurring:
Jul 15 15:05:10.366 [7318] dbg: spf: checking HELO (helo=1.2.3.4,
ip=5.
On Wed, 15 Jul 2015 15:23:44 -0700
Dave Warren wrote:
> Huh? Last I looked, somewhere near 80% of my legitimate mail flow
> passes SPF. It wouldn't shock me if this has gone higher.
That's not what we see. We see quite a lot of legitimate mail
that either doesn't have SPF in place at all or hit
Hello,
I am attempting to trigger SPF_FAIL (or SPF_HELO_FAIL) on a CentOS 6.6 box
running SA 3.3.1-3. Upon funneling a message through SA, however, this is
what is occurring:
Jul 15 15:05:10.366 [7318] dbg: spf: checking HELO (helo=1.2.3.4,
ip=5.6.7.8)
Jul 15 15:05:10.366 [7318] dbg: spf: cannot
I started writing SA rules about a year ago. Although I am new to this
list, I have been lurking for quite a while. I would like to thank Kevin
McGrail and others for providing rules and tips that inspires me to
write my own custom rules.
Today I wrote a little tool that helps me test my SA ru
On 2015-07-09 15:07, Dianne Skoll wrote:
Just as SPF "pass" is a mild spam indicator nowadays
Huh? Last I looked, somewhere near 80% of my legitimate mail flow passes
SPF. It wouldn't shock me if this has gone higher.
While a lot of spam does too, SPF:PASS alone doesn't really mean
anything
On 2015-07-15 13:53, David Jones wrote:
I have seen Microsoft Exchange servers use the header From: domain
instead of the envelope-from but this does not follow RFC 4408 spec.
This is valid under Sender-ID, which was Microsoft's attempt at SPF
version 2. It has since died a (deserved) death, a
On Wed, 15 Jul 2015, Bill Cole wrote:
[snip..]
SPF is NEVER appropriate for use to check the domain part of the "From:"
header or any other header not KNOWN to be added by a trusted MTA and to
contain the Envelope-From address. For example, many MTAs prepend a
"Return-Path" header when passin
On 15 Jul 2015, at 16:12, Zinski, Steve wrote:
We're starting to see a lot of spam in the 800KB to 1.2MB size range.
I’m running MIMEdefang and it’s configured to skip messages larger
than 100KB (and I hesitate to increase the limit due to performance
issues). I read somewhere that there’s a w
On 7/15/2015 5:21 PM, Bowie Bailey wrote:
On 7/15/2015 4:50 PM, Bill Cole wrote:
On 15 Jul 2015, at 15:52, Bowie Bailey wrote:
I am trying to use whitelist_auth to whitelist emails from
staplesbilling.com. This should work, as they have an SPF record:
$ dig staplesbilling.com txt +short
"v=
Markus,
are you planning to add 'password' and 'database ID' support for redis
connects to RuleTimingRedis?
What's your experience regarding Timing overhead? My simple tests on the
commandlne show about 1 second overhead when RuleTimingRedis is added:
# Without RuleTimingRedis
mail# time spamass
On 7/15/2015 4:50 PM, Bill Cole wrote:
On 15 Jul 2015, at 15:52, Bowie Bailey wrote:
I am trying to use whitelist_auth to whitelist emails from
staplesbilling.com. This should work, as they have an SPF record:
$ dig staplesbilling.com txt +short
"v=spf1 a:hosts.rrdesp.com -all"
$ dig hosts.r
On July 15, 2015 10:38:34 PM Bowie Bailey wrote:
Why doesn't SA check SPF for the From header? Isn't the whole point of
SPF to be able to link the From address to a list of servers allowed to
send mail from that address?
SPF is NOT From: header and have never been it
What you like to have t
On Wed, 15 Jul 2015, David Jones wrote:
From: Bowie Bailey
On 7/15/2015 4:04 PM, Kevin A. McGrail wrote:
Why is it looking for an SPF record for rrdesp.com? That is the
sending server, shouldn't it be using the domain from the From or
Envelope-From instead? This SPF check looks backwards t
On 2015-07-15 20:12 +, Zinski, Steve wrote:
> We're starting to see a lot of spam in the 800KB to 1.2MB size
> range. I’m running MIMEdefang and it’s configured to skip messages
> larger than 100KB (and I hesitate to increase the limit due to
> performance issues). I read somewhere that there’
>From: Bowie Bailey
>On 7/15/2015 4:04 PM, Kevin A. McGrail wrote:
>>> Why is it looking for an SPF record for rrdesp.com? That is the
>>> sending server, shouldn't it be using the domain from the From or
>>> Envelope-From instead? This SPF check looks backwards to me. Am I
>>> missing somethi
On 7/15/2015 4:12 PM, Zinski, Steve wrote:
We're starting to see a lot of spam in the 800KB to 1.2MB size range. I’m
running MIMEdefang and it’s configured to skip messages larger than 100KB (and
I hesitate to increase the limit due to performance issues). I read somewhere
that there’s a way t
On Wed, 15 Jul 2015, Bowie Bailey wrote:
On 7/15/2015 4:04 PM, Kevin A. McGrail wrote:
Why is it looking for an SPF record for rrdesp.com? That is the sending
server, shouldn't it be using the domain from the From or Envelope-From
instead? This SPF check looks backwards to me. Am I missing
On Wed, 15 Jul 2015, Bowie Bailey wrote:
I am trying to use whitelist_auth to whitelist emails from
staplesbilling.com. This should work, as they have an SPF record:
$ dig staplesbilling.com txt +short
"v=spf1 a:hosts.rrdesp.com -all"
$ dig hosts.rrdesp.com a +short
162.27.43.121
162.27.247.1
On 15 Jul 2015, at 15:52, Bowie Bailey wrote:
I am trying to use whitelist_auth to whitelist emails from
staplesbilling.com. This should work, as they have an SPF record:
$ dig staplesbilling.com txt +short
"v=spf1 a:hosts.rrdesp.com -all"
$ dig hosts.rrdesp.com a +short
162.27.43.121
162.27.
On 7/15/2015 4:37 PM, Bowie Bailey wrote:
staplesbilling.com actually uses DKIM, but it always comes up as
invalid by the time SA sees it, so that isn't particularly useful. I
managed to get my MTA to add a Received-SPF header, but SA ignores it
- presumably because the MTA puts it at the botto
On 7/15/2015 4:04 PM, Kevin A. McGrail wrote:
Why is it looking for an SPF record for rrdesp.com? That is the
sending server, shouldn't it be using the domain from the From or
Envelope-From instead? This SPF check looks backwards to me. Am I
missing something?
No, you are on the right path.
We're starting to see a lot of spam in the 800KB to 1.2MB size range. I’m
running MIMEdefang and it’s configured to skip messages larger than 100KB (and
I hesitate to increase the limit due to performance issues). I read somewhere
that there’s a way to have MIMEdefang (or spamassassin) strip out
Why is it looking for an SPF record for rrdesp.com? That is the
sending server, shouldn't it be using the domain from the From or
Envelope-From instead? This SPF check looks backwards to me. Am I
missing something?
No, you are on the right path. SPF checks the envelope not the From:
Header.
I am trying to use whitelist_auth to whitelist emails from
staplesbilling.com. This should work, as they have an SPF record:
$ dig staplesbilling.com txt +short
"v=spf1 a:hosts.rrdesp.com -all"
$ dig hosts.rrdesp.com a +short
162.27.43.121
162.27.247.118
162.27.247.119
162.27.247.120
162.27.247
31 matches
Mail list logo
