Re: Spam eml hangs sa

On Mon, 19 Jun 2017, John Hardin wrote: On Mon, 19 Jun 2017, Reindl Harald wrote: Am 18.06.2017 um 19:56 schrieb John Hardin: > On Sat, 17 Jun 2017, John Hardin wrote: > > > On Fri, 16 Jun 2017, John Hardin wrote: > > > > >On Fri, 16 Jun 2017, John Hardin wrote: > > > > > > > O

Re: Spam eml hangs sa

On Mon, 19 Jun 2017, Reindl Harald wrote: Am 18.06.2017 um 19:56 schrieb John Hardin: On Sat, 17 Jun 2017, John Hardin wrote: > On Fri, 16 Jun 2017, John Hardin wrote: > > > On Fri, 16 Jun 2017, John Hardin wrote: > > > > >On Fri, 16 Jun 2017, Olivier Coutu wrote: > > > > > The p

Re: Spam eml hangs sa

On Mon, 19 Jun 2017, Reindl Harald wrote: Am 18.06.2017 um 19:56 schrieb John Hardin: On Sat, 17 Jun 2017, John Hardin wrote: > On Fri, 16 Jun 2017, John Hardin wrote: > > > On Fri, 16 Jun 2017, John Hardin wrote: > > > > >On Fri, 16 Jun 2017, Olivier Coutu wrote: > > > > > The p

Re: mail slipped by with forged/spoofed from: in our domain

On Mon, 19 Jun 2017 15:27:36 -0400 Robert Kudyba wrote: > > The biggest issue I see is the SPF approval: > > ARC‐Authentication‐Results: i=1; mx.google.com; > > > >spf=pass (google.com: best guess record for domain of > > le...@cis.fordham.edu designates > >

Re: mail slipped by with forged/spoofed from: in our domain

> I don't believe sendmail has any default setting for rejecting HELO names. > You should probably add "localdomain" to your access table. > Yep been like this for years: # By default we allow relaying from localhost... Connect:localhost.localdomain RELAY Connect:localhost

Re: mail slipped by with forged/spoofed from: in our domain

> On Jun 19, 2017, at 4:02 PM, Kevin A. McGrail > wrote: > > On 6/19/2017 3:27 PM, Robert Kudyba wrote: >> >> Well this user has his sendmail account from our subdomain forward to his >> university Gmail account so that’s where the SPF kicks in. But how come >> those first IPs in the mail he

Re: mail slipped by with forged/spoofed from: in our domain

On 6/19/2017 1:54 PM, Robert Kudyba wrote: > We use sendmail-8.15.2-8.fc25 on Fedora 25 > with spamassassin-3.4.1-9. Can anyone explain how this email got > through with a forged from: address? https://pastebin.com/L7NKCK3E > > The 1st received IP is not on any real time blacklist as of this > mome

Re: mail slipped by with forged/spoofed from: in our domain

On 6/19/2017 3:27 PM, Robert Kudyba wrote: Well this user has his sendmail account from our subdomain forward to his university Gmail account so that’s where the SPF kicks in. But how come those first IPs in the mail header pass? I don't know, it's hard to tell with a forwarded email.

Re: mail slipped by with forged/spoofed from: in our domain

> The biggest issue I see is the SPF approval: > ARC‐Authentication‐Results: i=1; mx.google.com; > >spf=pass (google.com: best guess record for domain of > le...@cis.fordham.edu designates 150.108.68.26 > as permitted sender) > > Perhaps a compromised accou

Re: mail slipped by with forged/spoofed from: in our domain

On 6/19/2017 2:54 PM, Robert Kudyba wrote: We use sendmail-8.15.2-8.fc25 on Fedora 25 with spamassassin-3.4.1-9. Can anyone explain how this email got through with a forged from: address? https://pastebin.com/L7NKCK3E The 1st received IP is not on any real time blacklist as of this moment: Re

mail slipped by with forged/spoofed from: in our domain

We use sendmail-8.15.2-8.fc25 on Fedora 25 with spamassassin-3.4.1-9. Can anyone explain how this email got through with a forged from: address? https://pastebin.com/L7NKCK3E The 1st received IP is not on any real time blacklist as of this moment: Received: from