Re: Hints needed for spf rule

2018-10-04 Thread RW
On Thu, 4 Oct 2018 01:29:11 -0400 Adam Katz wrote: > The ptr mechanism in SPF is officially “do not use” right in the spec > ; PTR records aren’t > vetted (any network operator can assign literally any rDNS to their > IPs), so it trivializes forger

Re: Hints needed for spf rule

2018-10-03 Thread Adam Katz
(Please ignore my last message. My phone hit “send” randomly.) On Sep 28, 2018, at 9:48 AM EDT, bOnK wrote: > A better idea might be testing if SPF for a external domain would pass on > your own server. > This is what milter greylist does. > http://hcpnet.free.fr/milter-greylist/ That’s interest

Re: Hints needed for spf rule

2018-10-03 Thread Adam Katz
On Sep 28, 2018, at 9:48 AM, bOnK wrote: A better idea might be testing if SPF for a external domain would pass on your own server. > > This is what milter greylist does. > http://hcpnet.free.fr/milter-greylist/ > > Though probably exceptional, according to the RFC +all *can be* restrictive... >

Re: Hints needed for spf rule

2018-09-28 Thread bOnK
On 24-9-2018 17:13, Adam Katz wrote: These SPF records are all effectively equivalent (the fourth is Sender ID , we'll get to #5 later): v=spf1 +all v=spf1 all v=spf1 all 192.0.2.0/24 v=spf2.0/mfrom +all v=spf1 1.2.3.0/1 128.4.5.0/2 192.6.7.8/3 -all So t

Re: Hints needed for spf rule

2018-09-24 Thread Adam Katz
On 2018-09-22 10:33 am, Kevin A. McGrail wrote: > On 9/22/2018 10:29 AM, Matus UHLAR - fantomas wrote: > >> remove those ?'s: /^v=spf1 .*?all/ and /^v=spf1 .*+all/ > > Updated. I was trying to stop a greedy regex if someone was doing a > weird spf but I am overthinking. These SPF records ar

Re: Hints needed for spf rule

2018-09-22 Thread Kevin A. McGrail
On 9/22/2018 10:29 AM, Matus UHLAR - fantomas wrote: > > remove those ?'s: > > /^v=spf1 .*\?all/ > and > /^v=spf1 .*\+all/ Updated.  I was trying to stop a greedy regex if someone was doing a weird spf but I am overthinking. -- Kevin A. McGrail VP Fundraising, Apache Software Foundation Chair E

Re: Hints needed for spf rule

2018-09-22 Thread Matus UHLAR - fantomas
On 9/22/2018 9:55 AM, RW wrote: /^v=spf1 .+(\?|\+)all$/ I believe [?+] would do the same easy to read, parse and maybe even to process (I have no idea how perl RE optimizer works) .+ should be .* or it wont match 'v=spf1 +all' I would remove the '$' as it doesn't appear do anything usef

Re: Hints needed for spf rule

2018-09-22 Thread Kevin A. McGrail
On 9/22/2018 9:55 AM, RW wrote: > On Sat, 22 Sep 2018 08:48:43 -0400 > Kevin A. McGrail wrote: > >> On 9/19/2018 6:00 AM, Matus UHLAR - fantomas wrote: >>> # SPF THAT DOESN'T REALLY CARE IF EMAIL IS A FORGERY ifplugin Mail::SpamAssassin::Plugin::AskDNS  askdns   JMQ_SPF_NEUTRAL_ALL _SEN

Re: Hints needed for spf rule

2018-09-22 Thread RW
On Sat, 22 Sep 2018 08:48:43 -0400 Kevin A. McGrail wrote: > On 9/19/2018 6:00 AM, Matus UHLAR - fantomas wrote: > > # SPF THAT DOESN'T REALLY CARE IF EMAIL IS A FORGERY > >> ifplugin Mail::SpamAssassin::Plugin::AskDNS > >>  askdns   JMQ_SPF_NEUTRAL_ALL _SENDERDOMAIN_ TXT /^v=spf1 .+\?all$/ > >>

Re: Hints needed for spf rule

2018-09-22 Thread Kevin A. McGrail
On 9/19/2018 6:00 AM, Matus UHLAR - fantomas wrote: > # SPF THAT DOESN'T REALLY CARE IF EMAIL IS A FORGERY >> ifplugin Mail::SpamAssassin::Plugin::AskDNS >>  askdns   JMQ_SPF_NEUTRAL_ALL _SENDERDOMAIN_ TXT /^v=spf1 .+\?all$/ >>  describe JMQ_SPF_NEUTRAL_ALL SPF set to ?all! >>  score    JMQ_SPF_NEU

Re: Hints needed for spf rule

2018-09-19 Thread Matus UHLAR - fantomas
On Tue, Sep 18, 2018 at 12:16 PM Giovanni Bechis wrote: I noticed that Google servers started blocking emails with "suspicious spf records" like for example: "v=spf1 include:musvc.com include:turbo-smtp.com mx a +all". Any idea on how to write a rule to catch something like that ? On 18.09.18

Re: Hints needed for spf rule

2018-09-18 Thread Giovanni Bechis
I forgot about KAM.cf, just grepped in rulesrc and found nothing. Giovanni On 09/18/18 19:01, Kevin A. McGrail wrote: > It's in KAM.cf, I believe: > > # SPF THAT DOESN'T REALLY CARE IF EMAIL IS A FORGERY > ifplugin Mail::SpamAssassin::Plugin::AskDNS >   askdns   JMQ_SPF_NEUTRAL_ALL _SENDERDOMAIN

Re: Hints needed for spf rule

2018-09-18 Thread Kevin A. McGrail
It's in KAM.cf, I believe: # SPF THAT DOESN'T REALLY CARE IF EMAIL IS A FORGERY ifplugin Mail::SpamAssassin::Plugin::AskDNS askdns JMQ_SPF_NEUTRAL_ALL _SENDERDOMAIN_ TXT /^v=spf1 .+\?all$/ describe JMQ_SPF_NEUTRAL_ALL SPF set to ?all! scoreJMQ_SPF_NEUTRAL_ALL 0.5 endif -- Kevin A. McG

Hints needed for spf rule

2018-09-18 Thread Giovanni Bechis
Hi, I noticed that Google servers started blocking emails with "suspicious spf records" like for example: "v=spf1 include:musvc.com include:turbo-smtp.com mx a +all". Any idea on how to write a rule to catch something like that ? Thanks & Cheers Giovanni