On Thu, 12 Nov 2020 12:34:25 +0100
Matus UHLAR - fantomas wrote:
> >On Wed, 11 Nov 2020 17:01:21 +0100
> >
> >> On 11.11.20 15:41, RW wrote:
> On 11.11.20 19:06, RW wrote:
> >These two cases share the same "authenticated" primary reputation:
> >
> > Return-path: c...@example.com
> > From: c
On Wed, 11 Nov 2020 17:01:21 +0100
On 11.11.20 15:41, RW wrote:
>Note that without a DKIM pass, SPF is easily spoofed in TxRep.
is it? how does that work then?
It's implicit in the next bit.
>DKIM reputations are identified by a combination of header from
>address and signing domain. SPF pa
On Wed, 11 Nov 2020 17:01:21 +0100
> On 11.11.20 15:41, RW wrote:
> >Note that without a DKIM pass, SPF is easily spoofed in TxRep.
>
> is it? how does that work then?
It's implicit in the next bit.
> >DKIM reputations are identified by a combination of header from
> >address and signing doma
Matus UHLAR - fantomas skrev den 2020-11-11 17:01:
Martin Gregorie skrev den 2020-11-11 11:02:
On Wed, 2020-11-11 at 09:52 +0100, Tobi wrote:
On 11.11.20 15:41, RW wrote:
Note that without a DKIM pass, SPF is easily spoofed in TxRep.
is it? how does that work then?
On 11.11.20 17:20, Ben
Matus UHLAR - fantomas skrev den 2020-11-11 17:01:
Martin Gregorie skrev den 2020-11-11 11:02:
> On Wed, 2020-11-11 at 09:52 +0100, Tobi wrote:
On 11.11.20 15:41, RW wrote:
Note that without a DKIM pass, SPF is easily spoofed in TxRep.
is it? how does that work then?
signedby tracking in
Martin Gregorie skrev den 2020-11-11 11:02:
> On Wed, 2020-11-11 at 09:52 +0100, Tobi wrote:
> I suppose some may find it useful to datestamp entries with the last
> time mail was sent to them and remove any addresses that haven't
> been sent mail for 'x' days/weeks/months/years but I've never
>
On Wed, 11 Nov 2020 11:14:05 +0100
Benny Pedersen wrote:
> Martin Gregorie skrev den 2020-11-11 11:02:
> > On Wed, 2020-11-11 at 09:52 +0100, Tobi wrote:
>
> > I suppose some may find it useful to datestamp entries with the last
> > time mail was sent to them and remove any addresses that haven
Martin Gregorie skrev den 2020-11-11 11:02:
On Wed, 2020-11-11 at 09:52 +0100, Tobi wrote:
I suppose some may find it useful to datestamp entries with the last
time mail was sent to them and remove any addresses that haven't been
sent mail for 'x' days/weeks/months/years but I've never needed
On Wed, 2020-11-11 at 09:52 +0100, Tobi wrote:
> > If I only had a ready-made list of those important domains.
>
> If you filter for customer domains then maybe (depending the customer
> domain) adding the customer domain to spf checks is worth a look too.
>
That's easy: keep a database of addres
> If I only had a ready-made list of those important domains.
If you filter for customer domains then maybe (depending the customer
domain) adding the customer domain to spf checks is worth a look too.
On 11/11/20 6:29 AM, Victor Sudakov wrote:
> John Hardin wrote:
>>
>>> Moreover, after reading
John Hardin wrote:
>
> > Moreover, after reading other replies in the thread, I am even begining to
> > doubt the wizdom of rejecting hard SPF fails in the MTA (which I do in
> > some installations).
>
> "it depends".
>
> Doing that for certain domains - like, large banks - would probably be a
>
On Thu, 5 Nov 2020, Victor Sudakov wrote:
Moreover, after reading other replies in the thread, I am even begining to
doubt the wizdom of rejecting hard SPF fails in the MTA (which I do in
some installations).
"it depends".
Doing that for certain domains - like, large banks - would probably be
Matus UHLAR - fantomas wrote:
> > > Victor Sudakov skrev den 2020-11-04 15:47:
> > >
> > > > 0.0 SPF_FAIL SPF: sender does not match SPF record (fail)
>
> > Benny Pedersen wrote: feel free to add into local.cf
> > > score SPF_FAIL (5)
On 5 Nov 2020, at 5:52, Benny Pedersen wrote:
Bill Cole skrev den 2020-11-05 04:22:
On 4 Nov 2020, at 20:42, Benny Pedersen wrote:
Bill Cole skrev den 2020-11-05 00:21:
1. Incorrect SPF records are not rare. Even '-all' records with
some
permitted IPs.
envelope sender changes on nexthop
Bill Cole skrev den 2020-11-05 04:22:
On 4 Nov 2020, at 20:42, Benny Pedersen wrote:
Bill Cole skrev den 2020-11-05 00:21:
1. Incorrect SPF records are not rare. Even '-all' records with some
permitted IPs.
envelope sender changes on nexthop
Irrelevant to the problem cited, which is simpl
Victor Sudakov skrev den 2020-11-04 15:47:
> 0.0 SPF_FAIL SPF: sender does not match SPF record (fail)
Benny Pedersen wrote: feel free to add into local.cf
score SPF_FAIL (5) (5) (5) (5)
this will add 5 points to default score
On 05.11.20 18:54, Victor Sudakov wrote:
On 05/11/2020 21:54, Victor Sudakov wrote:
> An SPF fail is by no means a sure sign of spam. It can be some indicator
> of spamicity (as I thought), but not a decisive sign thereof.
SPF was never designed to be anti-spam, although on face value it does
have that ability given that spammers impers
RW wrote:
>
> Please don't hijack existing threads.
Oh, sorry about that.
--
Victor Sudakov, VAS4-RIPE, VAS47-RIPN
2:5005/49@fidonet http://vas.tomsk.ru/
Benny Pedersen wrote:
> Victor Sudakov skrev den 2020-11-04 15:47:
>
> > 0.0 SPF_FAIL SPF: sender does not match SPF record (fail)
>
> feel free to add into local.cf
>
> score SPF_FAIL (5) (5) (5) (5)
>
> this will add 5 points to default score
I
Bill Cole skrev den 2020-11-05 04:22:
On 4 Nov 2020, at 20:42, Benny Pedersen wrote:
Bill Cole skrev den 2020-11-05 00:21:
1. Incorrect SPF records are not rare. Even '-all' records with some
permitted IPs.
envelope sender changes on nexthop
Irrelevant to the problem cited, which is simpl
many thanks for read only accounts :/
Original besked
Emne: Re: SPF_FAIL
Dato: 2020-11-05 09:05
Afsender: "Reindl Harald (privat)"
Modtager: Benny Pedersen , users@spamassassin.apache.org
Am 05.11.20 um 02:42 schrieb Benny Pedersen:
Bill Cole skrev den 2020-1
On 4 Nov 2020, at 20:42, Benny Pedersen wrote:
Bill Cole skrev den 2020-11-05 00:21:
1. Incorrect SPF records are not rare. Even '-all' records with some
permitted IPs.
envelope sender changes on nexthop
Irrelevant to the problem cited, which is simply incorrect records that
fail to list
Bill Cole skrev den 2020-11-05 00:21:
1. Incorrect SPF records are not rare. Even '-all' records with some
permitted IPs.
envelope sender changes on nexthop
2. Traditional (/etc/aliases, ~/.forward, etc.) transparent forwarding
breaks SPF.
envelope sender changes on nexthop
nothing is rea
On 4 Nov 2020, at 9:47, Victor Sudakov wrote:
> Dear Colleagues,
>
> Why does SpamAssassin (Debian 10, SpamAssassin 3.4.2) not count an SPF
> check fail as a symptom of spam? That's what I see in the spam report:
>
> 0.0 SPF_FAIL SPF: sender does not match S
Please don't hijack existing threads.
On Wed, 4 Nov 2020 21:47:34 +0700
Victor Sudakov wrote:
> Dear Colleagues,
>
> Why does SpamAssassin (Debian 10, SpamAssassin 3.4.2) not count an SPF
> check fail as a symptom of spam? That's what I see in the spam
>
Victor Sudakov skrev den 2020-11-04 15:47:
0.0 SPF_FAIL SPF: sender does not match SPF record (fail)
feel free to add into local.cf
score SPF_FAIL (5) (5) (5) (5)
this will add 5 points to default score
i just think default score is made for spamass milter users with do
Dear Colleagues,
Why does SpamAssassin (Debian 10, SpamAssassin 3.4.2) not count an SPF
check fail as a symptom of spam? That's what I see in the spam report:
0.0 SPF_FAIL SPF: sender does not match SPF record (fail)
No spam points for an SPF fail? And it's even a ha
David B Funk wrote:
> Kind'a hard to add TXT records to the .in-addr.arpa zone. Maybe it's
> possible
> but I've never seen it.
It's entirely possible to put any type of record in a .in-addr.arpa
zone. It doesn't often make much *sense*, but it's legal syntax; a DNS
zone is a DNS zone.
-kgd, th
On Wed, 15 Jul 2015, @lbutlr wrote:
On Jul 15, 2015, at 6:53 PM, Jeremiah Rothschild wrote:
On Wed, Jul 15, 2015 at 07:42:15PM -0500, David B Funk wrote:
On Wed, 15 Jul 2015, Jeremiah Rothschild wrote:
Hello,
I am attempting to trigger SPF_FAIL (or SPF_HELO_FAIL) on a CentOS 6.6 box
Jeremiah Rothschild skrev den 2015-07-16 02:53:
Ah. I didn't realize HELO had to be FQDN. Nice catch, David. Thanks!
http://www.postfix.org/postconf.5.html#smtp_helo_name
if using postfix, if its [127.0.0.1] as helo name postfix will accept
it, but reject 127.0.0.1
> On Jul 15, 2015, at 6:53 PM, Jeremiah Rothschild wrote:
>
> On Wed, Jul 15, 2015 at 07:42:15PM -0500, David B Funk wrote:
>> On Wed, 15 Jul 2015, Jeremiah Rothschild wrote:
>>
>>> Hello,
>>>
>>> I am attempting to trigger SPF_FAIL (or SPF_HEL
On Wed, Jul 15, 2015 at 07:42:15PM -0500, David B Funk wrote:
> On Wed, 15 Jul 2015, Jeremiah Rothschild wrote:
>
> >Hello,
> >
> >I am attempting to trigger SPF_FAIL (or SPF_HELO_FAIL) on a CentOS 6.6 box
> >running SA 3.3.1-3. Upon funneling a message through S
On Wed, 15 Jul 2015, Jeremiah Rothschild wrote:
Hello,
I am attempting to trigger SPF_FAIL (or SPF_HELO_FAIL) on a CentOS 6.6 box
running SA 3.3.1-3. Upon funneling a message through SA, however, this is
what is occurring:
Jul 15 15:05:10.366 [7318] dbg: spf: checking HELO (helo=1.2.3.4,
ip
Hello,
I am attempting to trigger SPF_FAIL (or SPF_HELO_FAIL) on a CentOS 6.6 box
running SA 3.3.1-3. Upon funneling a message through SA, however, this is
what is occurring:
Jul 15 15:05:10.366 [7318] dbg: spf: checking HELO (helo=1.2.3.4,
ip=5.6.7.8)
Jul 15 15:05:10.366 [7318] dbg: spf
On 2014-01-15 09:36, hospice admin wrote:
Hi Team,
I was wondering what folks were doing with SPF_FAIL , TO_EQ_FM_SPF_FAIL and
TO_EQ_FM_DOM_SPF_FAIL these days?
I personally have never seen an FP with any, but understand from the reading
I've done that some people do.
My approac
On 1/15/2014 12:36 PM, hospice admin wrote:
Hi Team,
I was wondering what folks were doing with SPF_FAIL , TO_EQ_FM_SPF_FAIL and
TO_EQ_FM_DOM_SPF_FAIL these days?
For our (small) site, we drop on SPF_FAIL at SMTP time using
python-policyd-spf, with a whitelist to bypass the check for
Hi Team,
I was wondering what folks were doing with SPF_FAIL , TO_EQ_FM_SPF_FAIL and
TO_EQ_FM_DOM_SPF_FAIL these days?
I personally have never seen an FP with any, but understand from the reading
I've done that some people do.
My approach has always been to combine with DCC/Pyzor/
On Wed, 20 Jun 2012 18:38:49 +0200
Flemming Jacobsen wrote:
> RW wrote:
> > On Wed, 20 Jun 2012 11:33:49 +0200 Per Jessen wrote:
> > > RW wrote:
> > > > What I mean is that if I whitelist a private email address, the
> > > > chances of a spammer ever sending me a spam spoofing that
> > > > address
Den 2012-06-20 18:38, Flemming Jacobsen skrev:
Because you use email to send yourself reminder notes or small
files. I have addresses on several distinct systems (private,
work, google, user group, ...).
And I whitelist them because I do not want mail to get lost.
with shared imap folders noth
RW wrote:
> On Wed, 20 Jun 2012 11:33:49 +0200 Per Jessen wrote:
> > RW wrote:
> > > What I mean is that if I whitelist a private email address, the
> > > chances of a spammer ever sending me a spam spoofing that address is
> > > very small.
> >
> > Happened to me twice only yesterday - somebody s
Den 2012-06-20 14:05, Greg Troxel skrev:
That way I could do:
whitelist_from -5 f...@yahoo.com
AWL plugin basicly could be extended to use dkim/spf and more bound to
whitelist_* so the awl score is more live calculated, with default awl
its bound to 0.0.x.x/16 but it could be changed to /
On Wed, 20 Jun 2012 11:22:08 +0200
Per Jessen wrote:
> RW wrote:
> > Not if someone sends an email through a different mail system,
>
> I think that is what "whitelist_allows_relays" is intended to take
> care of.
If it made a difference to the case I was referring to then it would
effectivel
On 6/20/2012 8:05 AM, Greg Troxel wrote:
I would like to see...
As an open source project, we encourage people to submit patches and
step up to coding on the project.
You can really start small with one line patches and I'll do my best to
support you.
Regards,
KAM
My suggestion was intended to minimize the effect on existing
behavior. I agree, it would probably be a very good idea to allow
whitelist_from to be scored differently than the other whitelist
variants, and to ship it with a smaller default score, but that change
is fairly disruptive.
I
On Wed, 20 Jun 2012 11:33:49 +0200
Per Jessen wrote:
> RW wrote:
>
> > On Wed, 20 Jun 2012 03:25:53 +0200
> > Benny Pedersen wrote:
> >
> >> Den 2012-06-20 03:09, RW skrev:
> >>
> >> > The overwhelming majority of email addresses are never spoofed.
> >
> >> seen from my mta logs off sender add
RW wrote:
> On Wed, 20 Jun 2012 03:25:53 +0200
> Benny Pedersen wrote:
>
>> Den 2012-06-20 03:09, RW skrev:
>>
>> > The overwhelming majority of email addresses are never spoofed.
>
>> seen from my mta logs off sender addresses that miss the smtp auth
>> password here postfix dont agree with yo
RW wrote:
> On Tue, 19 Jun 2012 19:14:11 -0400
> Jeff Mincy wrote:
>
>>From: RW
>>Date: Tue, 19 Jun 2012 23:43:57 +0100
>
>>If used sensibly USER_IN_WHITELIST is probably the most reliable
>> rule we have, for the overwhelming majority of addresses it's far
>> more accurate than spf
John Hardin wrote:
> On Tue, 19 Jun 2012, Benny Pedersen wrote:
>
>> Den 2012-06-19 22:39, Kevin A. McGrail skrev:
>>
>>> I think that's the concept behind the whitelist_from_spf
>>
>> but some use whitelist_from, its nothing new there :=)
>>
>> can user_in_whitelist be changed to not have -100
On Wed, 20 Jun 2012 03:25:53 +0200
Benny Pedersen wrote:
> Den 2012-06-20 03:09, RW skrev:
>
> > The overwhelming majority of email addresses are never spoofed.
> seen from my mta logs off sender addresses that miss the smtp auth
> password here postfix dont agree with you, if sender uses somet
Den 2012-06-20 03:09, RW skrev:
The overwhelming majority of email addresses are never spoofed.
seen from my mta logs off sender addresses that miss the smtp auth
password here postfix dont agree with you, if sender uses something
belongs to my domain i may start asking for passwords, this c
On Tue, 19 Jun 2012 19:14:11 -0400
Jeff Mincy wrote:
>From: RW
>Date: Tue, 19 Jun 2012 23:43:57 +0100
>If used sensibly USER_IN_WHITELIST is probably the most reliable
> rule we have, for the overwhelming majority of addresses it's far
> more accurate than spf based whitelisting. It'
On Tue, 19 Jun 2012, Flemming Jacobsen wrote:
I finally got around to enabling SPF checks in SA.
(v. 3.3.2, via spamd on FreeBSD)
It appears that even though SPF checks fail (i.e. SPF_FAIL),
USER_IN_WHITELIST still adds -100 points to the score.
Since the sender probably is spoofed, should
On Tue, 19 Jun 2012, Jeff Mincy wrote:
From: John Hardin
I'd suggest instead a lint warning if it is used, alerting the admin that
it's discouraged and that it has problems like this and is very easy to
spoof.
How about creating a different score for whitelist_from that is
separate fr
From: RW
Date: Tue, 19 Jun 2012 23:43:57 +0100
On Tue, 19 Jun 2012 18:02:28 -0400
Jeff Mincy wrote:
>From: John Hardin
>Date: Tue, 19 Jun 2012 14:44:29 -0700 (PDT)
>
>On Tue, 19 Jun 2012, Benny Pedersen wrote:
>
>> Den 2012-06-19 22:39
On Tue, 19 Jun 2012 18:02:28 -0400
Jeff Mincy wrote:
>From: John Hardin
>Date: Tue, 19 Jun 2012 14:44:29 -0700 (PDT)
>
>On Tue, 19 Jun 2012, Benny Pedersen wrote:
>
>> Den 2012-06-19 22:39, Kevin A. McGrail skrev:
>>
>>> I think that's the concept behind the white
From: John Hardin
Date: Tue, 19 Jun 2012 14:44:29 -0700 (PDT)
On Tue, 19 Jun 2012, Benny Pedersen wrote:
> Den 2012-06-19 22:39, Kevin A. McGrail skrev:
>
>> I think that's the concept behind the whitelist_from_spf
>
> but some use whitelist_from, its nothing new t
SECURE_SPF (USER_IN_WHITELIST && SPF_FAIL)
score WHITELIST_INSECURE_SPF 50
but since Flemming did not provide an sample there might be other
options, eg why accept spf_fail in mta ?
On Tue, 19 Jun 2012, Benny Pedersen wrote:
Den 2012-06-19 22:39, Kevin A. McGrail skrev:
I think that's the concept behind the whitelist_from_spf
but some use whitelist_from, its nothing new there :=)
can user_in_whitelist be changed to not have -100 as default score, or is
whitelist_from
On 06/19/2012 11:34 PM, Benny Pedersen wrote:
Den 2012-06-19 22:39, Kevin A. McGrail skrev:
I think that's the concept behind the whitelist_from_spf
but some use whitelist_from, its nothing new there :=)
can user_in_whitelist be changed to not have -100 as default score, or
is whitelist_from
Den 2012-06-19 22:39, Kevin A. McGrail skrev:
I think that's the concept behind the whitelist_from_spf
but some use whitelist_from, its nothing new there :=)
can user_in_whitelist be changed to not have -100 as default score, or
is whitelist_from planned for removements ?
Den 2012-06-19 22:21, Flemming Jacobsen skrev:
It appears that even though SPF checks fail (i.e. SPF_FAIL),
USER_IN_WHITELIST still adds -100 points to the score.
Since the sender probably is spoofed, should USER_IN_WHITELIST
not be ignored/neutral (not sure of the terminology here)?
nope
On 6/19/2012 4:21 PM, Flemming Jacobsen wrote:
Hey
I finally got around to enabling SPF checks in SA.
(v. 3.3.2, via spamd on FreeBSD)
It appears that even though SPF checks fail (i.e. SPF_FAIL),
USER_IN_WHITELIST still adds -100 points to the score.
Since the sender probably is spoofed
Hey
I finally got around to enabling SPF checks in SA.
(v. 3.3.2, via spamd on FreeBSD)
It appears that even though SPF checks fail (i.e. SPF_FAIL),
USER_IN_WHITELIST still adds -100 points to the score.
Since the sender probably is spoofed, should USER_IN_WHITELIST
not be ignored/neutral (not
On Thu, 2012-03-22 at 13:55 +, Martin Gregorie wrote:
> YMMV of course, but it worked for me: when I put up an SPF record
> backscatter, which had been a problem at the time, was dramatically
> reduced.
>
> Now I don't see any backscatter except for the occasional 'mailbox full'
> or 'out o
Den 2012-03-22 15:05, David F. Skoll skrev:
Hmm... OK. I may have been hasty. Assuming that the large providers
like Google, Hotmail, and Yahoo reject SPF-failing mail during the
SMTP
transaction, I can see it making a measurable difference.
are you saying yahoo using spf test, but not pro
On 3/22/2012 4:19 AM, Martin Gregorie wrote:
The only sensible use of SPF is to prevent backscatter. This seems to
work well now that most domains are running SPF-aware MTAs. I don't
use SPF for spam detection and can't see any benefit from doing so.
Martin
What site competent enough to use
On Thu, 22 Mar 2012 10:09:22 -0400
Michael Scheidell wrote:
> like ip/dns that is not 'round trip' consistent :-)
> host colo3.roaringpenguin.com
> colo3.roaringpenguin.com has address 70.38.112.54
> host 70.38.112.54
> 54.112.38.70.in-addr.arpa domain name pointer roaringpenguin.com
There's
On 3/22/12 10:05 AM, David F. Skoll wrote:
On Thu, 22 Mar 2012 13:55:50 +
Martin Gregorie wrote:
Disagreed. I don't believe SPF has cut backscatter down by
more than a few percentage points.
YMMV of course, but it worked for me: when I put up an SPF record
backscatter, which had been a p
On Thu, 22 Mar 2012 13:55:50 +
Martin Gregorie wrote:
> > Disagreed. I don't believe SPF has cut backscatter down by
> > more than a few percentage points.
> YMMV of course, but it worked for me: when I put up an SPF record
> backscatter, which had been a problem at the time, was dramatical
On Thu, 2012-03-22 at 07:45 -0400, David F. Skoll wrote:
> Disagreed. I don't believe SPF has cut backscatter down by
> more than a few percentage points.
>
YMMV of course, but it worked for me: when I put up an SPF record
backscatter, which had been a problem at the time, was dramatically
reduce
"David F. Skoll" wrote:
>On Thu, 22 Mar 2012 11:19:04 +
>Martin Gregorie wrote:
>
>> The only sensible use of SPF is to prevent backscatter.
>
>Agreed.
For the record, I am not promoting spf_none. I am simply answering questions
and letting the admin make the choice.
>There is such an
Martin Gregorie wrote:
> On Thu, 2012-03-22 at 10:26 +0100, Matus UHLAR - fantomas wrote:
The Domain in the From in the envelope, ameriton.com, doesn't publish an
SPF Record:
>>
>> On 21.03.12 23:00, Piotr Kloc wrote:
>>> I know that and I wanted to add some more score when there is no S
On Thu, 22 Mar 2012 11:19:04 +
Martin Gregorie wrote:
> The only sensible use of SPF is to prevent backscatter.
Agreed.
> This seems to work well now that most domains are running SPF-aware
> MTAs.
Disagreed. I don't believe SPF has cut backscatter down by
more than a few percentage point
I committed score 0. I posted score 1 for the example requested.
Regards,
KAM
Michael Scheidell wrote:
>> I'm going to add this to the default rules with a score 0 so you can
>> then just give it a score you want.
>> header SPF_NONEeval:check_for_spf_none()
>> describeSPF
On Thu, 2012-03-22 at 10:26 +0100, Matus UHLAR - fantomas wrote:
> >> The Domain in the From in the envelope, ameriton.com, doesn't publish an
> >> SPF Record:
>
> On 21.03.12 23:00, Piotr Kloc wrote:
> >I know that and I wanted to add some more score when there is no SPF record
> >its possible t
The Domain in the From in the envelope, ameriton.com, doesn't publish an SPF
Record:
On 21.03.12 23:00, Piotr Kloc wrote:
I know that and I wanted to add some more score when there is no SPF record
its possible to do this with Spamassassin ?
the SPF can only give results (as FAIL, PASS, SOFT
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I would be careful about giving points to a non spf enabled site.
My experience is that phishingattempts usually comes from stolen
legitimate accounts on sites with spf enabled.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)
Comment
On 3/21/12 6:19 PM, Kevin A. McGrail wrote:
I know that and I wanted to add some more score when there is no SPF
record
its possible to do this with Spamassassin ?
I'm not aware of a "no spf record rule" but the underlying plugin
looks to support what you want. I think you might find that t
I'm going to add this to the default rules with a score 0 so you can
then just give it a score you want.
I also added spf_helo_none
svn commit -m 'Added a default rule for SPF_NONE that is disabled with
Score 0 for administrators to activate'
Sendingrules/25_spf.cf
Sendingru
I know that and I wanted to add some more score when there is no SPF
record
its possible to do this with Spamassassin ?
I'm not aware of a "no spf record rule" but the underlying plugin looks
to support what you want. I think you might find that to be a poorly
performing rule except in meta
Den 2012-03-21 23:00, Piotr Kloc skrev:
The Domain in the From in the envelope, ameriton.com, doesn't
publish an SPF Record:
I know that and I wanted to add some more score when there is no SPF
record
its possible to do this with Spamassassin ?
meta NO_SPF_ON_SENDER_DOMAIN (!SPF_PASS || !SP
> The Domain in the From in the envelope, ameriton.com, doesn't publish an SPF
> Record:
>
I know that and I wanted to add some more score when there is no SPF record
its possible to do this with Spamassassin ?
Piotr
On 3/21/2012 5:48 PM, Piotr Kloc wrote:
Hello !
I have question why Spamassasssin doesnt add the header SPF_FAIL in
X-Spam-Status ?
s61:~# cat sa.log |grep -i spf
mar 21 22:42:40.285 [20073] dbg: config: read file
/usr/share/spamassassin/25_spf.cf
mar 21 22:42:40.287 [20073] dbg: config
,RCVD_IN_RP_RNBL,RCVD_IN_SORBS_DUL,RDNS_DYNAMIC,
TO_EQ_FM_HTML_ONLY,UNPARSEABLE_RELAY autolearn=no version=3.3.2
X-Spam-Level:
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06)
after checking it with command spamassassin -D < /home/admin/test.eml
there is no SPF_FAIL
Thank You
Hello !
I have question why Spamassasssin doesnt add the header SPF_FAIL in
X-Spam-Status ?
s61:~# cat sa.log |grep -i spf
mar 21 22:42:40.285 [20073] dbg: config: read file
/usr/share/spamassassin/25_spf.cf
mar 21 22:42:40.287 [20073] dbg: config: read file
/usr/share/spamassassin
On søn 18 apr 2010 00:55:12 CEST, John Hardin wrote
Checked into my sandbox as __SPF_FULL_PASS
It should appear on ruleqa in a couple of days.
super, i have more rule but will wait with them
--
xpoint http://www.unicom.com/pw/reply-to-harmful.html
On Sat, 17 Apr 2010, Benny Pedersen wrote:
meta SPF_FULL_PASS (SPF_PASS && SPF_HELO_PASS)
if one of the corpus maintainers like to add it into there rule set, then
please do, John ?
Checked into my sandbox as __SPF_FULL_PASS
It should appear on ruleqa in a couple of days.
--
John Hardin K
On tir 13 apr 2010 16:57:26 CEST, Patrick Schmidt wrote
Do SPF_FAIL hit, because of SPF_HELO_FAIL or the existing SPF record of
mail.isrigb.co.uk ?
i have seen SPF_PASS with a SPF_HELO_FAIL
meta SPF_FULL_PASS (SPF_PASS && SPF_HELO_PASS)
describe SPF_FULL_PASS Meta: both spf test
Hello RW,Hi Mark,
thanks for your time.
SPF_HELO_FAIL and SPF_FAIL both hit!
Do SPF_FAIL hit, because of SPF_HELO_FAIL or the existing SPF record of
mail.isrigb.co.uk ?
RW schrieb:
> On Tue, 13 Apr 2010 14:36:12 +0200
> Mark Martinec wrote:
>
>> Patrick,
>>
>>
pf1 mx -all" does not include "a:mail.isrigb.co.uk".
But shouldn't that be a SPF_HELO_FAIL rather than an SPF_FAIL
Patrick,
> i could use some help to understand a failed SPF check ..
> SPF record for Domain isrigb.co.uk is "v=spf1 mx a:mail.isrigb.co.uk -all"
Irrelevant. The SPF record in question is:
$ host -t txt mail.isrigb.co.uk
mail.isrigb.co.uk descriptive text "v=spf1 mx -all"
> mail was send from
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hello
i could use some help to understand a failed SPF check ..
SPF record for Domain isrigb.co.uk is "v=spf1 mx a:mail.isrigb.co.uk -all"
mail was send from 82.70.121.82, which points to mail.isrigb.co.uk, and
FAILED?
Debug Log.. http://pastebin.c
't be external :/
That's the internal/private host which sends the mail and generates
the SPF_FAIL. There is no reason/way to make it external.
>> result is SPF_NEUTRAL now as I added 192.168.0.0 net to SPF
>> entry)
>
> non route ip range makes no sense in spf
... but seems to be the easiest way to prevent the false
SPF_FAIL...
Enrico
On Thu, March 27, 2008 11:28, Enrico Scholz wrote:
> "Benny Pedersen" <[EMAIL PROTECTED]> writes:
>
>> spamassassin 2>&1 -D spf -t /tmp/msg > /tmp/msg.spf.debug
>>
>> post the debug file
>
> https://www.cvg.de/people/ensc/spf_fail.txt
info: generic: trusted_networks doesn't contain msa_networks e
"Benny Pedersen" <[EMAIL PROTECTED]> writes:
> spamassassin 2>&1 -D spf -t /tmp/msg > /tmp/msg.spf.debug
>
> post the debug file
https://www.cvg.de/people/ensc/spf_fail.txt
(full debug with configuration of
| $ sed '/^\(#.*\)\?$/d' ~/.spamassassin/user_prefs
| internal_networks 62.153.82.
On Wed, March 26, 2008 09:24, Enrico Scholz wrote:
> | msa_networks192.168.0.0/16
spamassassin 2>&1 -D spf -t /tmp/msg > /tmp/msg.spf.debug
post the debug file
/tmp/msg is a email where it happends
Benny Pedersen
Need more webspace ? http://www.servage.net/?coupon=cust37098
"Benny Pedersen" <[EMAIL PROTECTED]> writes:
>>>> I have a problem that mails from internal (private) IPs generate
>>>> SPF_FAIL hits. E.g. my configuration is
>>>> | internal_networks 62.153.82.30
>>>> | internal_networks
On Tue, March 25, 2008 10:40, Enrico Scholz wrote:
> "Benny Pedersen" <[EMAIL PROTECTED]> writes:
>>> I have a problem that mails from internal (private) IPs generate
>>> SPF_FAIL hits. E.g. my configuration is
>>> | internal_networks 62.153.8
> An SPF_PASS is pretty worthless
But awfully handy for whitelist_from_spf.
--
Dave Pooser
Cat-Herder-in-Chief, Pooserville.com
Matus UHLAR - fantomas <[EMAIL PROTECTED]> writes:
> I mean, is SPF usefull for a domain, when some hosts (even
> not trusted) can send you mail from that domain, without
> authentication?
Why not? Senders from this domain are allowed from a certain IP
only. Everything else shoul
1 - 100 of 150 matches
Mail list logo
