On 5/5/10 11:15 AM, [email protected] wrote:
So I think that proves it is using SPF doesnt it? If you´d agree then
my next question is why did it delivery mail with a spoofed email
address of a domain that it is hosted on our mail server? Im using
exim and Im looking at an example of this type of spam and its got
both the return address and from fields showing an email address from
a domain hosted on our mail server :S Thats not what SPF is meant to
do surely?
maybe your internal server is not able to look up public TXT records and
doesn't know your internal domain has them?
from the server in question, test spf via dig, nslookup or host.
host -t txt domain.com
and/or, your spf records are borked.
host -t txt ukgrid.net
ukgrid.net descriptive text "v=spf1 +mx +a:alpha.ukgrid.net -all"
<http://www.kitterman.com/spf/validate.html>
what is a +mx record? what is a +a:alpha.ukgrid.net record?
(I don't know if the + is breaking things, looks optional to me. I
guess I have never seen them formatted like that before)
still: check internal server on internal dns see if it thinks there is
a spf record.
--
Michael Scheidell, CTO
Phone: 561-999-5000, x 1259
> *| *SECNAP Network Security Corporation
* Certified SNORT Integrator
* 2008-9 Hot Company Award Winner, World Executive Alliance
* Five-Star Partner Program 2009, VARBusiness
* Best Anti-Spam Product 2008, Network Products Guide
* King of Spam Filters, SC Magazine 2008
______________________________________________________________________
This email has been scanned and certified safe by SpammerTrap(r).
For Information please see http://www.secnap.com/products/spammertrap/
______________________________________________________________________
