Le lundi 12 septembre 2011 00:35, Dave Funk a écrit : > On Sun, 11 Sep 2011, Martin Gregorie wrote: > > On Sun, 2011-09-11 at 13:47 -0700, rutra80 wrote: > >> Hello, lately I receive spam which looks like coming from my domain, > >> sometimes it is spoofed like coming from accounts that don't exist, and > >> sometimes from the ones that really do. The only SA rule that it > >> triggers is Bayesian one, with nearly 100% probability - it assigns 3.5 > >> points, but my rejection limit is set to 4.5 and I'm not eager to lower > >> it. What would be the most elegant and technically correct way to get > >> rid of the problem? > > > > Some spammer is forging your host name as sender and randomly generating > > user names. > > > > Set up an SPF record for your domain and make sure its valid by testing > > it with a validation tool. > > > > SPF references > > ============== > > <http://www.openspf.org> provides an overview, documentation and SPF > > record builder wizards. > > > > <http://www.kitterman.com/spf/validate.html> has test tools to validate > > your SPF record after its built and again when it has been installed. > > However a simple SPF fail doesn't score many points. To deal with the > exact same issue I added a custom local rule (a __rule so it doesn't > score points) that looks for our domain name in the From and combined > that with SPF_FAIL in a meta that really whacks the score. > > IE, in general it's not safe to use SPF_FAIL as a one-shot-kill but > when restricted to our domain I can trust it.
to say a little something
run openspf software on my host
and I'm having weird problems in the mail
Return-Path: <emilien.arino@no****a.fr>
X-Original-To: m...@smtp.fakessh.eu
Delivered-To: fake...@localhost.r13151.ovh.net
Received: from r13151.ovh.net (localhost.localdomain [127.0.0.1])
by r13151.ovh.net (Postfix) with ESMTP id E8CECCC187
for <m...@smtp.fakessh.eu>; Tue, 6 Sep 2011 14:11:50 +0200 (CEST)
X-SenderID: Sendmail Sender-ID Filter v1.0.0 r13151.ovh.net E8CECCC187
Authentication-Results: r13151.ovh.net; sender-id=fail (NotPermitted)
header.from=emilien.arino@n***rea.fr; spf=fail (NotPermitted)
smtp.mfrom=emilien.arino@no****a.fr
Received: from localhost (localhost.localdomain [127.0.0.1])
by r13151.ovh.net (Postfix) with ESMTP id 7E064CC186
for <m...@smtp.fakessh.eu>; Tue, 6 Sep 2011 14:11:50 +0200 (CEST)
X-Amavis-GeoIP: France Aquitaine Pau
X-Amavis-GeoIP: France
X-Header-AntiAbuse: report abuse to postmas...@fakessh.eu
X-Header-AntiAbuse: sender emilien.arino@no****a.fr emilien.arino
@no****ea.fr emilien.arino@no*****a.fr
X-Header-AntiAbuse: client addr 46.105.7.81
X-Header-AntiAbuse: client addr 217.119.181.45
X-Header-AntiAbuse: primary hostname r13151.ovh.net
X-Virus-Scanned: amavisd-new at r13151.ovh.net
Received: from r13151.ovh.net ([127.0.0.1])
by localhost (r13151.ovh.net [127.0.0.1]) (amavisd-new, port 10024)
with LMTP id poVU1eVAIlPQ for <m...@smtp.fakessh.eu>;
Tue, 6 Sep 2011 14:11:35 +0200 (CEST)
Received-SPF: pass (no****a.fr: 46.105.7.81 is authorized to
use 'emilien.ar...@novacrea.fr' in 'mfrom' identity
(mechanism 'a:mo1.n*****ea.fr' matched)) receiver=r13151.ovh.net;
identity=mailfrom; envelope-from="emilien.arino@n****a.fr";
helo=mo1.novacrea.fr; client-ip=46.105.7.81
X-SenderID: Sendmail Sender-ID Filter v1.0.0 r13151.ovh.net BA7B9CC0AE
Authentication-Results: r13151.ovh.net; sender-id=pass
header.from=emilien.arino@n****a.fr; spf=pass
smtp.mfrom=emilien.ar...@nrea.fr
X-Greylist: delayed 515 seconds by postgrey-1.34 at r13151.ovh.net; Tue, 06
Sep 2011 14:11:32 CEST
X-My-Organisation: fakessh @
Received: from mo1.n***crea.fr (mo1.no*****a.fr [46.105.7.81])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(Client did not present a certificate)
by r13151.ovh.net (Postfix) with ESMTPS id BA7B9CC0AE
for <m...@smtp.fakessh.eu>; Tue, 6 Sep 2011 14:11:28 +0200 (CEST)
Received: from mo1.n****crea.fr (localhost.localdomain [127.0.0.1])
by mo1.no*****a.fr (Postfix) with ESMTP id 84F52A202
for <m...@smtp.fakessh.eu>; Tue, 6 Sep 2011 14:02:06 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=novacrea.fr; h=me
the result of exam to pass
and sometimes different depending on the technology
--
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x092164A7
gpg --keyserver pgp.mit.edu --recv-key 092164A7
pgpbb3KF6cicP.pgp
Description: PGP signature
