SPF rejecting not happening
680 views
Skip to first unread message
Sophie Loe
May 21, 2018, 2:55:25 PM5/21/18
to rspamd
Hi,
My SPF records are fail if not our MXes.
With my earlier setup it worked well with postfix/opendkim and rejected on an spf=fail.
Can rspamd reject based on spf=fail?
Example spoofed email that got through ( with email address changed ):
Authentication-Results: spf=fail smtp.mailfrom=pa...@example.co.uk
Received: from adsl.viettel.vn (unknown [115.77.24.171])
by mx14.example.co.uk (Postfix) with ESMTP id 4C59C3C
for <pas...@example.co.uk>; Thu, 19 Apr 2018 05:05:13 +0000 (UTC)
Message-ID: <31BDB079CB3C74028E834AF80F4731BD@Q81NM8C>
From: <pa...@example.co.uk>
To: <pa...@example.co.uk>
Subject: Luda
Regards.
My SPF records are fail if not our MXes.
With my earlier setup it worked well with postfix/opendkim and rejected on an spf=fail.
Can rspamd reject based on spf=fail?
Example spoofed email that got through ( with email address changed ):
Authentication-Results: spf=fail smtp.mailfrom=pa...@example.co.uk
Received: from adsl.viettel.vn (unknown [115.77.24.171])
by mx14.example.co.uk (Postfix) with ESMTP id 4C59C3C
for <pas...@example.co.uk>; Thu, 19 Apr 2018 05:05:13 +0000 (UTC)
Message-ID: <31BDB079CB3C74028E834AF80F4731BD@Q81NM8C>
From: <pa...@example.co.uk>
To: <pa...@example.co.uk>
Subject: Luda
Regards.
Alexander Moisseev
May 22, 2018, 10:36:28 AM5/22/18
to rsp...@googlegroups.com
On 21.05.2018 21:55, Sophie Loe wrote:
> Hi,
>
> My SPF records are fail if not our MXes.
>
> With my earlier setup it worked well with postfix/opendkim and rejected on an spf=fail.
>
> Can rspamd reject based on spf=fail?
>
Rspamd doesn't do this by default. It just inserts R_SPF_FAIL symbol.
> Hi,
>
> My SPF records are fail if not our MXes.
>
> With my earlier setup it worked well with postfix/opendkim and rejected on an spf=fail.
>
> Can rspamd reject based on spf=fail?
>
You can use Force Actions module.
https://rspamd.com/doc/modules/force_actions.html
Sophie Loe
May 22, 2018, 1:15:52 PM5/22/18
to rspamd
Sophie
Thanks for the link.
Would this work?
# cat local.d/force_actions.conf
rules {
SJL_SPF-FAIL-REJECT {
action = "reject";
expression = "R_SPF_FAIL";
message = "Rejected SPF-FAIL"; }
}
And since we’re on the subject, can I have a reject based on high spammy scores? Is there a score assigned or a rating I can use to trigger a rule like this?
SPAM_SCORE_HIGH {
action = "reject";
expression = "R_HIGH_SCORED_SPAMMY_MESSAGE";
message = "Rejected Spam >28"; }
}
My headers don’t give this, other than a tally in X-Spamd-Result:
X-Spamd-Result: default: False [28.39 / 150.00];
FROM_HAS_DN(0.00)[];
ARC_NA(0.00)[];
FREEMAIL_REPLYTO(0.00)[hotmail.com];
FROM_EQ_ENVFROM(0.00)[];
HAS_X_PRIO_THREE(0.00)[3];
RCVD_COUNT_ZERO(0.00)[0];
MISSING_TO(2.00)[];
SUBJECT_HAS_CURRENCY(1.00)[];
MISSING_MID(2.50)[];
HFILTER_HOSTNAME_UNKNOWN(2.50)[];
MX_GOOD(-1.00)[hotmail-com.olc.protection.outlook.com];
ONCE_RECEIVED(0.10)[];
FREEMAIL_ENVFROM(0.00)[hotmail.com];
MIME_HTML_ONLY(0.20)[];
BAYES_SPAM(0.49)[77.01%];
MSBL_EBL(7.50)[remover...@hotmail.com,d337c343f6ba4d72c084919f50b07366f42df441];
R_SPF_SOFTFAIL(0.00)[~all];
RCVD_TLS_ALL(0.00)[];
FORGED_MUA_OUTLOOK(3.00)[];
HFILTER_HELO_5(3.00)[Sender];
FORGED_OUTLOOK_HTML(5.00)[];
DMARC_POLICY_SOFTFAIL(0.10)[hotmail.com : No valid SPF, No valid DKIM,none];
ASN(0.00)[asn:22047, ipnet:200.86.240.0/20, country:CL];
HTML_SHORT_LINK_IMG_1(2.00)[];
REPLYTO_ADDR_EQ_FROM(0.00)[];
HAS_REPLYTO(0.00)[alarconp...@hotmail.com];
R_DKIM_NA(0.00)[];
FREEMAIL_FROM(0.00)[hotmail.com]
Thx, Sophie.
Alexander Moisseev
May 22, 2018, 3:58:55 PM5/22/18
to rsp...@googlegroups.com
On 5/22/2018 8:15 PM, Sophie Loe wrote:
>
> Sophie
>
>
>
>> On 22 May 2018, at 16:36, Alexander Moisseev <alexander...@gmail.com> wrote:
>>
>> On 21.05.2018 21:55, Sophie Loe wrote:
>>> Hi,
>>> My SPF records are fail if not our MXes.
>>> With my earlier setup it worked well with postfix/opendkim and rejected on an spf=fail.
>>> Can rspamd reject based on spf=fail?
>>>
>>
>> Rspamd doesn't do this by default. It just inserts R_SPF_FAIL symbol.
>> You can use Force Actions module.
>> https://rspamd.com/doc/modules/force_actions.html
>
> Hi,
>
> Thanks for the link.
>
> Would this work?
> # cat local.d/force_actions.conf
> rules {
> SJL_SPF-FAIL-REJECT {
> action = "reject";
> expression = "R_SPF_FAIL";
> message = "Rejected SPF-FAIL"; }
> }
>
Yes, it should work.
>
> Sophie
>
>
>
>> On 22 May 2018, at 16:36, Alexander Moisseev <alexander...@gmail.com> wrote:
>>
>> On 21.05.2018 21:55, Sophie Loe wrote:
>>> Hi,
>>> My SPF records are fail if not our MXes.
>>> With my earlier setup it worked well with postfix/opendkim and rejected on an spf=fail.
>>> Can rspamd reject based on spf=fail?
>>>
>>
>> Rspamd doesn't do this by default. It just inserts R_SPF_FAIL symbol.
>> You can use Force Actions module.
>> https://rspamd.com/doc/modules/force_actions.html
>
> Hi,
>
> Thanks for the link.
>
> Would this work?
> # cat local.d/force_actions.conf
> rules {
> SJL_SPF-FAIL-REJECT {
> action = "reject";
> expression = "R_SPF_FAIL";
> message = "Rejected SPF-FAIL"; }
> }
>
>
> And since we’re on the subject, can I have a reject based on high spammy scores? Is there a score assigned or a rating I can use to trigger a rule like this?
>
> SPAM_SCORE_HIGH {
> action = "reject";
> expression = "R_HIGH_SCORED_SPAMMY_MESSAGE";
> message = "Rejected Spam >28"; }
> }
>
>
> My headers don’t give this, other than a tally in X-Spamd-Result:
> X-Spamd-Result: default: False [28.39 / 150.00];
> FROM_HAS_DN(0.00)[];
> ARC_NA(0.00)[];
Sophie Loe
May 22, 2018, 4:18:34 PM5/22/18
to rspamd
# cat metrics.conf
actions {
reject = 30;
add_header = 6;
greylist = 4;
}
symbol "MX_INVALID" {
score = 1.0;
description = "No connectable MX";
one_shot = "true";
}
symbol "MX_MISSING" {
score = 2.0;
description = "No MX record";
one_shot = "true";
}
symbol "MX_GOOD" {
score = -0.5;
description = "MX was ok";
one_shot = "true";
}
Alexander Moisseev
May 23, 2018, 4:12:04 AM5/23/18
to rsp...@googlegroups.com
On 5/22/2018 11:18 PM, Sophie Loe wrote:
>
> Good point. I’d forgotten this and now I have this, but the add_header = 6; didn’t add a header:(
>
> # cat metrics.conf
> actions {
> reject = 30;
> add_header = 6;
> greylist = 4;
> }
> symbol "MX_INVALID" {
> score = 1.0;
> description = "No connectable MX";
> one_shot = "true";
> }
> symbol "MX_MISSING" {
> score = 2.0;
> description = "No MX record";
> one_shot = "true";
> }
> symbol "MX_GOOD" {
> score = -0.5;
> description = "MX was ok";
> one_shot = "true";
> }
metrics.conf is deprecated since 1.7.0. The proper place for "actions" is "$LOCAL_CONFDIR/local.d/actions.conf"
>
> Good point. I’d forgotten this and now I have this, but the add_header = 6; didn’t add a header:(
>
> # cat metrics.conf
> actions {
> reject = 30;
> add_header = 6;
> greylist = 4;
> }
> symbol "MX_INVALID" {
> score = 1.0;
> description = "No connectable MX";
> one_shot = "true";
> }
> symbol "MX_MISSING" {
> score = 2.0;
> description = "No MX record";
> one_shot = "true";
> }
> symbol "MX_GOOD" {
> score = -0.5;
> description = "MX was ok";
> one_shot = "true";
> }
But your configuration should work anyway.
Reply all
Reply to author
Forward
0 new messages