Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
SPF do Lemata jeszcze raz :-)
50 views
Skip to first unread message
KIKI
Nov 22, 2020, 7:08:21 PM11/22/20
to
Cześć Lemat i inni co się na Postfixie znają :-)
Zgodnie z z zaleceniami Lemata sprawdzam niektóre typy
błędów SPF poprzez header_checks w postfixie
/^Authentication-Results: OpenDMARC; spf=fail/ REJECT SPF FAIL
/^Received-SPF: None/ REJECT SPF NONE
I te dwa działały, OpenDMARC to moja nazwa w tej zmiennej co mi
podałeś AuthservID OpenDMARC i tam sobie tak nazwałem.
Ale myślałem, że Permerros sam się odrzuci ale teraz dopisałem to:
/^Received-SPF: Permerror/ REJECT SPF PERMERROR
No bo przyszedł ciekawy mail.....przebił się.
Jak to się stało, że się przebił przy permerrorze i do tego
od siebie do siebie wystłany przez spamera
i prawdopodobnie zrobił CC do ofiary
Trochę tego postfix-policyd-spf-python nie ogarniam. On jest niedorobiony.
debugLevel = 1
TestOnly = 0
HELO_reject = SPF_Not_Pass # Fail
Mail_From_reject = SPF_Not_Pass # Fail
PermError_reject = True # False
TempError_Defer = False
skip_addresses = 127.0.0.0/8,::ffff:127.0.0.0/104,::1
--------
To coś: helo=wojciech.gsd.gda.pl
to jest zakon, coś religijnego, widocznie się tam włamali czy
jaki jest powód?
Co myślicie towarzysze? Jak się przed tym bronić?
=====================================================================
From - Mon Nov 23 00:32:39 2020
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
X-Mozilla-Keys:
Return-Path: <in...@piekary.pl>
X-Original-To: bi...@OFIARA.com.pl
Delivered-To: bi...@OFIARA.com.pl
Received: by mx.OFIARA.com.pl (Postfix, from userid 115)
id 6EEED5E0CA8; Sun, 22 Nov 2020 10:47:24 +0100 (CET)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on mx.OFIARA.com.pl
X-Spam-Status: Yes, score=6.3 required=5.0 autolearn=no autolearn_force=no
X-Spam-Level: ******
X-Spam-Rbl: <dns:65.101.19.153.bl-h4.rbl.polspam.pl> [127.0.2.4]
<dns:65.101.19.153.bl-h1.rbl.polspam.pl> [127.0.2.1]
<dns:65.101.19.153.bl.score.senderscore.com> [127.0.0.2]
<dns:169.217.0.149.zen.spamhaus.org> [127.0.0.11]
X-Spam-Report:
* 0.0 T_SPF_PERMERROR SPF: test of record failed (permerror)
* 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record
* 0.0 HTML_MESSAGE BODY: HTML included in message
* 1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,
* https://senderscore.org/blacklistlookup/
* [153.19.101.65 listed in bl.score.senderscore.com]
* 3.9 BL_1_POLSPAM_PL RBL: Listed on bl-h1.rbl.polspam.pl
* [153.19.101.65 listed in bl-h1.rbl.polspam.pl]
* 0.9 BL_4_POLSPAM_PL RBL: Listed on bl-h4.rbl.polspam.pl
* [153.19.101.65 listed in bl-h4.rbl.polspam.pl]
* 0.1 MISSING_MID Missing Message-Id: header
X-Spam-Relay-Country: _RELAYCOUNTRY_
Received-SPF: Permerror (mailfrom) identity=mailfrom; client-ip=153.19.101.65; helo=wojciech.gsd.gda.pl; envelope-from=in...@piekary.pl; receiver=<UNKNOWN>
Authentication-Results: OpenDMARC; dmarc=fail (p=none dis=none) header.from=piekary.pl
Received: from wojciech.gsd.gda.pl (wojciech.gsd.gda.pl [153.19.101.65])
by mx.OFIARA.com.pl (Postfix) with ESMTP id 3D6805E031F
for <bi...@OFIARA.auto.pl>; Sun, 22 Nov 2020 10:47:17 +0100 (CET)
Received: from [192.168.1.37] (unknown [149.0.217.169])
by wojciech.gsd.gda.pl (Postfix) with ESMTPA id 61EF8C121514B;
Sun, 22 Nov 2020 10:05:08 +0100 (CET)
Content-Type: multipart/alternative; boundary="===============1581443786=="
MIME-Version: 1.0
Subject: [***** SPAM 6.3 *****] Investments Funding Proposal
To: Recipients <in...@piekary.pl>
From: info <in...@piekary.pl>
Date: Sun, 22 Nov 2020 10:05:05 +0100
Reply-To: office_...@flowellinvestments.com
X-Spam-Prev-Subject: Investments Funding Proposal
Message-Id: <idddddddddddddd...@mx.OFIARA.com.pl>
You will not see this in a MIME-aware mail reader.
--===============1581443786==
Content-Type: text/plain; charset="iso-8859-1"
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Description: Mail message body
Zgodnie z z zaleceniami Lemata sprawdzam niektóre typy
błędów SPF poprzez header_checks w postfixie
/^Authentication-Results: OpenDMARC; spf=fail/ REJECT SPF FAIL
/^Received-SPF: None/ REJECT SPF NONE
I te dwa działały, OpenDMARC to moja nazwa w tej zmiennej co mi
podałeś AuthservID OpenDMARC i tam sobie tak nazwałem.
Ale myślałem, że Permerros sam się odrzuci ale teraz dopisałem to:
/^Received-SPF: Permerror/ REJECT SPF PERMERROR
No bo przyszedł ciekawy mail.....przebił się.
Jak to się stało, że się przebił przy permerrorze i do tego
od siebie do siebie wystłany przez spamera
i prawdopodobnie zrobił CC do ofiary
Trochę tego postfix-policyd-spf-python nie ogarniam. On jest niedorobiony.
debugLevel = 1
TestOnly = 0
HELO_reject = SPF_Not_Pass # Fail
Mail_From_reject = SPF_Not_Pass # Fail
PermError_reject = True # False
TempError_Defer = False
skip_addresses = 127.0.0.0/8,::ffff:127.0.0.0/104,::1
--------
To coś: helo=wojciech.gsd.gda.pl
to jest zakon, coś religijnego, widocznie się tam włamali czy
jaki jest powód?
Co myślicie towarzysze? Jak się przed tym bronić?
=====================================================================
From - Mon Nov 23 00:32:39 2020
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
X-Mozilla-Keys:
Return-Path: <in...@piekary.pl>
X-Original-To: bi...@OFIARA.com.pl
Delivered-To: bi...@OFIARA.com.pl
Received: by mx.OFIARA.com.pl (Postfix, from userid 115)
id 6EEED5E0CA8; Sun, 22 Nov 2020 10:47:24 +0100 (CET)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on mx.OFIARA.com.pl
X-Spam-Status: Yes, score=6.3 required=5.0 autolearn=no autolearn_force=no
X-Spam-Level: ******
X-Spam-Rbl: <dns:65.101.19.153.bl-h4.rbl.polspam.pl> [127.0.2.4]
<dns:65.101.19.153.bl-h1.rbl.polspam.pl> [127.0.2.1]
<dns:65.101.19.153.bl.score.senderscore.com> [127.0.0.2]
<dns:169.217.0.149.zen.spamhaus.org> [127.0.0.11]
X-Spam-Report:
* 0.0 T_SPF_PERMERROR SPF: test of record failed (permerror)
* 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record
* 0.0 HTML_MESSAGE BODY: HTML included in message
* 1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,
* https://senderscore.org/blacklistlookup/
* [153.19.101.65 listed in bl.score.senderscore.com]
* 3.9 BL_1_POLSPAM_PL RBL: Listed on bl-h1.rbl.polspam.pl
* [153.19.101.65 listed in bl-h1.rbl.polspam.pl]
* 0.9 BL_4_POLSPAM_PL RBL: Listed on bl-h4.rbl.polspam.pl
* [153.19.101.65 listed in bl-h4.rbl.polspam.pl]
* 0.1 MISSING_MID Missing Message-Id: header
X-Spam-Relay-Country: _RELAYCOUNTRY_
Received-SPF: Permerror (mailfrom) identity=mailfrom; client-ip=153.19.101.65; helo=wojciech.gsd.gda.pl; envelope-from=in...@piekary.pl; receiver=<UNKNOWN>
Authentication-Results: OpenDMARC; dmarc=fail (p=none dis=none) header.from=piekary.pl
Received: from wojciech.gsd.gda.pl (wojciech.gsd.gda.pl [153.19.101.65])
by mx.OFIARA.com.pl (Postfix) with ESMTP id 3D6805E031F
for <bi...@OFIARA.auto.pl>; Sun, 22 Nov 2020 10:47:17 +0100 (CET)
Received: from [192.168.1.37] (unknown [149.0.217.169])
by wojciech.gsd.gda.pl (Postfix) with ESMTPA id 61EF8C121514B;
Sun, 22 Nov 2020 10:05:08 +0100 (CET)
Content-Type: multipart/alternative; boundary="===============1581443786=="
MIME-Version: 1.0
Subject: [***** SPAM 6.3 *****] Investments Funding Proposal
To: Recipients <in...@piekary.pl>
From: info <in...@piekary.pl>
Date: Sun, 22 Nov 2020 10:05:05 +0100
Reply-To: office_...@flowellinvestments.com
X-Spam-Prev-Subject: Investments Funding Proposal
Message-Id: <idddddddddddddd...@mx.OFIARA.com.pl>
You will not see this in a MIME-aware mail reader.
--===============1581443786==
Content-Type: text/plain; charset="iso-8859-1"
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Description: Mail message body
Lemat
Nov 23, 2020, 6:13:23 AM11/23/20
to
W dniu 23.11.2020 o 01:08, KIKI pisze:
typu błąd.
policyd-spf-python ma ustawienia:
# Policy for rejecting due to SPF PermError. Options are:
# PermError_reject = True
# PermError_reject = False
PermError_reject = False
ja bym użył wbudowanych funkcji policyd zamiast header_checks
co do samej domeny:
https://mxtoolbox.com/SuperTool.aspx?action=spf%3apiekary.pl%3a153.19.101.65&run=toolpage
pokazuje problem w rekordzie SPF tej domeny:
A null DNS lookup was found for include
(mail.piekary.pl,smtp.piekary.pl,fortimail.piekary.pl)
co do nadawcy:
# rblcheck 153.19.101.65
153.19.101.65 not listed by sbl.spamhaus.org
153.19.101.65 not listed by xbl.spamhaus.org
153.19.101.65 not listed by pbl.spamhaus.org
153.19.101.65 not listed by bl.spamcop.net
153.19.101.65 not listed by psbl.surriel.com
153.19.101.65 not listed by dul.dnsbl.sorbs.net
153.19.101.65 listed by chikor.rbl.tld: IP 153.19.101.65 wysylalo
spam/wirusy i wymaga interwencji administratora. Prosze sie w tej
sprawie zglosic do swojego dzialu IT lub hostingu
153.19.101.65 not listed by dynamic.rbl.tld
153.19.101.65 listed by dnsbl-1.uceprotect.net: IP 153.19.101.65 is
UCEPROTECT-Level 1 listed. See
http://www.uceprotect.net/rblcheck.php?ipr=153.19.101.65
153.19.101.65 not listed by dnsbl-2.uceprotect.net
153.19.101.65 not listed by dnsbl-3.uceprotect.net
153.19.101.65 listed by ips.backscatterer.org: Sorry 153.19.101.65 is
blacklisted at http://www.backscatterer.org/?ip=153.19.101.65
u mnie w RBLu ten IP jest od co najmniej 5ciu lat, brak porządnego
admina, hasła typu 123456 - tego typu sprawa.
149.0.217.169 to GPRS w Turcji
--
Pozdrawiam
Lemat
> Received-SPF: Permerror (mailfrom) identity=mailfrom; client-ip=153.19.101.65; helo=wojciech.gsd.gda.pl; envelope-from=in...@piekary.pl; receiver=<UNKNOWN>
> Authentication-Results: OpenDMARC; dmarc=fail (p=none dis=none) header.from=piekary.pl
Jak na moje to pewnie gdzieś brakuje kropki, myślnika albo inny tego
> Authentication-Results: OpenDMARC; dmarc=fail (p=none dis=none) header.from=piekary.pl
typu błąd.
policyd-spf-python ma ustawienia:
# Policy for rejecting due to SPF PermError. Options are:
# PermError_reject = True
# PermError_reject = False
PermError_reject = False
ja bym użył wbudowanych funkcji policyd zamiast header_checks
co do samej domeny:
https://mxtoolbox.com/SuperTool.aspx?action=spf%3apiekary.pl%3a153.19.101.65&run=toolpage
pokazuje problem w rekordzie SPF tej domeny:
A null DNS lookup was found for include
(mail.piekary.pl,smtp.piekary.pl,fortimail.piekary.pl)
co do nadawcy:
# rblcheck 153.19.101.65
153.19.101.65 not listed by sbl.spamhaus.org
153.19.101.65 not listed by xbl.spamhaus.org
153.19.101.65 not listed by pbl.spamhaus.org
153.19.101.65 not listed by bl.spamcop.net
153.19.101.65 not listed by psbl.surriel.com
153.19.101.65 not listed by dul.dnsbl.sorbs.net
153.19.101.65 listed by chikor.rbl.tld: IP 153.19.101.65 wysylalo
spam/wirusy i wymaga interwencji administratora. Prosze sie w tej
sprawie zglosic do swojego dzialu IT lub hostingu
153.19.101.65 not listed by dynamic.rbl.tld
153.19.101.65 listed by dnsbl-1.uceprotect.net: IP 153.19.101.65 is
UCEPROTECT-Level 1 listed. See
http://www.uceprotect.net/rblcheck.php?ipr=153.19.101.65
153.19.101.65 not listed by dnsbl-2.uceprotect.net
153.19.101.65 not listed by dnsbl-3.uceprotect.net
153.19.101.65 listed by ips.backscatterer.org: Sorry 153.19.101.65 is
blacklisted at http://www.backscatterer.org/?ip=153.19.101.65
u mnie w RBLu ten IP jest od co najmniej 5ciu lat, brak porządnego
admina, hasła typu 123456 - tego typu sprawa.
149.0.217.169 to GPRS w Turcji
--
Pozdrawiam
Lemat
0 new messages