You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Nicola Piazzi <Ni...@gruppocomet.it> on 2016/08/10 10:00:02 UTC
[SOLVED] R: A plugin to legitimate email when SPF and DKIM missing
I wrote this simple plugin, mxpf
This plugin search B class of sender Ip Address and try to match B class of any Ip of mx records of declared domain
So when it match is very difficolut that sender is a spoofed domain, you can use MXPF_PASS to combine with other rules in addition to SPF_PASS
1) Unpack mxpf.cf and mxpf.pm under /etc/mail/spamassassin dir
2) put your score in mxpf.cf
Download here :
https://forum.efa-project.org/viewtopic.php?f=14&t=1777
Nicola Piazzi
CED - Sistemi
COMET s.p.a.
Via Michelino, 105 - 40127 Bologna - Italia
Tel. +39 051.6079.293
Cell. +39 328.21.73.470
Web: www.gruppocomet.it
-----Messaggio originale-----
Da: John Hardin [mailto:jhardin@impsec.org]
Inviato: martedì 9 agosto 2016 23:04
A: users@spamassassin.apache.org
Oggetto: Re: A plugin to legitimate email when SPF and DKIM missing
On Tue, 9 Aug 2016, lists@rhsoft.net wrote:
>
> Am 09.08.2016 um 18:08 schrieb Kevin Golding:
>> Based on what you're trying to do:
>>
>> man dig
>
> don't help, see below
>
>> or depending on your resolver possibly:
>>
>> man drill
>
> don't help, see below
>
>> Whilst I agree it is slightly more effort to set-up whitelisting by
>> looking up the details first it would still be far more resource
>> efficient on your servers
>
> that don't catch the problem if the MX changes that you need to
> permanently watch your "whitelist_from_rcvd" and maintain them
So script it.
Write a script that reads a list of domain names, does digs to get those domains' MX hosts, and writes whitelist_from_rcvd rules for them to a local config file. Run that every night as part of your scheduled sa-update script.
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
The question of whether people should be allowed to harm themselves
is simple. They *must*. -- Charles Murray
-----------------------------------------------------------------------
6 days until the 71st anniversary of the end of World War II
R: [SOLVED] R: A plugin to legitimate email when SPF and DKIM missing
Posted by Nicola Piazzi <Ni...@gruppocomet.it>.
I usually doesnt use whitelisting so much
I wrote a couple of scripts that can be put in cron
They read my sql log, extract message id and create whitelist rules based on reply on your sender id
Thay match 55% of incoming clean mail at now for me
Download and read more here
https://forum.efa-project.org/viewtopic.php?f=14&t=1769
Nicola Piazzi
CED - Sistemi
COMET s.p.a.
Via Michelino, 105 - 40127 Bologna - Italia
Tel. +39 051.6079.293
Cell. +39 328.21.73.470
Web: www.gruppocomet.it
-----Messaggio originale-----
Da: lists@rhsoft.net [mailto:lists@rhsoft.net]
Inviato: mercoledì 10 agosto 2016 12:14
A: users@spamassassin.apache.org
Oggetto: Re: [SOLVED] R: A plugin to legitimate email when SPF and DKIM missing
Am 10.08.2016 um 12:00 schrieb Nicola Piazzi:
>
> I wrote this simple plugin, mxpf
> This plugin search B class of sender Ip Address and try to match B
> class of any Ip of mx records of declared domain So when it match is
> very difficolut that sender is a spoofed domain, you can use MXPF_PASS
> to combine with other rules in addition to SPF_PASS
>
> 1) Unpack mxpf.cf and mxpf.pm under /etc/mail/spamassassin dir
> 2) put your score in mxpf.cf
>
> Download here :
>
> https://forum.efa-project.org/viewtopic.php?f=14&t=1777
that looks really good
on piece missing - something like "whitelist_mx" working the same way as "whilelist_auth" to combine it with shortcicuit to complement whitelist by spf with that for senders you trust but don't have SPF/DKIM for whitelist_auth
whitelist_mx sender@domain.tld
whitelist_mx *@domain.tld
Re: [SOLVED] R: A plugin to legitimate email when SPF and DKIM
missing
Posted by "lists@rhsoft.net" <li...@rhsoft.net>.
Am 10.08.2016 um 12:00 schrieb Nicola Piazzi:
>
> I wrote this simple plugin, mxpf
> This plugin search B class of sender Ip Address and try to match B class of any Ip of mx records of declared domain
> So when it match is very difficolut that sender is a spoofed domain, you can use MXPF_PASS to combine with other rules in addition to SPF_PASS
>
> 1) Unpack mxpf.cf and mxpf.pm under /etc/mail/spamassassin dir
> 2) put your score in mxpf.cf
>
> Download here :
>
> https://forum.efa-project.org/viewtopic.php?f=14&t=1777
that looks really good
on piece missing - something like "whitelist_mx" working the same way as
"whilelist_auth" to combine it with shortcicuit to complement whitelist
by spf with that for senders you trust but don't have SPF/DKIM for
whitelist_auth
whitelist_mx sender@domain.tld
whitelist_mx *@domain.tld