You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Bijayant <bi...@yahoo.com> on 2009/01/05 06:51:44 UTC
Re: Implementing SPF
Benny Pedersen wrote:
>
>
> On Wed, December 31, 2008 06:29, Bijayant wrote:
>>
>> From all the discussions and reading all the replies in this thread
>> I have understood many things like
>> 1) We use smtp-auth for sending the mails. So, I can reject all
>> mails which are not generating from my mail server,
>
> reject sender domains with do not auth and are local
>
>> right? This will be a good tactics.
>
> yes
>
> Slightly offtopic, but when I tried this I am getting the Bounce message
> because the email-id is local and valid. Perhaps I need to do more R & D.
>
>> Now the SPF parts,
>> 2) If the SPF records is configured in DNS, then we do not have to
>> do any additional configuration in Postfix and spamassassin.
>
> in postfix no change
>
> in spamassassin:
>
> i use the below php code that dumps squirreelmail address book to
> whitelist_auth
>
> <?php
>
> include_once('./conf.inc.php');
>
> mysql_connect ($HostName, $UserNameSQ, $PassWordSQ); // or die
> ('connect error');
> mysql_select_db ($DataBaseSQ); // or die ('database error');
>
> // CREATE TABLE `address` (
> // `owner` varchar(255) NOT NULL,
> // `nickname` varchar(255) NOT NULL,
> // `firstname` varchar(255) NOT NULL,
> // `lastname` varchar(255) NOT NULL,
> // `email` varchar(255) NOT NULL,
> // `label` varchar(255) NOT NULL
> // ) ENGINE=MyISAM DEFAULT CHARSET=utf8 COMMENT='squirrelmail
> address book';
>
> $query = "SELECT email FROM address ORDER BY 'owner' ASC";
> $handle = mysql_query ($query); // or die(mysql_error());
> for ($count = 1; $row = mysql_fetch_row ($handle); ++$count) {
> print "whitelist_auth $row[0]\n"; }
> ?>
>
> cron the above so its part of the sa-update
>
> php whitelist_auth_from_squirrelmail.php >
> /path/to/local.cf/00_local_whitelist_auth.cf
>
>> We can create the Meta
>
> dont mess it more
>
>> rules in local.cf to increase/decrease the score, right?
>
> no whitelist trusted senders that are known in local via spf pass
> and or dkim
>
>> 3) Gmail adds a header like "Received-SPF: fail/pass/neutral".
>
> ignore that header it can be faked !
> I
>> think MTA is adding this header.
>
> no its a python spf checker
>
>> How this type of headers can be added?
>
> spamassassin have its own spf checker, dont use another
>
>
> to rule maintainers: can we change default scores for whitelist_from
> now ?
>
> --
> Benny Pedersen
> Need more webspace ? http://www.servage.net/?coupon=cust37098
>
>
Thanks, now its getting clearer to me that I have to do any change in SA
only. I tried to simulate the scenario for SPF and found that SA added one
test like "X-Spam-Status: SPF_NEUTRAL=1.069". When I greped this like
grep -ilr "SPF_NEUTRAL" /etc/mail/spamassassin/*, I found nothing.
1) So, how could I start increase/decrease the scores based on SPF results.
2) What should I do to whitelist the senders because, if I will whitelist
the senders then it will not check for the Spam and the mail will passed
without the spam TAG.
Please suggest me, I am also doing google and reading more about the SA.
Happy New Year !!!
--
View this message in context: http://www.nabble.com/Implementing-SPF-tp21216090p21285944.html
Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
Re: Implementing SPF
Posted by Martin Gregorie <ma...@gregorie.org>.
On Sun, 2009-01-04 at 21:51 -0800, Bijayant wrote:
> 2) What should I do to whitelist the senders because, if I will whitelist
> the senders then it will not check for the Spam and the mail will passed
> without the spam TAG.
>
I have a database containing an automatically built list of everybody
I've sent mail to that I use as an automatic whitelist.
I created a plugin by modifying the SentOutDB.pm plugin I found at
http://whatever.frukt.org/ - you may not need to do this, but I had to
since that's a MySQL plugin and I run PostgreSQL.
That's used in the following rule set:
describe MA_WHITELIST Mail Archive holds mail sent to this sender
header __MA_WL1 eval:MAwhitelist_reply()
header __MA_WL2 From =~ /\@mydomain.com/i
header __MA_WL3 From =~ /myself\@users\.sourceforge\.net/i
meta MA_WHITELIST (__MA_WL1 && (__MA_WL2==0 && __MA_WL3==0))
score MA_WHITELIST -50.0
where 'mydomain' is my domain name and 'myself' is my login at
sourceforge. The subrules __MA_WL2 and __MA_WL3 are used to prevent
messages with myself as a forged sender being whitelisted.
'mydomain' appears as a sender as a result of test messages I've sent
and source forge appears as the inevitable result of sending messages to
other project owners. This is a straight-forward if simple-minded
solution to the 'self-as-forged-sender' problem.
As the whitelist is simply a data base view a better solution would be
to add a 'self' flag to the address list and exclude addresses that
carry it from the whitelist view. That is on my enhancements list: apart
from this issue this whitelisting scheme works well.
Martin