You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@spamassassin.apache.org by Bijayant <bi...@yahoo.com> on 2009/01/05 06:51:44 UTC

Re: Implementing SPF



Benny Pedersen wrote:
> 
> 
> On Wed, December 31, 2008 06:29, Bijayant wrote:
>>
>> From all the discussions and reading all the replies in this thread
>> I have understood many things like
>> 1) We use smtp-auth for sending the mails. So, I can reject all
>> mails which are not generating from my mail server,
> 
> reject sender domains with do not auth and are local
> 
>> right? This will be a good tactics.
> 
> yes
> 
> Slightly offtopic, but when I tried this I am getting the Bounce message
> because the email-id is local and valid. Perhaps I need to do more R & D.
> 
>> Now the SPF parts,
>> 2) If the SPF records is configured in DNS, then we do not have to
>> do any additional configuration in Postfix and spamassassin.
> 
> in postfix no change
> 
> in spamassassin:
> 
> i use the below php code that dumps squirreelmail address book to
> whitelist_auth
> 
> <?php
> 
>     include_once('./conf.inc.php');
> 
>     mysql_connect ($HostName, $UserNameSQ, $PassWordSQ); // or die
> ('connect error');
>     mysql_select_db ($DataBaseSQ); // or die ('database error');
> 
>     // CREATE TABLE `address` (
>     //  `owner` varchar(255) NOT NULL,
>     //  `nickname` varchar(255) NOT NULL,
>     //  `firstname` varchar(255) NOT NULL,
>     //  `lastname` varchar(255) NOT NULL,
>     //  `email` varchar(255) NOT NULL,
>     //  `label` varchar(255) NOT NULL
>     // ) ENGINE=MyISAM DEFAULT CHARSET=utf8 COMMENT='squirrelmail
> address book';
> 
>     $query = "SELECT email FROM address ORDER BY 'owner' ASC";
>     $handle = mysql_query ($query); // or die(mysql_error());
>     for ($count = 1; $row = mysql_fetch_row ($handle); ++$count) {
> print "whitelist_auth $row[0]\n"; }
> ?>
> 
> cron the above so its part of the sa-update
> 
> php whitelist_auth_from_squirrelmail.php >
> /path/to/local.cf/00_local_whitelist_auth.cf
> 
>> We can create the Meta
> 
> dont mess it more
> 
>> rules in local.cf to increase/decrease the score, right?
> 
> no whitelist trusted senders that are known in local via spf pass
> and or dkim
> 
>> 3) Gmail adds a header like "Received-SPF: fail/pass/neutral".
> 
> ignore that header it can be faked !
>  I
>> think MTA is adding this header.
> 
> no its a python spf checker
> 
>> How this type of headers can be added?
> 
> spamassassin have its own spf checker, dont use another
> 
> 
> to rule maintainers: can we change default scores for whitelist_from
> now ?
> 
> -- 
> Benny Pedersen
> Need more webspace ? http://www.servage.net/?coupon=cust37098
> 
> 

Thanks, now its getting clearer to me that I have to do any change in SA
only. I tried to simulate the scenario for SPF and found that SA added one
test like "X-Spam-Status: SPF_NEUTRAL=1.069". When I  greped this like 
grep -ilr "SPF_NEUTRAL" /etc/mail/spamassassin/*, I found nothing.
1) So, how could I start increase/decrease the scores based on SPF results. 

2) What should I do to whitelist the senders because, if I will whitelist
the senders then it will not check for the Spam and the mail will passed
without the spam TAG.

Please suggest me, I am also doing google and reading more about the SA.

Happy New Year !!!
-- 
View this message in context: http://www.nabble.com/Implementing-SPF-tp21216090p21285944.html
Sent from the SpamAssassin - Users mailing list archive at Nabble.com.

Re: Implementing SPF

Posted by Martin Gregorie <ma...@gregorie.org>.

On Sun, 2009-01-04 at 21:51 -0800, Bijayant wrote:

> 2) What should I do to whitelist the senders because, if I will whitelist
> the senders then it will not check for the Spam and the mail will passed
> without the spam TAG.
> 
I have a database containing an automatically built list of everybody
I've sent mail to that I use as an automatic whitelist.

I created a plugin by modifying the SentOutDB.pm plugin I found at
http://whatever.frukt.org/ - you may not need to do this, but I had to
since that's a MySQL plugin and I run PostgreSQL.

That's used in the following rule set:

describe MA_WHITELIST Mail Archive holds mail sent to this sender 
header   __MA_WL1     eval:MAwhitelist_reply()
header   __MA_WL2     From =~ /\@mydomain.com/i
header   __MA_WL3     From =~ /myself\@users\.sourceforge\.net/i
meta     MA_WHITELIST (__MA_WL1 && (__MA_WL2==0 && __MA_WL3==0))        
score    MA_WHITELIST  -50.0

where 'mydomain' is my domain name and 'myself' is my login at
sourceforge. The subrules __MA_WL2 and __MA_WL3 are used to prevent
messages with myself as a forged sender being whitelisted. 

'mydomain' appears as a sender as a result of test messages I've sent
and source forge appears as the inevitable result of sending messages to
other project owners. This is a straight-forward if simple-minded
solution to the 'self-as-forged-sender' problem. 

As the whitelist is simply a data base view a better solution would be
to add a 'self' flag to the address list and exclude addresses that
carry it from the whitelist view. That is on my enhancements list: apart
from this issue this whitelisting scheme works well.

Martin