Enable SPF checking without SpamAssin
Hi,
I'm trying to enable SPF checking to reject messages with SPF fail or softfail checking. Without enabling SpamAssisn.
I have found in Cpanel forums this old solution to be included inside Exim -> Advanced Editor (custom_begin_mailauth):
although I cannot see the SPF checking text in the header of new messages. Is this solution still valid, or maybe today it doesn't work?. Is there another updated way? * I add: I can see inside the logs how the SPF rejection is working although no SPF info in the header's messages. thanks!
# Enable SPF rejection without SpamAssassin
deny message = SPF: $sender_host_address is not allowed to send mail from $sender_address_domain
spf = fail:softfailalthough I cannot see the SPF checking text in the header of new messages. Is this solution still valid, or maybe today it doesn't work?. Is there another updated way? * I add: I can see inside the logs how the SPF rejection is working although no SPF info in the header's messages. thanks!
-
Hey there! You're correct that typically you'd need SpamAssassin enabled in order to do this work. I believe this is the older post you're referring to: and this seems to be straight out of the Exim documentation here: 0 -
yes, the code is working, I can see this in logs. Although I don't see the "SPF:... " line inside the headers of incoming messages. Different from SPF ( which in front users can be explained like a bad server configuration in the other part), I have doubts about DKIM verification. I'm not sure if most of all legitimate traffic already has DKIM keys What's your thoughts?. Is DKIM already used beyond 90%? thanks! 0 -
I think DKIM is extremely widespread - if you want to send messages to Gmail and actually have hope of making it to the inbox, you need to have it. If you'd like to create a ticket to have us check the SPF configuration we'd be happy to look! 0 -
yes, I have DKIM configured in all users. Not need to open a support ticket for this, thanks :) My question is to know if rejecting incoming messages without DKIM signature it can be a good idea. 0 -
I think it's a great idea - anyone that is sending email to major providers at this point needs to have DKIM enabled, so any automated scripts will almost certainly fail that verification check. 0 -
I think it's a great idea - anyone that is sending email to major providers at this point needs to have DKIM enabled, so any automated scripts will almost certainly fail that verification check.
I got it now, thanks so much0 -
I have enabled DKIM but still spam is arriving to inbox. one our inbox is getting 1000s of Bounce message with subject "Mail delivery failed: returning message to sender" But when we check email delivery report that domain never send email to that email address which is bouncing back also when we check that domain less than 10 emails in 24 hours but receive more than 1000 bounce messages like that. How to stop these Please? Thanks 0 -
Do you see a large amount of messages leaving the server in the Exim log at /var/log/exim_mainlog? You could also work through some of these steps to make sure there isn't spam leaving the system: How to find the source of spam emails 0 -
It sounds like your address was likely spoofed or set as the return address for someone else's spam, so there isn't much you can do about that. The only thing you could do on the server-side would be to create a filter to delete those messages or move them to a folder or even a separate email address so you could look through them if you wanted to. 0 -
What about DMARC to prevent spoofing?
0
Please sign in to leave a comment.
Comments
11 comments