Discussion:
reject mail when SPF test is incorrect for specific domain
(too old to reply)
Frédéric Goudal
2016-04-29 15:40:54 UTC
Permalink
Hello,

I have searched for some time and have not found a solution for the following problem :
- we do have a correct spf record for our domain
- I would like to reject mail pretending to come from our domain


Is there any way to do that with amavis ?

f.g.
Quanah Gibson-Mount
2016-04-29 15:44:51 UTC
Permalink
--On Friday, April 29, 2016 6:40 PM +0200 Frédéric Goudal
Post by Frédéric Goudal
Hello,
I have searched for some time and have not found a solution for the
following problem : - we do have a correct spf record for our domain
- I would like to reject mail pretending to come from our domain
Is there any way to do that with amavis ?
You need to set up DKIM signing for your domain, and then enable DMARC.

--Quanah


--

Quanah Gibson-Mount
Platform Architect
Zimbra, Inc.
--------------------
Zimbra :: the leader in open source messaging and collaboration
A division of Synacor, Inc
Noel Butler
2016-04-30 02:02:58 UTC
Permalink
Post by Frédéric Goudal
Hello,
I have searched for some time and have not found a solution for the
- we do have a correct spf record for our domain
- I would like to reject mail pretending to come from our domain
Is there any way to do that with amavis ?
f.g.
Better to do this at MTA level,looks like your using sendmail, so take a
look at milter-spf and see if its still maintained.
--
If you have the urge to reply to all rather than reply to list, you best
first read http://members.ausics.net/qwerty/
Frédéric Goudal
2016-05-03 08:02:28 UTC
Permalink
Post by Frédéric Goudal
Hello,
I have searched for some time and have not found a solution for the
- we do have a correct spf record for our domain
- I would like to reject mail pretending to come from our domain
Is there any way to do that with amavis ?
f.g.
Better to do this at MTA level,looks like your using sendmail, so take a look at milter-spf and see if its still maintained.
I was trying to avoid another layer in the mail filtering. I will try to use DMARK as Quanah said. I have already DKIM signing

But I had a look at milter-spf and the documentation is very very light


Thanks for your anwsers


f.g.
Noel Butler
2016-05-03 21:20:08 UTC
Permalink
Post by Frédéric Goudal
Post by Noel Butler
Post by Frédéric Goudal
Hello,
I have searched for some time and have not found a solution for the
- we do have a correct spf record for our domain
- I would like to reject mail pretending to come from our domain
Is there any way to do that with amavis ?
f.g.
Better to do this at MTA level,looks like your using sendmail, so take
a look at milter-spf and see if its still maintained.
I was trying to avoid another layer in the mail filtering. I will try
to use DMARK as Quanah said. I have already DKIM signing…
But I had a look at milter-spf and the documentation is very very
light…
Nothing's changed then in 10 years :)


Good luck with it.
Post by Frédéric Goudal
Thanks for your anwsers…
f.g.
--
If you have the urge to reply to all rather than reply to list, you best
first read http://members.ausics.net/qwerty/
Patrick Domack
2016-05-03 23:30:09 UTC
Permalink
Post by Noel Butler
Post by Frédéric Goudal
Post by Noel Butler
Post by Frédéric Goudal
Hello,
I have searched for some time and have not found a solution for the
- we do have a correct spf record for our domain
- I would like to reject mail pretending to come from our domain
Is there any way to do that with amavis ?
f.g.
Better to do this at MTA level,looks like your using sendmail, so
take a look at milter-spf and see if its still maintained.
I was trying to avoid another layer in the mail filtering. I will try
to use DMARK as Quanah said. I have already DKIM signing…
But I had a look at milter-spf and the documentation is very very light…
Nothing's changed then in 10 years :)
Nothing should be changed, if your filtering after reception of the email.
If it is setup for before-queue, then sure, amavis will do it just
fine. I have no idea if amavis + sendmail are able to do before-queue
though, I stopped using sendmail in 2005.
Noel Butler
2016-05-04 00:56:37 UTC
Permalink
Post by Patrick Domack
Post by Noel Butler
Post by Frédéric Goudal
Post by Noel Butler
Post by Frédéric Goudal
Hello,
I have searched for some time and have not found a solution for the
- we do have a correct spf record for our domain
- I would like to reject mail pretending to come from our domain
Is there any way to do that with amavis ?
f.g.
Better to do this at MTA level,looks like your using sendmail, so
take a look at milter-spf and see if its still maintained.
I was trying to avoid another layer in the mail filtering. I will try
to use DMARK as Quanah said. I have already DKIM signing…
But I had a look at milter-spf and the documentation is very very
light…
Nothing's changed then in 10 years :)
Nothing should be changed, if your filtering after reception of the
email.
If it is setup for before-queue, then sure, amavis will do it just
fine. I have no idea if amavis + sendmail are able to do before-queue
though, I stopped using sendmail in 2005.
For before queue, its best to be dealth wityh in MTA, before it gets to
amavis, as we know with postfix its easy, sendmail is a bit of messing
around because you need to make sure you own hosts can actually pass,
but we cant suggest change in MTA's since they may have a sendmail tied
backed (cyrus etc) and that would be unreasonable for something so
minor.
--
If you have the urge to reply to all rather than reply to list, you best
first read http://members.ausics.net/qwerty/
Loading...