Results 1 to 9 of 9

Thread: [SOLVED] Does Zimbra check SPF records for incoming emails

  1. #1
    priyadarsanroy's Avatar
    priyadarsanroy is offline Active Member
    Join Date
    Dec 2008
    Posts
    36
    Rep Power
    6

    Default [SOLVED] Does Zimbra check SPF records for incoming emails

    I do not think by default Zimbra checks for and verifies SPF records for incoming emails. I saw this link

    Improving Anti-spam system - Zimbra :: Wiki

    But it does not say anything about enabling SPF checks for Zimbra's Spam checker. Any pointers would be appreciated.

  2. #2
    uxbod's Avatar
    uxbod is offline Moderator
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,017
    Rep Power
    24

    Default

    Check /opt/zimbra/conf/spamassassin/init.pre as I do believe the plugin is enabled by default.

  3. #3
    uxbod's Avatar
    uxbod is offline Moderator
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,017
    Rep Power
    24

    Default

    If the following returns a error then you will need to install the Perl module
    Code:
    su - zimbra
    perl -e 'require Mail::SPF::Query'

  4. #4
    priyadarsanroy's Avatar
    priyadarsanroy is offline Active Member
    Join Date
    Dec 2008
    Posts
    36
    Rep Power
    6

    Default

    Hi uxbod,

    I cheked the file you mentioned and I saw that SPF was enabled. Then to install the necessary perl module going along with the wiki article

    Improving Anti-spam system - Zimbra :: Wiki

    I went and installed the perl module perl-Mail-SPF. Then when I did a zimbra restart I got this from zimbra logs

    Apr 13 13:14:56 ksp amavis[4866]: Module Mail::SPF v2.005

    This means that Amavis actually loaded the perl module. To test if SPF works I send an original email from my gmail ID and then I send an email forging the from address as gmail.com via telent to port 25. Both susseccfully landed up in my INBOX.

    I was expecting the second email with the forged from address email to land up in my Junk folder. For verfication I had repeated the same with my other domain which has SPF records added. The result was the same.

    Am I missing out something here or is Amavis not set properly to score emails with SPF negative email ID's.

  5. #5
    uxbod's Avatar
    uxbod is offline Moderator
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,017
    Rep Power
    24

    Default

    Would you please post the headers from both emails.

  6. #6
    priyadarsanroy's Avatar
    priyadarsanroy is offline Active Member
    Join Date
    Dec 2008
    Posts
    36
    Rep Power
    6

    Default

    The is the one from my original gmail id

    Email MIME Parts - x560qcme

    This is the one which I send as the fake from gmail

    Email MIME Parts - hr8jsny5

    And to test from my other doimain from the actual server

    Email MIME Parts - z8602wyp

    This one the forged one from the same domain

    Email MIME Parts - oti1kiwg

  7. #7
    priyadarsanroy's Avatar
    priyadarsanroy is offline Active Member
    Join Date
    Dec 2008
    Posts
    36
    Rep Power
    6

    Default

    Improving Anti-spam system - Zimbra :: Wiki

    I just read carefully the above article I will have to add

    score SPF_FAIL 10.000
    score SPF_HELO_FAIL 10.000

    to me local.sf to make spamassassin to make it start working. I will test this during non business hours since I will need a restart.

    I I wounder what is the difference between SPF_FAIL and SPF_HELO_FAIL!

  8. #8
    uxbod's Avatar
    uxbod is offline Moderator
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,017
    Rep Power
    24

    Default

    You could make those changes to both salocal.cf and salocal.cf.in. You would only need to perform
    Code:
    su - zimbra
    zmamavisdctl restart
    for it to pick up the new values.

  9. #9
    priyadarsanroy's Avatar
    priyadarsanroy is offline Active Member
    Join Date
    Dec 2008
    Posts
    36
    Rep Power
    6

    Default

    Yup that did the trick. Now it is working I tried to sent a fake email and the email never reached my inbox. I saw this from my logs

    Apr 13 17:20:06 ksp postfix/smtp[22753]: ACE3E7D2118: to=<priyadarsanroy@gmail.com>, orig_to=<pd@ksp.gov.in>, relay=127.0.0.1[127.0.0.1]:10024, conn_use=5, delay=77, delays=44/19/0.02/13, dsn=2.7.0, status=sent (250 2.7.0 Ok, discarded, id=23117-01-5 - SPAM)
    Apr 13 17:20:06 ksp postfix/smtp[22753]: ACE3E7D2118: to=<pd@ksp.gov.in>, relay=127.0.0.1[127.0.0.1]:10024, conn_use=5, delay=77, delays=44/19/0.02/13, dsn=2.7.0, status=sent (250 2.7.0 Ok, discarded, id=23117-01-5 - SPAM)

    It got discarded cool. Why even reach the INBOX.
    Last edited by priyadarsanroy; 04-13-2010 at 04:52 AM. Reason: Added more detail

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Recover the mail after the crash HDD
    By MrSnaKe in forum Administrators
    Replies: 3
    Last Post: 12-02-2009, 04:38 AM
  2. [SOLVED] parts_decode_ext error
    By jsabater in forum Administrators
    Replies: 7
    Last Post: 10-13-2008, 07:24 AM
  3. Big Fubar on 5 FOSS GA Upgrade
    By uxbod in forum Administrators
    Replies: 24
    Last Post: 01-21-2008, 03:37 AM
  4. Can't start Zimbra!
    By zibra in forum Administrators
    Replies: 5
    Last Post: 03-22-2007, 11:34 AM
  5. huge log size
    By rmvg in forum Administrators
    Replies: 5
    Last Post: 01-02-2007, 10:39 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •