Hello all,
Can same one please help me with some guide or help to setup openspf in my zimbra box ??
Thanks in advance
LinkBack URL
About LinkBacks
Junior Member
open spf
Hello all,
Can same one please help me with some guide or help to setup openspf in my zimbra box ??
Thanks in advance
Zimlet Guru & Moderator
Which in particular? Do you want to utilize SPF as a server (advertise your appropriate servers, so other mail hosts can check for spoofing) or as a client (check to see if mail coming to you is spoofed?)Originally Posted by mirner
Junior Member
spf
Hi lostKnight,
Yes as a client.
thanks
Former Zimbran
Do you host your own DNS, or do you have a company that does it for you.
If you have someone that does it for you, you're gonna need them to add the record.
It really has nothing to do with Zimbra itself.
Project Contributor
Check wiki. It's very EASY to do. ;-)
http://wiki.zimbra.com/index.php?tit...ti-spam_system
Zimbra Consultant & Moderator
Just a quick question about your wiki article. In that article you have the following addition to spamassassin config file local.cf:
I vaguely understand what those settings are for but if you're using the 50_scores.cf file does that override your settings in local.cf?Code:score SPF_FAIL 10.000 score SPF_HELO_FAIL 10.000
The settings in 50_scores.cf are a lot different than yours:
Which are the more effective, yours or the ones above? Any pointers to a tutorial on those settings so I can read-up a bit more?Code:# SPF # Note that the benefit for a valid SPF record is deliberately minimal; it's # likely that more spammers would quickly move to setting valid SPF records # otherwise. The penalties for an *incorrect* record, however, are large. ;) ifplugin Mail::SpamAssassin::Plugin::SPF score SPF_PASS -0.001 score SPF_HELO_PASS -0.001 # <gen:mutable> score SPF_FAIL 0 1.333 0 1.142 score SPF_HELO_FAIL 0 score SPF_HELO_NEUTRAL 0 score SPF_HELO_SOFTFAIL 0 2.078 0 2.432 score SPF_NEUTRAL 0 1.379 0 1.069 score SPF_SOFTFAIL 0 1.470 0 1.384 # </gen:mutable> endif # Mail::SpamAssassin::Plugin::SPF
Regards
Bill
Project Contributor
Settings in local.cf override those in 50_scores.cf
Those modified are really effective against bad spammers that pretend to be from a non authorized domain (for example those spam claiming to come from @hotmail.com or others). With a score of 10 you will always get SPAM flag for this emails.Which are the more effective, yours or the ones above? Any pointers to a tutorial on those settings so I can read-up a bit more?
However, there are MANY misconfigured SPF records. I argue that if you define a SPF record for your domain, DO IT WELL. It's better not to use that use it bad. So I penalize a lot these errors. However, others can argue that having a bad system administrator is not reason enough to tag email from these domains as spam and prefer a lower score.
At these moment, having my anti-spam system very well tuned, I have lower ed these values to 3.0. That is, you get 50% spam chance, but if the email has no other spam score, it will pass without being tagged as spam.
So, the response is: it's more effective raising level over 6.0, but you could get false positives.
Zimbra Consultant & Moderator
Thanks for the quick reply. A bit more reading methinks before I implement it.
Regards
Bill
New Member
My understanding on how to implement SPF
OK. This is my understanding of implement SPF.
On outgoing side, nothing to do with zimbra, just put a TXT record in your DNS of your domain. The following link from Microsoft could help you to create this TXT/SPF record.
Sender ID Framework SPF Record Wizard
For simplest case, just use A record, MX record and PTR record for SPF. That means I only send out email from our mail server (MX) and other servers listed on A and PTR records.
v=spf1 a mx ptr ~all
How about I send an email from my home to my email server, and in turn to outside world? Will other outside email servers, with SPF on, block my email, because my home IP address is not listed in A / PTR record? I believe not, since my email server is in MX record. But I need you to confirm this.
On incoming side, as mentioned in this wiki page, "Spamassassin Config" section, open your spamassassin config at /opt/zimbra/conf/spamassassin/local.cf and add this rules at the end (customize it at your own):
ok_languages en es
ok_locales en es
trusted_networks 127. 10.70. 192.168.
use_bayes 1
skip_rbl_checks 0
use_razor2 1
#use_dcc 1 <<< WORK IN PROGRESS
use_pyzor 1
dns_available yes
## Optional Score Increases
## Choose your preferred values...
score DCC_CHECK 4.000
score SPF_FAIL 6.000
score SPF_HELO_FAIL 6.000
score RAZOR2_CHECK 2.500
score PYZOR_CHECK 2.500
score BAYES_99 4.300
score BAYES_90 3.500
score BAYES_80 3.000
bayes_ignore_header Received: from mail.mydomain.com
bayes_ignore_header Received: from localhost
bayes_ignore_header Received: from mail.my2nd_domain.net
Is this all I need to do for a simple case - like one Zimbra email server for both incoming and outgoing. Two domains on this email server: mydomain.com and my2nd_domain.net
Thanks,
Herbert Yu
Active Member
What parameters i must use for filtered spam?
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
