Page 1 of 2 12 LastLast
Results 1 to 10 of 18

Thread: Zimbra 8 SPF check

  1. #1
    snpz's Avatar
    snpz is offline Intermediate Member
    Join Date
    Mar 2009
    Location
    Riga, Latvia
    Posts
    23
    Rep Power
    6

    Default Zimbra 8 SPF check

    Hi!

    I have a Zimbra 8 setup. Everything works pretty smooth, but some of users started to complain that they are receiving SPAM e-mails from their own address.
    Looked at headers and found out that there is no record of SPF check.
    So the question is - does Zimbra 8 have SPF check enabled by default, or i have to enable/install it some how?!

    regards,
    Martins

  2. #2
    cecole1 is offline Junior Member
    Join Date
    Feb 2013
    Posts
    6
    Rep Power
    2

    Default

    SPF checking is not enabled by default. You need to enable policyd and then the check_spf module.

    As the Zimbra user, run the following commands:

    zmprov ms <YOUR SERVER FQDN> +zimbraServiceEnabled cbpolicyd
    zmlocalconfig -e cbpolicyd_module_checkspf=1


    After that is enabled, I would run a zmcontrol restart just for good measure. You can watch for CheckSPF events in the log at /opt/zimbra/log/cbpolicyd.log

    Check the following documentation for more info: Postfix Policyd - Zimbra :: Wiki

  3. #3
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,201
    Rep Power
    56

    Default

    SPF checking works for me and it's not necessary to use cbpolicyd for it. Here's the output of an email from google:

    Code:
    X-Spam-Status: No, score=-3.037 tagged_above=-10 required=5
    	tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
    	DKIM_VALID_AU=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25,
    	FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7,
    	RCVD_IN_MSPIKE_H2=-0.588, SPF_PASS=-0.001] autolearn=ham
    This is on a new install of ZCS 8.0.x and has had no changes made to it's configuration. Are you (the o/p) sure the sending server(s) have SPF records? As far as I know, if they don't you won't see anything.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  4. #4
    cecole1 is offline Junior Member
    Join Date
    Feb 2013
    Posts
    6
    Rep Power
    2

    Default

    That's only for anti-spam though, I believe he wants a hard reject for failed SPFs (which is what cbpolicyd will do).

    Here's an example:

    Code:
    [2013/06/14-07:09:37 - 5205] [CORE] INFO: module=CheckSPF, action=reject, host=209.211.73.60, helo=nacha.org, from=status-update@nacha.org, to=user@domain.com, reason=spf_fail

  5. #5
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,201
    Rep Power
    56

    Default

    Quote Originally Posted by snpz View Post
    So the question is - does Zimbra 8 have SPF check enabled by default, or i have to enable/install it some how?!
    Quote Originally Posted by cecole1 View Post
    That's only for anti-spam though,.....
    Yes, I know what it does.

    Quote Originally Posted by cecole1 View Post
    I believe he wants a hard reject for failed SPFs .......
    I didn't get that from the above quote but I'm sure he'll tell us soon enough.

    Quote Originally Posted by cecole1 View Post
    (which is what cbpolicyd will do).
    I also know what that does.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  6. #6
    cecole1 is offline Junior Member
    Join Date
    Feb 2013
    Posts
    6
    Rep Power
    2

    Default

    Quote Originally Posted by phoenix View Post
    Yes, I know what it does.
    I figured you would, I was just making a statement for others that don't know and are researching the topic.

  7. #7
    snpz's Avatar
    snpz is offline Intermediate Member
    Join Date
    Mar 2009
    Location
    Riga, Latvia
    Posts
    23
    Rep Power
    6

    Default

    Sorry - was out of the town all weekend
    phoenix - tried to send an email from gmail to user@domain.com
    here is a result:
    Code:
    Return-Path: snpz@gmail.com
    Received: from mail.domain.com (LHLO mail.domain.com) (XXX.XXX.XXX.XXX) by
     mail.domain.com with LMTP; Sun, 16 Jun 2013 20:02:40 +0300 (EEST)
    Received: from localhost (localhost.localdomain [127.0.0.1])
    	by mail.domain.com (Postfix) with ESMTP id E8F1911F333C
    	for <user@domain.com>; Sun, 16 Jun 2013 20:02:39 +0300 (EEST)
    X-Virus-Scanned: amavisd-new at mail.domain.com
    Received: from mail-pa0-f52.google.com (mail-pa0-f52.google.com [209.85.220.52])
    	by mail.domain.com (Postfix) with ESMTPS id E7BE811F32BB
    	for <user@domain.com>; Sun, 16 Jun 2013 20:02:33 +0300 (EEST)
    Received: by mail-pa0-f52.google.com with SMTP id kq13so2100801pab.25
            for <user@domain.com>; Sun, 16 Jun 2013 10:02:31 -0700 (PDT)
    DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
            d=gmail.com; s=20120113;
            h=mime-version:date:message-id:subject:from:to:content-type;
            bh=XUC/WqzzCtpfe+wa8ULPeLGpVCrcAxuCUFRiqgLyMmo=;
            b=iGBv21BmraMJ8NyBgXXAvqBvqJ0omWZ8hqOTdzK1M7EGOcjuufoJKp47d54FIPR/lY
             bMHIXj1HxHU9EOlW3tZL8z0eIuoupks9jD3GBAPjYY7sWX+uJAkCkCgutMWbCDxj8Pgg
             fiQMrAUlTNAIMOAT9H5BQQhqT+6ES3nW5+nECWBSIxbKIFZ9aiWBZOQ8ruJWNJ59XPti
             sglJdTRg6q+gy8ugNKYoTR/VhpEQthMDusSiRfKos45w4zyZmz5gFw/iIoK8SrYkcswl
             F6Z6AB06/9moTx0vjyHQim6cSvxKISP7BxNiNKXPRo3YMKtXlAKB4GH5rNIVoje1cVVG
             6Nyg==
    What am i missing?
    cecole1 - i want to stop spam, that is coming from my domain addresses. If SPF would be enabled by default, these spam mails would never go through. I guess
    Until now used this Improving Anti-spam system - Zimbra :: Wiki to improve antispam. Installed pyzor and razor2.

    Quote Originally Posted by phoenix View Post
    Yes, I know what it does.

    I didn't get that from the above quote but I'm sure he'll tell us soon enough.

    I also know what that does.

  8. #8
    snpz's Avatar
    snpz is offline Intermediate Member
    Join Date
    Mar 2009
    Location
    Riga, Latvia
    Posts
    23
    Rep Power
    6

    Default

    Quote Originally Posted by cecole1 View Post
    SPF checking is not enabled by default. You need to enable policyd and then the check_spf module.

    As the Zimbra user, run the following commands:

    zmprov ms <YOUR SERVER FQDN> +zimbraServiceEnabled cbpolicyd
    zmlocalconfig -e cbpolicyd_module_checkspf=1


    After that is enabled, I would run a zmcontrol restart just for good measure. You can watch for CheckSPF events in the log at /opt/zimbra/log/cbpolicyd.log

    Check the following documentation for more info: Postfix Policyd - Zimbra :: Wiki
    Tryed this with no luck, could not receive any e-mail, i guess, because of this in mail.log.
    Code:
    warning: connect to localhost:10031: Connection refused
    I have no Firewall installed.
    Code:
    lsof -i :10031
    shows nothing!
    Code:
    iptables -L -n
    Chain INPUT (policy ACCEPT)
    target     prot opt source               destination
    
    Chain FORWARD (policy ACCEPT)
    target     prot opt source               destination
    
    Chain OUTPUT (policy ACCEPT)
    target     prot opt source               destination
    Any idea?
    Last edited by snpz; 06-16-2013 at 10:48 AM.

  9. #9
    snpz's Avatar
    snpz is offline Intermediate Member
    Join Date
    Mar 2009
    Location
    Riga, Latvia
    Posts
    23
    Rep Power
    6

    Default

    phoenix, cecole1 - heeeeelp

  10. #10
    quanah is offline Zimbra Employee
    Join Date
    May 2007
    Location
    Zimbra
    Posts
    1,196
    Rep Power
    9

    Default

    If you run
    Code:
    zmprov ms <YOUR SERVER FQDN> +zimbraServiceEnabled cbpolicyd
    and then RESTART the server as advised above, you will most likely BREAK the initialization of the cbpolicyd DB, and nothing will work. That was bad advice.

    Specifically, you want to do:

    Code:
    zmprov ms <mta server FQDN> +zimbraServiceEnabled cbpolicyd
    zmlocalconfig -e cbpolicyd_module_checkspf=1
    In 2 minutes or less, zmconfigd will automatically initialize and enable cbpolicyd, and enable SPF checking.

    --Quanah
    Quanah Gibson-Mount
    Server Architect
    Zimbra, Inc
    --------------------
    Zimbra :: the leader in open source messaging and collaboration

Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Spell check and mullti language spell check
    By skipx in forum General Questions
    Replies: 3
    Last Post: 01-30-2013, 06:53 AM
  2. Replies: 1
    Last Post: 09-26-2012, 03:33 AM
  3. Zimbra Desktop Spelling Check on Mac OS
    By michel.goossens in forum General Questions
    Replies: 2
    Last Post: 07-27-2009, 07:00 AM
  4. [Zimbra 5] Chow to check user IP ?
    By seba22 in forum Administrators
    Replies: 1
    Last Post: 05-07-2008, 09:00 PM
  5. Zimbra spell check failed
    By Shrinivas in forum Installation
    Replies: 1
    Last Post: 04-03-2007, 04:14 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •