Results 1 to 9 of 9

Thread: [SOLVED] Does Zimbra check SPF records for incoming emails

Hybrid View

  1. #1
    Join Date
    Dec 2008
    Posts
    36
    Rep Power
    6

    Default [SOLVED] Does Zimbra check SPF records for incoming emails

    I do not think by default Zimbra checks for and verifies SPF records for incoming emails. I saw this link

    Improving Anti-spam system - Zimbra :: Wiki

    But it does not say anything about enabling SPF checks for Zimbra's Spam checker. Any pointers would be appreciated.

  2. #2
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,017
    Rep Power
    24

    Default

    Check /opt/zimbra/conf/spamassassin/init.pre as I do believe the plugin is enabled by default.

  3. #3
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,017
    Rep Power
    24

    Default

    If the following returns a error then you will need to install the Perl module
    Code:
    su - zimbra
    perl -e 'require Mail::SPF::Query'

  4. #4
    Join Date
    Dec 2008
    Posts
    36
    Rep Power
    6

    Default

    Hi uxbod,

    I cheked the file you mentioned and I saw that SPF was enabled. Then to install the necessary perl module going along with the wiki article

    Improving Anti-spam system - Zimbra :: Wiki

    I went and installed the perl module perl-Mail-SPF. Then when I did a zimbra restart I got this from zimbra logs

    Apr 13 13:14:56 ksp amavis[4866]: Module Mail::SPF v2.005

    This means that Amavis actually loaded the perl module. To test if SPF works I send an original email from my gmail ID and then I send an email forging the from address as gmail.com via telent to port 25. Both susseccfully landed up in my INBOX.

    I was expecting the second email with the forged from address email to land up in my Junk folder. For verfication I had repeated the same with my other domain which has SPF records added. The result was the same.

    Am I missing out something here or is Amavis not set properly to score emails with SPF negative email ID's.

  5. #5
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,017
    Rep Power
    24

    Default

    Would you please post the headers from both emails.

  6. #6
    Join Date
    Dec 2008
    Posts
    36
    Rep Power
    6

    Default

    The is the one from my original gmail id

    Email MIME Parts - x560qcme

    This is the one which I send as the fake from gmail

    Email MIME Parts - hr8jsny5

    And to test from my other doimain from the actual server

    Email MIME Parts - z8602wyp

    This one the forged one from the same domain

    Email MIME Parts - oti1kiwg

  7. #7
    Join Date
    Dec 2008
    Posts
    36
    Rep Power
    6

    Default

    Improving Anti-spam system - Zimbra :: Wiki

    I just read carefully the above article I will have to add

    score SPF_FAIL 10.000
    score SPF_HELO_FAIL 10.000

    to me local.sf to make spamassassin to make it start working. I will test this during non business hours since I will need a restart.

    I I wounder what is the difference between SPF_FAIL and SPF_HELO_FAIL!

  8. #8
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,017
    Rep Power
    24

    Default

    You could make those changes to both salocal.cf and salocal.cf.in. You would only need to perform
    Code:
    su - zimbra
    zmamavisdctl restart
    for it to pick up the new values.

  9. #9
    Join Date
    Dec 2008
    Posts
    36
    Rep Power
    6

    Default

    Yup that did the trick. Now it is working I tried to sent a fake email and the email never reached my inbox. I saw this from my logs

    Apr 13 17:20:06 ksp postfix/smtp[22753]: ACE3E7D2118: to=<priyadarsanroy@gmail.com>, orig_to=<pd@ksp.gov.in>, relay=127.0.0.1[127.0.0.1]:10024, conn_use=5, delay=77, delays=44/19/0.02/13, dsn=2.7.0, status=sent (250 2.7.0 Ok, discarded, id=23117-01-5 - SPAM)
    Apr 13 17:20:06 ksp postfix/smtp[22753]: ACE3E7D2118: to=<pd@ksp.gov.in>, relay=127.0.0.1[127.0.0.1]:10024, conn_use=5, delay=77, delays=44/19/0.02/13, dsn=2.7.0, status=sent (250 2.7.0 Ok, discarded, id=23117-01-5 - SPAM)

    It got discarded cool. Why even reach the INBOX.
    Last edited by priyadarsanroy; 04-13-2010 at 04:52 AM. Reason: Added more detail

Similar Threads

  1. Recover the mail after the crash HDD
    By MrSnaKe in forum Administrators
    Replies: 3
    Last Post: 12-02-2009, 03:38 AM
  2. [SOLVED] parts_decode_ext error
    By jsabater in forum Administrators
    Replies: 7
    Last Post: 10-13-2008, 07:24 AM
  3. Big Fubar on 5 FOSS GA Upgrade
    By uxbod in forum Administrators
    Replies: 24
    Last Post: 01-21-2008, 02:37 AM
  4. Can't start Zimbra!
    By zibra in forum Administrators
    Replies: 5
    Last Post: 03-22-2007, 11:34 AM
  5. huge log size
    By rmvg in forum Administrators
    Replies: 5
    Last Post: 01-02-2007, 09:39 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •