Results 1 to 10 of 12

Thread: SPF checks not being made?

Hybrid View

  1. #1
    Join Date
    Feb 2013
    Posts
    17
    Rep Power
    2

    Default SPF checks not being made?

    Hi guys

    vanilla installs of 8.0.2. on both CentOS (unsupported) and Ubuntu (supported).

    Although there is lots of google history showing that SPF has to be installed/enabled in SpamAssassin, I believe that was for the older versions of Zimbra, and that recent versions have SPF checking enabled by default.

    We were first alerted to SPF not working correctly when we received a load of spam from "ourselves" ;-)

    Having looked into it further, we *never* see any SPF_FAIL or SPF_PASS tests in the X-Spam headers.

    I have spent all day looking into this and can see that SPF is installed:

    Feb 20 17:36:22 zimbra-2 amavis[3377]: Module Mail::SPF 2.008
    Feb 20 17:36:22 zimbra-2 amavis[3377]: SA dbg: config: read file /opt/zimbra/conf/spamassassin/25_spf.cf
    Feb 20 17:36:22 zimbra-2 amavis[3377]: SA dbg: config: read file /opt/zimbra/conf/spamassassin/60_whitelist_spf.cf

    Its a vanilla ZCS install with no options changed, so AntiSpam (SpamAssassin) is enabled in the admin UI.

    Nothing fancy on the networking side either, its a VM running on a single interface with internet IP. Its not being proxied to or anything. Its MTA trusted networks is default ie itself (via 127.0.0.0/8 and its own IP address).

    I don't know why but just cannot see any evidence of SPF checking being made. Ideas ?

  2. #2
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,587
    Rep Power
    58

    Default

    It works for me with a standard ZCS install and no modifications:

    Code:
    X-Spam-Status: No, score=-3.541 tagged_above=-10 required=5
    	tests=[BAYES_00=-1.9, LOTS_OF_MONEY=0.001, RCVD_IN_DNSWL_LOW=-0.7,
    	RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-1,
    	SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_BIG_HEADERS_2K=0.01,
    	T_FSL_HAS_TINYURL=0.01, T_FSL_HELO_NON_FQDN_2=0.01,
    	T_HEADER_FROM_DIFFERENT_DOMAINS=0.01, T_HK_MUCHMONEY=0.01,
    	T_LONG_HEADER_LINE_80=0.01, T_NOT_A_PERSON=-0.01,
    	T_TVD_PH_BODY_ACCOUNTS_POST=0.01, T_TVD_PH_BODY_META_ALL=0.01,
    	T_URL_SHORTENER=0.01] autolearn=ham
    Do you have SPF records for your own server & domain?
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  3. #3
    Join Date
    Feb 2013
    Posts
    17
    Rep Power
    2

    Default

    Hi Bill

    fresh install, test email to the default admin@host account created and...

    X-Spam-Status: No, score=-2.987 tagged_above=-10 required=6.6
    tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
    DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001,
    RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01,
    RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-1, TVD_SPACE_RATIO=0.001,
    T_BIG_HEADERS_2K=0.01, T_FSL_HELO_NON_FQDN_2=0.01,
    T_LONG_HEADER_LINE_160=0.01, T_LONG_HEADER_LINE_400=0.01,
    T_LONG_HEADER_LINE_80=0.01, T_RCD_RDNS_SERVER=-0.01,
    T_RCD_RDNS_SERVER_MESSY=-0.01] autolearn=ham

    different tests to yours though, why is that ?

    SPF records are indeed in place for our own domains, but you mention "server". Do we need to create an SPF record for the server itself ? (its a meaningless infrastructure hostname of zimbra-x.somedomain.net) ?

  4. #4
    Join Date
    Feb 2013
    Posts
    17
    Rep Power
    2

    Default

    So - anyone any ideas on how to even begin debugging this ?

  5. #5
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,587
    Rep Power
    58

    Default

    Quote Originally Posted by cronos View Post
    fresh install, test email to the default admin@host account created and...
    A 'test email' from where, internal or external?

    Quote Originally Posted by cronos View Post
    X-Spam-Status: No, score=-2.987 tagged_above=-10 required=6.6
    tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
    DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001,
    RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01,
    RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-1, TVD_SPACE_RATIO=0.001,
    T_BIG_HEADERS_2K=0.01, T_FSL_HELO_NON_FQDN_2=0.01,
    T_LONG_HEADER_LINE_160=0.01, T_LONG_HEADER_LINE_400=0.01,
    T_LONG_HEADER_LINE_80=0.01, T_RCD_RDNS_SERVER=-0.01,
    T_RCD_RDNS_SERVER_MESSY=-0.01] autolearn=ham

    different tests to yours though, why is that ?
    That would be because they're different emails.

    Quote Originally Posted by cronos View Post
    SPF records are indeed in place for our own domains, but you mention "server". Do we need to create an SPF record for the server itself ? (its a meaningless infrastructure hostname of zimbra-x.somedomain.net) ?
    I meant for the server that's hosting your domain.

    Have you actually tried any of the many SPF checking services available on the internet to verify the validity of your SPF records?
    Last edited by phoenix; 02-22-2013 at 04:16 AM.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  6. #6
    Join Date
    Feb 2013
    Posts
    17
    Rep Power
    2

    Default

    The test email was from an external source. As for SPF checking services, these would be for the sender, not our own domain or receiving mailserver.

    The bottom line is that it shouldn't matter whether you have SPF in place or not for our domain - the server should be performing SPF checks on incoming email, which it isn't. I have no idea why and putting spamassassin into debug mode shows us nothing either. Most odd.

  7. #7
    Join Date
    Feb 2013
    Posts
    17
    Rep Power
    2

    Default

    Right, just done a vanilla install of ubuntu.

    1. installed the package dependencies (netcat, sqlite etc etc)
    2. Downloaded zcs-NETWORK-8.0.2_GA_5569.UBUNTU12_64.20121210115144.tgz
    3. Run installer, defaults chosen. Set admin password and license file.

    at which point the server is then ready to receive emails for the default admin@hostname user thats setup. So I send in an email from an external personal account to here, plus also our exchange box as I know that does SPF checks.

    The exchange box (obviously I've changed the details):
    Received-SPF: Pass (mx-1.ourdomain.xxx: domain of lee@mydomain designates xx.xx.xx.xx as permitted sender)

    The zimbra box
    X-Spam-Status: No, score=-2.541 tagged_above=-10 required=6.6
    tests=[ALL_TRUSTED=-1, BAYES_00=-1.9, DKIM_SIGNED=0.1,
    DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001,
    MIME_HTML_MOSTLY=0.428, T_BIG_HEADERS_3K=0.01,
    T_LONG_HEADER_LINE_80=0.01, T_UNKNOWN_ORIGIN=0.01]

    No SPF results ?

Similar Threads

  1. Header Checks
    By aj_calderon in forum Spanish
    Replies: 0
    Last Post: 08-06-2012, 11:32 PM
  2. Can`t disable protocol checks
    By plastilin in forum Administrators
    Replies: 2
    Last Post: 01-22-2010, 03:03 AM
  3. Zimbra consistency checks?
    By dspillett in forum Administrators
    Replies: 1
    Last Post: 05-25-2008, 03:22 PM
  4. EHLO Header Checks
    By clayway in forum Administrators
    Replies: 1
    Last Post: 01-10-2008, 11:31 AM
  5. Outlook checks zdb file very often
    By chh in forum Zimbra Connector for Outlook
    Replies: 6
    Last Post: 02-13-2007, 12:54 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •