SPF Rules?
Kevin Miller
Kevin_Miller at ci.juneau.ak.us
Tue Apr 4 22:02:05 IST 2006
There's two aspects of SPF. The first is your SPF records which are in
your DNS. The specify which domains are permitted to send mail claiming
to be from your domain. Essentially it's a list of computers authorized
to send on your behalf.
The other aspect is SPF records in other folks domains. For instance, I
have specific servers listed in my dns with SPF records. If someone out
in spam-land tries to send a message from bogus-server.ci.juneau.ak.us,
your server will look at the address, do a lookup on my dns servers for
the corresponding SPF record, note that the sending server isn't one of
the authorized servers and it will fail. In my case it's a hard fail
but many people set it to soft fail initially.
What you're seeing is spammers pretending to send from a domain that
isn't theirs. It appears to be working as advertised.
Not sure about the spam count question...
...Kevin
--
Kevin Miller Registered Linux User No: 307357
CBJ MIS Dept. Network Systems Admin., Mail Admin.
155 South Seward Street ph: (907) 586-0242
Juneau, Alaska 99801 fax: (907 586-4500
________________________________
From: mailscanner-bounces at lists.mailscanner.info
[mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Johnny
Stork
Sent: Tuesday, April 04, 2006 12:35 PM
To: mailscanner at lists.mailscanner.info
Subject: SPF Rules?
I finally got around to upgrading our MailScanner setup running on
RHES4, I first used the tarball for the clam/SA packages and then the
MailScanner rpm upgrade tarball. All seems fine and I am now trying to
go through and address various issues that I have not fully configured
yet. For now I am trying to understand how the SPF rules work. I know
very little about SPF or how it is implemented in mailscanner, but it
seems that almost all messages trigger this rule below? Is this normal
Score Rule Description
2.08 SPF_HELO_SOFTFAIL SPF: HELO does not match SPF record
(softfail)
Also, when I go to the Bayes Database Info section on MailWatch, I see
that the count for SPAM has been at 198 and even if I go to "Message
Operations" locate a definite SPAM message, click the SPAM box and the
"Learn" the SPAM count does not increase? But this is probably a
question for the MailWatch list
_______________________________
Johnny Stork
Information & Technology Manager
Provincial Blood Coordinating Office
604-806-8840
l
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060404/747970f8/attachment-0001.html
More information about the MailScanner
mailing list