Dear, I have Zimbra 8.6 and I want to implement SPF for incoming mails.
I've just tried with SPF through cbpolicy but it doesn't work for me.
Is there any way to implement SPF for incoming mails without cbpolicyd? Maybe with any perl script downloable as RPM package or what is the easiest option ???
My goal is to reject ilegitime incoming mails from Internet, including mails from @mydomain to @mydomain.
Special thanks in advance.
Greetings !!!
Best ways to implement SPF for incoming mails
-
- Posts: 20
- Joined: Sun May 06, 2018 10:48 pm
- pup_seba
- Outstanding Member
- Posts: 687
- Joined: Sat Sep 13, 2014 2:43 am
- Location: Tarragona - Spain
- Contact:
Re: Best ways to implement SPF for incoming mails
Hi,
I understand your struggle most of the docs I've seen for Zimbra talk about how to configure your own DNS SPF records, but they do not explain (or at least I did not see them) for you to make sure you are verifying the SPF records of people sending mail to you.
Maybe there is some easier way...most likely something at a postfix level itself, but I'm not aware of it. So my suggestion would be to use spamassassin filters. If you want to see the SPF filters, you could just:
grep -iR spf /opt/zimbra/data/spamassassin/.
That will return all the scores related to SPF filters. My guess is that you should modify the score for this filter "SPF_FAIL". To modify the scores, follow this guide: https://wiki.zimbra.com/wiki/Anti-spam_Strategies
Basically, you need to create the file /opt/zimbra/data/spamassassin/localrules/sauser.cf
Then, just edit that file and add this to modify the default score for that particular rule:
score SPF_FAIL 10
Then, restart your amavis with "zmamavisctl restart" to apply changes.
Now, everytime a mail sent to you, fail the spf check, your spamassassin will add 10 points to it, which will render that mail spam, (default spam tag score is 6,6).
Again, this is my approach on how to handle SPF checks...maybe there are better ways to do it (using postfix would be better imho), but this is the one I could think or find for Zimbra. I'll keep an eye on this thread just in case someone wants to share a better way to do this.
I understand your struggle most of the docs I've seen for Zimbra talk about how to configure your own DNS SPF records, but they do not explain (or at least I did not see them) for you to make sure you are verifying the SPF records of people sending mail to you.
Maybe there is some easier way...most likely something at a postfix level itself, but I'm not aware of it. So my suggestion would be to use spamassassin filters. If you want to see the SPF filters, you could just:
grep -iR spf /opt/zimbra/data/spamassassin/.
That will return all the scores related to SPF filters. My guess is that you should modify the score for this filter "SPF_FAIL". To modify the scores, follow this guide: https://wiki.zimbra.com/wiki/Anti-spam_Strategies
Basically, you need to create the file /opt/zimbra/data/spamassassin/localrules/sauser.cf
Then, just edit that file and add this to modify the default score for that particular rule:
score SPF_FAIL 10
Then, restart your amavis with "zmamavisctl restart" to apply changes.
Now, everytime a mail sent to you, fail the spf check, your spamassassin will add 10 points to it, which will render that mail spam, (default spam tag score is 6,6).
Again, this is my approach on how to handle SPF checks...maybe there are better ways to do it (using postfix would be better imho), but this is the one I could think or find for Zimbra. I'll keep an eye on this thread just in case someone wants to share a better way to do this.
-
- Posts: 20
- Joined: Sun May 06, 2018 10:48 pm
Re: Best ways to implement SPF for incoming mails
Dear all, thank yu for yor advice.
Sebastan Greco, special thansk for you....now I will follow what yuo say.
Best regards !!!
Sebastan Greco, special thansk for you....now I will follow what yuo say.
Best regards !!!