a way to say if it received from authorized MX

Request and discuss new features you would like to have.
Post Reply
nicola.piazzi
Posts: 280
Joined: 23 Apr 2015 09:45

a way to say if it received from authorized MX

Post by nicola.piazzi » 08 Aug 2016 08:05

Suppose i receive an email from user@sample.com
If sample.com have a SPF or DKIM I can be sure that email come from sample.com

But if it have no DKIM and no SPF i think there is another way to get some Others

set type=mx
mail.sample.com 212.33.56.77
mail2.sample.com 113.64.61.14

I need a rule that be matched if a mail of sample.com come from 212.33.56.77 or 113.64.61.14
Is it possible ?

Better will be classC sender.com from 212.33.56 or 113.64.61 so if they use an outgoing server on the same class it is also matched
Thx
Nicola

nicola.piazzi
Posts: 280
Joined: 23 Apr 2015 09:45

SOLVED Re: a way to say if it received from authorized MX

Post by nicola.piazzi » 10 Aug 2016 09:55

I wrote this simple plugin, mxpf
This plugin search B class of sender Ip Address and try to match B class of any Ip of mx records of declared domain
So when it match is very difficolut that sender is a spoofed domain, you can use MXPF_PASS to combine with other rules in addition to SPF_PASS

1) Unpack mxpf.cf and mxpf.pm under /etc/mail/spamassassin dir
2) put your score in mxpf.cf
Attachments
mxpf.zip
(1.55 KiB) Downloaded 106 times

Post Reply