a way to say if it received from authorized MX

Request and discuss new features you would like to have.
Post Reply
nicola.piazzi
Posts: 388
Joined: 23 Apr 2015 09:45

a way to say if it received from authorized MX

Post by nicola.piazzi »

Suppose i receive an email from user@sample.com
If sample.com have a SPF or DKIM I can be sure that email come from sample.com

But if it have no DKIM and no SPF i think there is another way to get some Others

set type=mx
mail.sample.com 212.33.56.77
mail2.sample.com 113.64.61.14

I need a rule that be matched if a mail of sample.com come from 212.33.56.77 or 113.64.61.14
Is it possible ?

Better will be classC sender.com from 212.33.56 or 113.64.61 so if they use an outgoing server on the same class it is also matched
Thx
Nicola
nicola.piazzi
Posts: 388
Joined: 23 Apr 2015 09:45

SOLVED Re: a way to say if it received from authorized MX

Post by nicola.piazzi »

I wrote this simple plugin, mxpf
This plugin search B class of sender Ip Address and try to match B class of any Ip of mx records of declared domain
So when it match is very difficolut that sender is a spoofed domain, you can use MXPF_PASS to combine with other rules in addition to SPF_PASS

1) Unpack mxpf.cf and mxpf.pm under /etc/mail/spamassassin dir
2) put your score in mxpf.cf
Attachments
mxpf.zip
(1.55 KiB) Downloaded 289 times
Post Reply