Suppose i receive an email from user@sample.com
If sample.com have a SPF or DKIM I can be sure that email come from sample.com
But if it have no DKIM and no SPF i think there is another way to get some Others
set type=mx
mail.sample.com 212.33.56.77
mail2.sample.com 113.64.61.14
I need a rule that be matched if a mail of sample.com come from 212.33.56.77 or 113.64.61.14
Is it possible ?
Better will be classC sender.com from 212.33.56 or 113.64.61 so if they use an outgoing server on the same class it is also matched
Thx
Nicola
a way to say if it received from authorized MX
-
- Posts: 388
- Joined: 23 Apr 2015 09:45
-
- Posts: 388
- Joined: 23 Apr 2015 09:45
SOLVED Re: a way to say if it received from authorized MX
I wrote this simple plugin, mxpf
This plugin search B class of sender Ip Address and try to match B class of any Ip of mx records of declared domain
So when it match is very difficolut that sender is a spoofed domain, you can use MXPF_PASS to combine with other rules in addition to SPF_PASS
1) Unpack mxpf.cf and mxpf.pm under /etc/mail/spamassassin dir
2) put your score in mxpf.cf
This plugin search B class of sender Ip Address and try to match B class of any Ip of mx records of declared domain
So when it match is very difficolut that sender is a spoofed domain, you can use MXPF_PASS to combine with other rules in addition to SPF_PASS
1) Unpack mxpf.cf and mxpf.pm under /etc/mail/spamassassin dir
2) put your score in mxpf.cf
- Attachments
-
- mxpf.zip
- (1.55 KiB) Downloaded 289 times