"mxpf" [plugin]
-
- Posts: 389
- Joined: 23 Apr 2015 09:45
"mxpf" [plugin]
I wrote this simple plugin, mxpf
This plugin search B class of sender Ip Address and try to match B class of any Ip of mx records of declared domain
So when it match is very difficolut that sender is a spoofed domain, you can use MXPF_PASS to combine with other rules in addition to SPF_PASS
1) Unpack mxpf.cf and mxpf.pm under /etc/mail/spamassassin dir
2) put your score in mxpf.cf
This plugin search B class of sender Ip Address and try to match B class of any Ip of mx records of declared domain
So when it match is very difficolut that sender is a spoofed domain, you can use MXPF_PASS to combine with other rules in addition to SPF_PASS
1) Unpack mxpf.cf and mxpf.pm under /etc/mail/spamassassin dir
2) put your score in mxpf.cf
- Attachments
-
- mxpf.zip
- (1.55 KiB) Downloaded 332 times
Re: "mxpf" [plugin]
thanks, will test it. your default score was 0.20 - should the score not be negative? Just checking if I got this right: we want to give a bonus to emails where the sending IP is in the same b-class network as the MX, right?
Re: "mxpf" [plugin]
one more question. the description reads:
Does that mean this ONLY affects email domains without SPF or DKIM?# Mxpf helps to hit some non spoofed emails where the domain doesn't have SPF or DKIM
# It compare the B mask of sender ip with B mask of all mx records of domain
Re: "mxpf" [plugin]
Thanks, so only the description is misleading.
What about my other question:
What about my other question:
your default score was 0.20 - should the score not be negative?
-
- Posts: 389
- Joined: 23 Apr 2015 09:45
Re: "mxpf" [plugin]
mistake, correct it please
Re: "mxpf" [plugin]
How about checking if SPF and DKIM are correct first and only proceed with this test if they are not both correct. No point in awarding additional points if SPF and DKIM are already correct?nicola.piazzi wrote:NO, it is independent
something along the lines of:
Code: Select all
meta __MXPF_PASS (eval:check_pf() && SPF_PASS && DKIM_VALID_AU)
Re: "mxpf" [plugin]
this is what I made of mxpf.cf, testing now:
Code: Select all
# Mxpf helps to hit some non spoofed emails where the domain doesn't have SPF or DKIM
# It compares the B mask of sender ip with B mask of all mx records of domain
loadplugin Mail::SpamAssassin::Plugin::mxpf mxpf.pm
header __jacob_MXPF_PASS eval:check_pf()
meta _jacob_MXPF_PASS (__jacob_MXPF_PASS && !SPF_PASS && !DKIM_VALID)
score _jacob_MXPF_PASS -0.50
describe _jacob_MXPF_PASS Sender IP has same B-Class IP as a MX Record of Sender Domain
- shawniverson
- Posts: 3650
- Joined: 13 Jan 2014 23:30
- Location: Indianapolis, Indiana USA
- Contact:
Re: "mxpf" [plugin]
@nicola: maybe you should submit the latest version which checks against a C-class network and not B-class?
Re: "mxpf" [plugin]
ovizil,
if you check the code, nicola left in a comment on how to match class C addresses. There are two places you'd need to change if you want to change it yourself.
Everyone,
Does anyone have any experience with debugging spamassassin modules? I'd like to debug a spamassassin module, but I have no idea how to get useful debug information out of the system.
if you check the code, nicola left in a comment on how to match class C addresses. There are two places you'd need to change if you want to change it yourself.
Everyone,
Does anyone have any experience with debugging spamassassin modules? I'd like to debug a spamassassin module, but I have no idea how to get useful debug information out of the system.
Re: "mxpf" [plugin]
Found the answer. Invoke spamassassin from the command line against one of the messages in the message queues:
Code: Select all
spamassassin -D -t < /var/spool/MailScanner/quarantine/[date]/spam/[messageid] 2>&1 | vim -