• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Question Block IP via SPF local rules

J

Jose Maria Sarachaga

New Pleskian
Server operating system version
Ubuntu 20.04.5 LTS
Plesk version and microupdate number
Plesk Obsidian 18.0.47 Update #5
Hello everyone

I'd like to block incoming email from certain IP's via SPF local rules in Plesk. Currently i'm blocking these IP's via Plesk Firewall and is working fine, BUT i have no trace of it.
By blocking on Firewall the connection is never established nor logged, and if i could block via SPF local rules it would get logged.

Reading about SPF record syntax i see "include" and "+ip4" keywords, and at the very end "-all", but i can't find something like "-ip4:x.x.x.x" or "exclude:x.x.x.x".

Since this email server has very strict policies among SPF, DKIM and firewall rules, sometimes i have the problem of legit emails not coming in (new senders) because they don't care about mail authentication/reputation/security/spf so i need to have more information on the failed delivery to explain the customer/sender why emails are not getting in.

Correct email configuration is underrated, there's a lack of knowledge of many people and rather take the time to make my customer's customers get things right. I rather struggle with this than struggle with ransomware or leakage.

Any hints?
 
SPF only allows to specify which servers are authorized to send email for a specific domain. There is no mechanism within SPF that allows for blocking of specific IP addresses or domains. Other than a firewall, which you are already using, I have no alternative suggestions for you.

Jose Maria Sarachaga said:
Correct email configuration is underrated, there's a lack of knowledge [...]
Click to expand...
Sadly I feel this is true :(
 
Jose Maria Sarachaga said:
Hello everyone

I'd like to block incoming email from certain IP's via SPF local rules in Plesk. Currently i'm blocking these IP's via Plesk Firewall and is working fine, BUT i have no trace of it.
By blocking on Firewall the connection is never established nor logged, and if i could block via SPF local rules it would get logged.
Click to expand...

That's to me the main problem of the firewall, that it doesn't log anything. Several customers complain about the relatively minor spam attacks they get without knowing the ammount of stuff that doesn't get through, and we can't present them with any evidence otherwise.

Sadly I dont' have an answer to the original question, but maybe a combination of custom SPF and SpamAssassin rules could work? Maybe someone with better understanding of those tools could help.
 
JVG said:
Sadly I dont' have an answer to the original question, but maybe a combination of custom SPF and SpamAssassin rules could work? Maybe someone with better understanding of those tools could help.
Click to expand...
Just a note that in our Warden Anti-spam and Virus protection 3.0 release we added the ability to reject IP addresses or CIDRs at the SMTP level. Take a look at the Mail Server Access section in our announcement:

 
JVG said:
maybe a combination of custom SPF and SpamAssassin rules could work? Maybe someone with better understanding of those tools could help.
Click to expand...
Oops! I meant SpamAssassin custom rule and fail2ban custom filter, one for logging and the other for blocking based on the logged entry.
 
You must log in or register to reply here.

Similar threads

P
Issue SPF error sending IP 127.0.0.1
Replies
8
Views
2K
Peter Debik
P
gennolo
Issue Cannot update an existing firewall rule to allow all ips
Replies
2
Views
608
gennolo
gennolo
K
Question Spam???
Replies
1
Views
171
Peter Debik
P
M
Issue Can't open Port 25. Please help
Replies
2
Views
350
mhogue
M
gennolo
Resolved Cannot update an existing firewall rule to allow all ips
Replies
3
Views
885
gennolo
gennolo
Back
Top