• We value your experience with Plesk during 2024
    Plesk strives to perform even better in 2025. To help us improve further, please answer a few questions about your experience with Plesk Obsidian 2024.
    Please take this short survey:

    https://pt-research.typeform.com/to/AmZvSXkx
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Question Block IP via SPF local rules

Server operating system version
Ubuntu 20.04.5 LTS
Plesk version and microupdate number
Plesk Obsidian 18.0.47 Update #5
Hello everyone

I'd like to block incoming email from certain IP's via SPF local rules in Plesk. Currently i'm blocking these IP's via Plesk Firewall and is working fine, BUT i have no trace of it.
By blocking on Firewall the connection is never established nor logged, and if i could block via SPF local rules it would get logged.

Reading about SPF record syntax i see "include" and "+ip4" keywords, and at the very end "-all", but i can't find something like "-ip4:x.x.x.x" or "exclude:x.x.x.x".

Since this email server has very strict policies among SPF, DKIM and firewall rules, sometimes i have the problem of legit emails not coming in (new senders) because they don't care about mail authentication/reputation/security/spf so i need to have more information on the failed delivery to explain the customer/sender why emails are not getting in.

Correct email configuration is underrated, there's a lack of knowledge of many people and rather take the time to make my customer's customers get things right. I rather struggle with this than struggle with ransomware or leakage.

Any hints?
 
SPF only allows to specify which servers are authorized to send email for a specific domain. There is no mechanism within SPF that allows for blocking of specific IP addresses or domains. Other than a firewall, which you are already using, I have no alternative suggestions for you.

Correct email configuration is underrated, there's a lack of knowledge [...]
Sadly I feel this is true :(
 
Hello everyone

I'd like to block incoming email from certain IP's via SPF local rules in Plesk. Currently i'm blocking these IP's via Plesk Firewall and is working fine, BUT i have no trace of it.
By blocking on Firewall the connection is never established nor logged, and if i could block via SPF local rules it would get logged.

That's to me the main problem of the firewall, that it doesn't log anything. Several customers complain about the relatively minor spam attacks they get without knowing the ammount of stuff that doesn't get through, and we can't present them with any evidence otherwise.

Sadly I dont' have an answer to the original question, but maybe a combination of custom SPF and SpamAssassin rules could work? Maybe someone with better understanding of those tools could help.
 
Sadly I dont' have an answer to the original question, but maybe a combination of custom SPF and SpamAssassin rules could work? Maybe someone with better understanding of those tools could help.
Just a note that in our Warden Anti-spam and Virus protection 3.0 release we added the ability to reject IP addresses or CIDRs at the SMTP level. Take a look at the Mail Server Access section in our announcement:

 
maybe a combination of custom SPF and SpamAssassin rules could work? Maybe someone with better understanding of those tools could help.
Oops! I meant SpamAssassin custom rule and fail2ban custom filter, one for logging and the other for blocking based on the logged entry.
 
Back
Top