• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

I need help enabling spf support

S

SwaJime

Guest
We have people sending us e-mails that appear to be from our domain, but are not. I am trying to block these e-mails.
I have not been able to get PLESK to check the SPF records of inbound e-mail. Any help will be much appreciated.

We have set up our SPF record in our DNS.

I am running a test case, wherein I am sending e-mail from [email protected] to [email protected], with the originating computer in an unauthorized ip range.

I expect the test e-mail to be blocked when PLESK attempts to verify the SPF record for the sending address.
My results though are unpleasing. The e-mail appears to go through with no checks being performed at all.

I've included at the end of this post the headers of the received test e-mail. Also, the qmail log for the transaction is included after the e-mail here.

You can see that our SPF record in DNS appears to be set up correctly by opening http://www.openspf.org/Why?s=mfrom&id=john%40oldradio.com&ip=207.13.78.13&r=verifier.port25.com in a web browser.

If you need more information, please let me know what is needed and I will provide it.

I have followed these steps:

Setting Up Support for Sender Policy Framework System
To set up support for Sender Policy Framework on your server:
1. Click the Server shortcut in the navigation pane.
2. Click the Mail icon in the Services group. The server-wide mail preferences screen will open on the Preferences tab.
3. Select the Switch on SPF spam protection check box and specify how to deal with e-mail:
* To accept all incoming messages regardless of SPF check results, select the Create only Received SPF-headers, never block option from the SPF checking mode drop-down box. This option is recommended.
* To accept all incoming messages regardless of SPF check results, even if SPF check failed due to DNS lookup problems, select the In case of DNS lookup problems, generate temporary errors option from the SPF checking mode drop-down box.
* To reject messages from senders who are not authorized to use the domain in question, select the option Reject mail if SPF resolves to fail from the SPF checking mode drop-down box.

These are the headers of the received test e-mail:

Received: (qmail 3807 invoked by uid 110); 10 Nov 2008 10:51:46 -0600
Delivered-To: [email protected]
Received: (qmail 3800 invoked from network); 10 Nov 2008 10:51:46 -0600
Received: from mailscanner.virtbiz.com (208.77.216.59) by dallas.oldradio.com with SMTP; 10 Nov 2008 10:51:46 -0600
Received: from smtp.tstar.net (smtp.tstar.net [207.13.78.13]) by mailscanner.virtbiz.com (8.13.1/8.11.6) with ESMTP id mAAGpiUH019396 for <[email protected]>; Mon, 10 Nov 2008 10:51:45 -0600
Received: from [192.168.1.10] (johnhibbs.wireless.tstar.net [205.247.111.216]) (authenticated bits=0) by smtp.tstar.net (8.13.6/8.13.6) with ESMTP id mAAGpkix003020 for <[email protected]>; Mon, 10 Nov 2008 10:51:47 -0600
Subject: testing oldradio from (unauthorized) tstar to dallas
From: John W. Simpson <[email protected]>
To: [email protected]
X-MX01-VIRTBIZ-COM-MailScanner: Not scanned: please contact your Internet E-Mail Service Provider for details, Not scanned: please contact your Internet E-Mail Service Provider for details
Content-Type: text/plain
Organization: SwaJime's Cove
Date: Mon, 10 Nov 2008 10:51:40 -0600
Message-Id: <1226335900.7799.342.camel@Ezekiel>
Mime-Version: 1.0
X-Mailer: Evolution 2.22.3.1
Content-Transfer-Encoding: 7bit
X-MX01-VIRTBIZ-COM-MailScanner-Information: Please contact the ISP for more information
X-MX01-VIRTBIZ-COM-MailScanner-From: [email protected]
X-Evolution-Source: imap://john%[email protected]/


testing oldradio from (unauthorized) tstar to dallas

And also, here is the qmail log of the event:
(note: a .qmail file redirects the message to [email protected], so the sudden change in the recipient's e-mail address from [email protected] to [email protected] is appropriate)

08315:10:51:41 john@dallas # Nov 10 10:51:46 dallas relaylock: /var/qmail/bin/relaylock: mail from 208.77.216.59:56979 (mailscanner.virtbiz.com)
Nov 10 10:51:46 dallas qmail-queue[3798]: mail: all addreses are uncheckable - need to skip scanning (by deny mode)
Nov 10 10:51:46 dallas qmail-queue[3798]: scan: the message(drweb.tmp.tahTHb) sent by [email protected] to [email protected] should be passed without checks, because contains uncheckable addresses
Nov 10 10:51:46 dallas qmail-queue-handlers[3799]: Handlers Filter before-queue for qmail started ...
Nov 10 10:51:46 dallas qmail-queue-handlers[3799]: [email protected]
Nov 10 10:51:46 dallas qmail-queue-handlers[3799]: [email protected]
Nov 10 10:51:46 dallas qmail-queue-handlers[3799]: hook_dir = '/var/qmail//handlers/before-queue'
Nov 10 10:51:46 dallas qmail-queue-handlers[3799]: recipient[3] = '[email protected]'
Nov 10 10:51:46 dallas qmail-queue-handlers[3799]: handlers dir = '/var/qmail//handlers/before-queue/recipient/[email protected]'
Nov 10 10:51:46 dallas qmail-queue-handlers[3799]: starter: submitter[3800] exited normally
Nov 10 10:51:46 dallas qmail: 1226335906.329419 new msg 7719692
Nov 10 10:51:46 dallas qmail: 1226335906.329593 info msg 7719692: bytes 1345 from <[email protected]> qp 3800 uid 2020
Nov 10 10:51:46 dallas qmail: 1226335906.503507 starting delivery 12: msg 7719692 to local [email protected]
Nov 10 10:51:46 dallas qmail: 1226335906.503732 status: local 1/10 remote 0/200
Nov 10 10:51:46 dallas qmail-local-handlers[3801]: Handlers Filter before-local for qmail started ...
Nov 10 10:51:46 dallas qmail-local-handlers[3801]: [email protected]
Nov 10 10:51:46 dallas qmail-local-handlers[3801]: [email protected]
Nov 10 10:51:46 dallas qmail-queue[3805]: mail: all addreses are uncheckable - need to skip scanning (by deny mode)
Nov 10 10:51:46 dallas qmail-queue[3805]: scan: the message(drweb.tmp.2B3enL) sent by [email protected] to [email protected] should be passed without checks, because contains uncheckable addresses
Nov 10 10:51:46 dallas qmail-queue-handlers[3806]: Handlers Filter before-queue for qmail started ...
Nov 10 10:51:46 dallas qmail-queue-handlers[3806]: [email protected]
Nov 10 10:51:46 dallas qmail-queue-handlers[3806]: [email protected]
Nov 10 10:51:46 dallas qmail-queue-handlers[3806]: hook_dir = '/var/qmail//handlers/before-queue'
Nov 10 10:51:46 dallas qmail-queue-handlers[3806]: recipient[3] = '[email protected]'
Nov 10 10:51:46 dallas qmail-queue-handlers[3806]: handlers dir = '/var/qmail//handlers/before-queue/recipient/[email protected]'
Nov 10 10:51:46 dallas qmail-queue-handlers[3806]: starter: submitter[3807] exited normally
Nov 10 10:51:46 dallas qmail: 1226335906.815188 new msg 7719924
Nov 10 10:51:46 dallas qmail: 1226335906.815356 info msg 7719924: bytes 1449 from <[email protected]> qp 3807 uid 110
Nov 10 10:51:46 dallas qmail: 1226335906.886960 starting delivery 13: msg 7719924 to local [email protected]
Nov 10 10:51:46 dallas qmail: 1226335906.887172 status: local 2/10 remote 0/200
Nov 10 10:51:46 dallas qmail: 1226335906.887321 delivery 12: success: did_0+1+2/qp_3805/
Nov 10 10:51:46 dallas qmail: 1226335906.887683 status: local 1/10 remote 0/200
Nov 10 10:51:46 dallas qmail: 1226335906.887856 end msg 7719692
Nov 10 10:51:46 dallas qmail-local-handlers[3808]: Handlers Filter before-local for qmail started ...
Nov 10 10:51:46 dallas qmail-local-handlers[3808]: [email protected]
Nov 10 10:51:46 dallas qmail-local-handlers[3808]: [email protected]
Nov 10 10:51:46 dallas qmail: 1226335906.954353 delivery 13: success: did_0+0+2/
Nov 10 10:51:46 dallas qmail: 1226335906.954492 status: local 0/10 remote 0/200
Nov 10 10:51:46 dallas qmail: 1226335906.954567 end msg 7719924
08315:10:51:41 john@dallas #
 
? spf checking is not functioning

Is this something that has been fixed in a newer release?


SwaJime said:
We have people sending us e-mails that appear to be from our domain, but are not. I am trying to block these e-mails.
I have not been able to get PLESK to check the SPF records of inbound e-mail. Any help will be much appreciated.

We have set up our SPF record in our DNS.

I am running a test case, wherein I am sending e-mail from [email protected] to [email protected], with the originating computer in an unauthorized ip range.

I expect the test e-mail to be blocked when PLESK attempts to verify the SPF record for the sending address.
My results though are unpleasing. The e-mail appears to go through with no checks being performed at all.

I've included at the end of this post the headers of the received test e-mail. Also, the qmail log for the transaction is included after the e-mail here.

You can see that our SPF record in DNS appears to be set up correctly by opening http://www.openspf.org/Why?s=mfrom&id=john%40oldradio.com&ip=207.13.78.13&r=verifier.port25.com in a web browser.

If you need more information, please let me know what is needed and I will provide it.

I have followed these steps:

Setting Up Support for Sender Policy Framework System
To set up support for Sender Policy Framework on your server:
1. Click the Server shortcut in the navigation pane.
2. Click the Mail icon in the Services group. The server-wide mail preferences screen will open on the Preferences tab.
3. Select the Switch on SPF spam protection check box and specify how to deal with e-mail:
* To accept all incoming messages regardless of SPF check results, select the Create only Received SPF-headers, never block option from the SPF checking mode drop-down box. This option is recommended.
* To accept all incoming messages regardless of SPF check results, even if SPF check failed due to DNS lookup problems, select the In case of DNS lookup problems, generate temporary errors option from the SPF checking mode drop-down box.
* To reject messages from senders who are not authorized to use the domain in question, select the option Reject mail if SPF resolves to fail from the SPF checking mode drop-down box.

These are the headers of the received test e-mail:

Received: (qmail 3807 invoked by uid 110); 10 Nov 2008 10:51:46 -0600
Delivered-To: [email protected]
Received: (qmail 3800 invoked from network); 10 Nov 2008 10:51:46 -0600
Received: from mailscanner.virtbiz.com (208.77.216.59) by dallas.oldradio.com with SMTP; 10 Nov 2008 10:51:46 -0600
Received: from smtp.tstar.net (smtp.tstar.net [207.13.78.13]) by mailscanner.virtbiz.com (8.13.1/8.11.6) with ESMTP id mAAGpiUH019396 for <[email protected]>; Mon, 10 Nov 2008 10:51:45 -0600
Received: from [192.168.1.10] (johnhibbs.wireless.tstar.net [205.247.111.216]) (authenticated bits=0) by smtp.tstar.net (8.13.6/8.13.6) with ESMTP id mAAGpkix003020 for <[email protected]>; Mon, 10 Nov 2008 10:51:47 -0600
Subject: testing oldradio from (unauthorized) tstar to dallas
From: John W. Simpson <[email protected]>
To: [email protected]
X-MX01-VIRTBIZ-COM-MailScanner: Not scanned: please contact your Internet E-Mail Service Provider for details, Not scanned: please contact your Internet E-Mail Service Provider for details
Content-Type: text/plain
Organization: SwaJime's Cove
Date: Mon, 10 Nov 2008 10:51:40 -0600
Message-Id: <1226335900.7799.342.camel@Ezekiel>
Mime-Version: 1.0
X-Mailer: Evolution 2.22.3.1
Content-Transfer-Encoding: 7bit
X-MX01-VIRTBIZ-COM-MailScanner-Information: Please contact the ISP for more information
X-MX01-VIRTBIZ-COM-MailScanner-From: [email protected]
X-Evolution-Source: imap://john%[email protected]/


testing oldradio from (unauthorized) tstar to dallas

And also, here is the qmail log of the event:
(note: a .qmail file redirects the message to [email protected], so the sudden change in the recipient's e-mail address from [email protected] to [email protected] is appropriate)

08315:10:51:41 john@dallas # Nov 10 10:51:46 dallas relaylock: /var/qmail/bin/relaylock: mail from 208.77.216.59:56979 (mailscanner.virtbiz.com)
Nov 10 10:51:46 dallas qmail-queue[3798]: mail: all addreses are uncheckable - need to skip scanning (by deny mode)
Nov 10 10:51:46 dallas qmail-queue[3798]: scan: the message(drweb.tmp.tahTHb) sent by [email protected] to [email protected] should be passed without checks, because contains uncheckable addresses
Nov 10 10:51:46 dallas qmail-queue-handlers[3799]: Handlers Filter before-queue for qmail started ...
Nov 10 10:51:46 dallas qmail-queue-handlers[3799]: [email protected]
Nov 10 10:51:46 dallas qmail-queue-handlers[3799]: [email protected]
Nov 10 10:51:46 dallas qmail-queue-handlers[3799]: hook_dir = '/var/qmail//handlers/before-queue'
Nov 10 10:51:46 dallas qmail-queue-handlers[3799]: recipient[3] = '[email protected]'
Nov 10 10:51:46 dallas qmail-queue-handlers[3799]: handlers dir = '/var/qmail//handlers/before-queue/recipient/[email protected]'
Nov 10 10:51:46 dallas qmail-queue-handlers[3799]: starter: submitter[3800] exited normally
Nov 10 10:51:46 dallas qmail: 1226335906.329419 new msg 7719692
Nov 10 10:51:46 dallas qmail: 1226335906.329593 info msg 7719692: bytes 1345 from <[email protected]> qp 3800 uid 2020
Nov 10 10:51:46 dallas qmail: 1226335906.503507 starting delivery 12: msg 7719692 to local [email protected]
Nov 10 10:51:46 dallas qmail: 1226335906.503732 status: local 1/10 remote 0/200
Nov 10 10:51:46 dallas qmail-local-handlers[3801]: Handlers Filter before-local for qmail started ...
Nov 10 10:51:46 dallas qmail-local-handlers[3801]: [email protected]
Nov 10 10:51:46 dallas qmail-local-handlers[3801]: [email protected]
Nov 10 10:51:46 dallas qmail-queue[3805]: mail: all addreses are uncheckable - need to skip scanning (by deny mode)
Nov 10 10:51:46 dallas qmail-queue[3805]: scan: the message(drweb.tmp.2B3enL) sent by [email protected] to [email protected] should be passed without checks, because contains uncheckable addresses
Nov 10 10:51:46 dallas qmail-queue-handlers[3806]: Handlers Filter before-queue for qmail started ...
Nov 10 10:51:46 dallas qmail-queue-handlers[3806]: [email protected]
Nov 10 10:51:46 dallas qmail-queue-handlers[3806]: [email protected]
Nov 10 10:51:46 dallas qmail-queue-handlers[3806]: hook_dir = '/var/qmail//handlers/before-queue'
Nov 10 10:51:46 dallas qmail-queue-handlers[3806]: recipient[3] = '[email protected]'
Nov 10 10:51:46 dallas qmail-queue-handlers[3806]: handlers dir = '/var/qmail//handlers/before-queue/recipient/[email protected]'
Nov 10 10:51:46 dallas qmail-queue-handlers[3806]: starter: submitter[3807] exited normally
Nov 10 10:51:46 dallas qmail: 1226335906.815188 new msg 7719924
Nov 10 10:51:46 dallas qmail: 1226335906.815356 info msg 7719924: bytes 1449 from <[email protected]> qp 3807 uid 110
Nov 10 10:51:46 dallas qmail: 1226335906.886960 starting delivery 13: msg 7719924 to local [email protected]
Nov 10 10:51:46 dallas qmail: 1226335906.887172 status: local 2/10 remote 0/200
Nov 10 10:51:46 dallas qmail: 1226335906.887321 delivery 12: success: did_0+1+2/qp_3805/
Nov 10 10:51:46 dallas qmail: 1226335906.887683 status: local 1/10 remote 0/200
Nov 10 10:51:46 dallas qmail: 1226335906.887856 end msg 7719692
Nov 10 10:51:46 dallas qmail-local-handlers[3808]: Handlers Filter before-local for qmail started ...
Nov 10 10:51:46 dallas qmail-local-handlers[3808]: [email protected]
Nov 10 10:51:46 dallas qmail-local-handlers[3808]: [email protected]
Nov 10 10:51:46 dallas qmail: 1226335906.954353 delivery 13: success: did_0+0+2/
Nov 10 10:51:46 dallas qmail: 1226335906.954492 status: local 0/10 remote 0/200
Nov 10 10:51:46 dallas qmail: 1226335906.954567 end msg 7719924
08315:10:51:41 john@dallas #
Click to expand...
 
spf check still not functioning.. more info

Is anybody else able to reproduce this?
Can anybody verify that this is or is not working on their system?
I really am stumped on this one. :-(

I'll add any more info that I can find that might help. If more information is needed please let me know.

I verified that /var/qmail/control/spfbehavior is set to 3:

08320:18:08:34 john@dallas # qmail-showctl | grep spf
spfbehavior: The SPF behavior is 3.
spfexp: (Default.) The SPF default explanation is: 550 See http://spf.pobox.com/why.html?sender=%{S}&ip=%{I}&receiver=%{xR}.
spfguess: (Default.) The guess SPF rules are: .
spfrules: (Default.) The local SPF rules are: .
08320:18:09:32 john@dallas #

The PLESK control panel has the following:
Server > Information on Plesk components
42 Components total
Component name Component version
awstats 6.5-2.swsoft
bind 9.2.4-28.el4
coldfusion Component was not installed
coldfusion-support Component was not installed
courier-imap 3.0.8-cos4.build83071218.20
drweb 4.33-rh5_psa
drweb-qmail 4.33-cos4.build83071218.20
frontpage 5.0-72psa.centos4.2
httpd 2.0.52-38.ent.centos4
mailman 2.1.5.1-34.rhel4.6
mod_bw Component was not installed
mod_perl 1.99_16-4.5
mod_python 3.1.3-5.1
mysql 4.1.20-3.RHEL4.1.el4_6.1
perl-Apache-ASP 2.57-cos4.build81070322.16
php 4.3.9-3.22.9
postgresql-server 7.4.17-1.RHEL4.1
psa 8.3.0-cos4.build83071218.20
psa-api-rpc 8.3.0-cos4.build83071224.15
psa-autoinstaller 3.3.0-build33071215.17
psa-backup-manager 8.3.0-cos4.build83071224.15
psa-horde 3.1.5-cos4.build83071218.20
psa-imp 4.1.5-cos4.build83071218.20
psa-logrotate 3.7-cos4.build83071218.20
psa-manual-custom-skin-guide 8.3.0-cos4.build83071218.20
psa-migration-manager 8.3.0-cos4.build83071224.15
psa-miva Component was not installed
psa-mod-fcgid-configurator 1.0-13
psa-proftpd 1.3.0-cos4.build83071218.20
psa-qmail 1.03-cos4.build83071218.20
psa-qmail-rblsmtpd 0.70-cos4.build83071218.20
psa-rubyrails-configurator 1.1.6-cos4.build81070322.16
psa-spamassassin 8.3.0-cos4.build83071218.20
psa-tomcat-configurator 8.3.0-cos4.build83071219.22
psa-turba 2.1.5-cos4.build83071218.20
ruby 1.8.5-200610081246
samba 3.0.25b-1.el4_6.4
sitebuilder Component was not installed
spamassassin 3.1.9-1.el4
SSHTerm 0.2.2-cos4.build81070322.16
tomcat 5.0.30-11jpp
webalizer 2.01_10-25
42 Components total
 
unresolved: spf check not operational

> At 08:21 PM 11/15/2008, John Wesley Simpson wrote
> >I've found this: http://qmail-spp.sourceforge.net/plugins/details/?id=37
> >It's a plugin that can be implemented without recompiling qmail.
> >It would be a replacement for PLESK's non-functional spf-check.
> >
> >--
> >John Wesley Simpson <[email protected]>
> >SwaJime's Cove

On Sun, 2008-11-16 at 23:05 -0700, Client wrote:
> Is plesk non-functional, or just not properly set up?

We currently have:
psa 8.3.0-cos4.build83071218.20
psa-qmail 1.03-cos4.build83071218.20
psa-qmail-rblsmtpd 0.70-cos4.build83071218.20

There is no source code for psa-qmail in the installation.

I inquired on the qmail mailing list regarding the spf patch available at http://www.saout.de/misc/spf/

On Sat, 2008-11-15 at 21:19 -0600, Kyle Wheeler wrote:
> On Saturday, November 15 at 08:07 PM, quoth John Wesley Simpson:
> > I am trying to add in the spf patch ...
> > My main concern is that my client's system has no sign of source code
> > for qmail or any qmail patches, or anything else for that matter.
>
> Oh, fun...
>
> > I picture myself downloading qmail source + 1 patch, and installing
> > it over what might be qmail + 29 other patches, and suddenly having
> > 28 unidentified missing patches... ? (quantities chosen at random)
> >
> > How can I see what patches have already been installed?
>
> The fact that you're asking that question reveals that you don't
> understand patches. A patch just modifies the source code. Every patch
> is merely a collection of changes to that source code. Every change
> may be the result of a single patch or may have been part of a larger
> patch that contained many changes. Once the source code is compiled
> into a binary executable, the only evidence you ever have of them
> (other than the original source code) is in how they affect the
> observable behavior of the binary. And once you lose the source code,
> there's virtually no way to know with any certainty what has changed.
> Imagine this: your server has been compromised by a hacker, and he has
> replaced most of the programs on your computer with new programs.
> Without the source code to those new programs, there is *NO* way to
> know what they really do. Does that make sense? The same thing is true
> of qmail, just as it is with any program. You can disassemble the
> binary to get some sense of what it does, but that won't tell you
> which patches were used, it'll only tell you what the end-result was.
>
> ~Kyle

So, I obviously don't know what patches are included in this version of psa-qmail, and therefore risk removing some important patch by attempting to install this spf patch.

Does anybody have a clue as to where to go from here?

jws
 
Forum search for "SPF" returns 0 results

By chance, I've found http://forum.swsoft.com/showthread.php?t=51749&highlight=spf in the forum, which now points me in the direction of PLESK's PSA being a plugin for spamassassin.

Interesting... All of the times that I have searched this forum for "spf", I have gotten ZERO results!

Ok... so I get the feeling that nobody has responded on this thread on the premise that the Thread originator had not searched the forum before posting...

At any rate I'm still puzzling through it.

It'd be nice if somebody just like said oh I dunno... "Hello"?

j
 
Still need help... spamassassin's spf plugin doesn't work

I've got spamassassin and spf enabled.

I do see headers for spamassassin.
I am expecting to see SPF headers in my inbound e-mail, and I am not seeing them.

These are the current settings:

08324:18:18:31 john@dallas # /usr/local/psa/bin/mailserver -i spf
SPF spam protection: on
SPF checking mode: Only create Received-SPF headers, never block
SPF local rules: include:spf.trusted-forwarder.org
SPF guess:
SPF explanation text: You message does not conform to SPF policies
08324:18:22:25 john@dallas # spamassassin.sh --info-server
Spam filter configuration for *@*.
Status true
Personal settings true
Hits required for spam 5.00
Modify spam mail subject true
Modify spam mail subject text ****~SPAM~****_SCORE_
Black list
================================
Server-wide black list:
White list
================================
Server-wide white list:
SUCCESS: Gathering server wide information complete.
08324:18:24:05 john@dallas # spamassassin.sh --info [email protected]
Spam filter configuration for [email protected].
Status true
Hits required for spam
What to do with spam mail sa_action_save
Modify spam mail subject true
Modify spam mail subject text
Black list
================================
Server-wide black list:
User's black list:
White list
================================
Server-wide white list:
User's white list:
SUCCESS: Gathering information for '[email protected]' complete.

This is from the maillog:

Nov 19 18:17:55 dallas spamd[25214]: spamd: got connection over /tmp/spamd_full.sock
Nov 19 18:17:55 dallas spamd[25214]: spamd: using default config for [email protected]: /var/qmail/mailnames/swajime.com/john/.spamassassin/user_prefs
Nov 19 18:17:55 dallas spamd[25214]: spamd: processing message <1227140274.1875.173.camel@Ezekiel> for [email protected]:110
Nov 19 18:17:56 dallas spamd[25214]: spamd: clean message (0.0/5.0) for [email protected]:110 in 0.4 seconds, 1194 bytes.
Nov 19 18:17:56 dallas spamd[25214]: spamd: result: . 0 - scantime=0.4,size=1194,[email protected],uid=110,required_score=5.0,rhost=localhost,raddr=127.0.0.1,rport=/tmp/spamd_full.sock,mid=<1227140274.1875.173.camel@Ezekiel>,autolearn=ham

This is the e-mail, from a source the spf check should not permit:

X-Spam-Checker-Version: SpamAssassin 3.1.9 (2007-02-13) on dallas.example.com
X-Spam-Level:
X-Spam-Status: No, score=0.0 required=5.0 tests=none autolearn=ham version=3.1.9
Received: (qmail 30760 invoked from network); 19 Nov 2008 18:17:55 -0600
Received: from mailscanner.virtbiz.com (208.77.216.59) by dallas.example.com with SMTP; 19 Nov 2008 18:17:55 -0600
Received: from smtp.tstar.net (smtp.tstar.net [207.13.78.13]) by mailscanner.virtbiz.com (8.13.1/8.11.6) with ESMTP id mAK0HqmR018327 for <[email protected]>; Wed, 19 Nov 2008 18:17:52 -0600
Received: from [192.168.1.10] (johnhibbs.wireless.tstar.net [205.247.111.216]) (authenticated bits=0) by smtp.tstar.net (8.13.6/8.13.6) with ESMTP id mAK0Huam009263 for <[email protected]>; Wed, 19 Nov 2008 18:17:56 -0600
Subject: 8. test spam
From: John W. Simpson <[email protected]>
To: John W. Simpson <[email protected]>
Content-Type: text/plain
Organization: SwaJime's Cove
Date: Wed, 19 Nov 2008 18:17:53 -0600
Message-Id: <1227140274.1875.173.camel@Ezekiel>
Mime-Version: 1.0
X-Mailer: Evolution 2.22.3.1
Content-Transfer-Encoding: 7bit
X-Evolution-Source: imap://john%[email protected]/


spam

j
 
You must log in or register to reply here.

Similar threads

D
Issue Problem to send email with Qmail 4.1.1
Replies
2
Views
1K
Hex
Hex
O
Resolved QMail mail qmail: 1546435851.424217 delivery 35: failure: Sorry,_I_couldn't_find_any_host_named_
Replies
3
Views
2K
Rodrigo G
R
J
Issue PHPMailer - X-PPP-Vhost header is changed to subscription-domain and causes DMARC reject
Replies
1
Views
4K
japjay
J
D
Resolved Qmail Cannot Receive Mail: Sorry,_no_mailbox_here_by_that_name._(#5.1.1)
Replies
2
Views
2K
DaveDoesStuff
D
M
Question Spam from localhost
Replies
9
Views
4K
PleskyStuff
P
Back
Top