Question Lots of incoming spam with Plesk Email Security Pro 1.1.0

[obendev]

Hey, we just uninstalled Plesk Email Security and upgraded / reinstalled Plesk Email Security Pro.
Now my customers get lots of spam and I can confirm this. For example: I've set a local Windows Email Server and I'm sending from a domain that has spf set to v=spf1 include:spf.protection.outlook.com -all and dmarc set to v=DMARC1; p=quarantine; pct=100, the MX is pointed to Outlook (Office 365) and still the Mail gets accepted.
This is the easiest email spoofing, how does Plesk Email Security not filter this?

X-Virus-Scanned: Debian amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: 1.405
X-Spam-Level: *
X-Spam-Status: No, score=1.405 tagged_above=-9999 required=3
    tests=[FSL_HELO_NON_FQDN_1=0.001, HELO_NO_DOMAIN=0.001,
    KHOP_HELO_FCRDNS=0.121, RDNS_DYNAMIC=0.363, SPF_FAIL=0.919]
    autolearn=no autolearn_force=no

Another line:

Received-SPF: fail (plesk.server.tld: domain of sender.tld does not designate 1.1.1.1 as permitted sender) client-ip=1.1.1.1; [email protected]; helo=LUCA-PC;
Received: from [127.0.0.1] (Luca-PC [127.0.0.1])
    by LUCA-PC with ESMTPA
    ; Tue, 28 Jul 2020 09:54:41 +0200

I obviously censored the domains and IP addresses, I changed my external IP address in the example to 1.1.1.1.

 

[obendev]

Sorry but this is getting ridiculous, now I've made up another test where I've sent a Email from [email protected] (The domain sdfljhbsfduzgfsdzb.de has no A-, nor a MX-Record) and even this Email gets accepted. It is just unacceptable. The spam filter shouldn't let any mails through with a domain that has no A- or MX-Record set.
The whole EMail

Return-Path: <[email protected]>
X-Original-To: [email protected]
Delivered-To: [email protected]
Received: from plesk.server.tld (localhost.localdomain [127.0.0.1])
    by plesk.server.tld (Postfix) with ESMTP id 3FFF614A346E
    for <[email protected]>; Tue, 28 Jul 2020 10:14:27 +0200 (CEST)
Authentication-Results: plesk.server.tld;
    dmarc=none (p=NONE sp=NONE) smtp.from=sdfljhbsfduzgfsdzb.de header.from=sdfljhbsfduzgfsdzb.de;
    spf=pass (sender IP is 127.0.0.1) [email protected] smtp.helo=plesk.server.tld
Received-SPF: pass (plesk.server.tld: localhost is always allowed.) client-ip=127.0.0.1; [email protected]; helo=plesk.server.tld;
X-Virus-Scanned: Debian amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: 1.366
X-Spam-Level: *
X-Spam-Status: No, score=1.366 tagged_above=-9999 required=3
    tests=[FROM_DOMAIN_NOVOWEL=0.5, FSL_HELO_NON_FQDN_1=0.001,
    HELO_NO_DOMAIN=0.001, KHOP_HELO_FCRDNS=0.121, NO_DNS_FOR_FROM=0.379,
    RDNS_DYNAMIC=0.363, SPF_NONE=0.001] autolearn=no autolearn_force=no
Received: from plesk.server.tld ([127.0.0.1])
    by plesk.server.tld (plesk.server.tld [127.0.0.1]) (amavisd-new, port 10024)
    with ESMTP id ykYtNNLJEj_0 for <[email protected]>;
    Tue, 28 Jul 2020 10:14:18 +0200 (CEST)
Received: from LUCA-PC (ip-1.1.1.1.hsi16.unitymediagroup.de [1.1.1.1])
    by plesk.server.tld (Postfix) with ESMTPS id 2EC6014A346A
    for <[email protected]>; Tue, 28 Jul 2020 10:14:18 +0200 (CEST)
Received-SPF: none (plesk.server.tld: no valid SPF record)
Received: from [127.0.0.1] (Luca-PC [127.0.0.1])
    by LUCA-PC with ESMTPA
    ; Tue, 28 Jul 2020 10:14:16 +0200
To: [email protected]
From: Max Mustermann <[email protected]>
Subject: Eine normale Nachricht
Message-ID: <[email protected]>
Date: Tue, 28 Jul 2020 10:14:16 +0200
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101
 Thunderbird/78.0.1
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit

 

[Viktor Vogel]

Hi!

SPF spam protection is a separate handler in Plesk. Please make sure to set the "Reject" option in "Tools & Settings" -> "Mail Server Settings" -> "SPF spam protection" -> "SPF checking mode":



We're working on improving the restrictions to stop such spam emails completely also directly via Plesk Email Security. Expect an update with the strict rules at the beginning of next week.

Cheers