Hello,
I am looking at mail received from pobox.sk (freemail currently belongs to
under centrum.sk).
the mail came from centrum.sk servers, hitting:
FREEMAIL_FROM - okay
SPOOFED_FREEMAIL - why?
I understand pobox.sk seems to have no SPF nor DKIM records, how does SA
check if it's spoofed?
does it implicitly assume that the mail is spoofed in this case?
meta SPOOFED_FREEMAIL __SPOOFED_FREEMAIL && !__FS_SUBJ_RE && !__freemail_safe && !__DOS_HAS_LIST_ID && !__HAS_X_MAILING_LIST && !__HAS_X_REF && !__HAS_THREAD_INDEX && !__HDRS_LCASE_KNOWN && !__FSL_RELAY_GOOGLE
meta __SPOOFED_FREEMAIL !__NOT_SPOOFED && FREEMAIL_FROM
if !(!plugin(Mail::SpamAssassin::Plugin::DKIM))
ifplugin Mail::SpamAssassin::Plugin::SPF
meta __NOT_SPOOFED SPF_PASS || DKIM_VALID || !__LAST_EXTERNAL_RELAY_NO_AUTH || ALL_TRUSTED # yes DKIM, yes SPF
endif
endif
--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
One OS to rule them all, One OS to find them,
One OS to bring them all and into darkness bind them
I am looking at mail received from pobox.sk (freemail currently belongs to
under centrum.sk).
the mail came from centrum.sk servers, hitting:
FREEMAIL_FROM - okay
SPOOFED_FREEMAIL - why?
I understand pobox.sk seems to have no SPF nor DKIM records, how does SA
check if it's spoofed?
does it implicitly assume that the mail is spoofed in this case?
meta SPOOFED_FREEMAIL __SPOOFED_FREEMAIL && !__FS_SUBJ_RE && !__freemail_safe && !__DOS_HAS_LIST_ID && !__HAS_X_MAILING_LIST && !__HAS_X_REF && !__HAS_THREAD_INDEX && !__HDRS_LCASE_KNOWN && !__FSL_RELAY_GOOGLE
meta __SPOOFED_FREEMAIL !__NOT_SPOOFED && FREEMAIL_FROM
if !(!plugin(Mail::SpamAssassin::Plugin::DKIM))
ifplugin Mail::SpamAssassin::Plugin::SPF
meta __NOT_SPOOFED SPF_PASS || DKIM_VALID || !__LAST_EXTERNAL_RELAY_NO_AUTH || ALL_TRUSTED # yes DKIM, yes SPF
endif
endif
--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
One OS to rule them all, One OS to find them,
One OS to bring them all and into darkness bind them