On Thu, 1 Jan 2009, Abraham Sanni wrote:
> How can I check spf record?
> Does it require any configuration?
>
> What does rDNS do?
Spoken like a true Exchange admin.
Here is what I think is going on, but remember I have no full mail header so
this is 100% guess. Or a bunch of guesses. In the order I thought of them, so
that might be the order to go try to find. Note, none are SPF related. SPF I
don't think is your issue from what you describe.
Your issue comes from accepting for local delivery on non existent local
addresses. Confirm that if "fred@mycompany.com" is not at your site, you aren't
accepting mail, but rather, are refusing delivery.
It might also be valuable to look at Exchange logs (if any) to see if people are
harvesting local addresses by probing the gateway. This would also be
identifyable if you give a separate server response to "nonexistent" as you do
to "existent" addresses to an external sender. If you do, and respond to the
sender telling them "such an so address does not exist at this location" then it
is possible the attackers have built over time a list of known people are your
site, and are sending to them. This really becomes a problem if you have an
external-facing expanded mail alias, so "employees@company.com" becomes 100000
people -- and then this is left external facing to be used. Or you have a lot
of employees forwarding mail from work to other accounts -- this also can then
result in mail being bounced as those forwards grow stale, and the
bounced-bounces start piling up. Or other edge case scenarios -- a large
attachment being refused someplace, but storing up multiple copies of a bounce
at your site, with a large BCC list, could be the reason you're seeing a bunch
of mail you can't account for.
All these things would be tested and eliminated by a person at your site called
an "email admin." They would have been done months before, before this problem
became so bad it could not be ignored. definitely before asking on a list
related to authenticating spam sending a question about how to prevent spam
receiving.
A full header is needed in all cases to fully diagnose, a full header of the
incident, as well as a server log might be helpful. If Exchange can provide.
Or, look into a product other than Exchange as your front-door gateway. Most of
the stuff you're seeing is Exchange configuration related, and your comment
about not knowing what rDNS does suggests strongly that you aren't really ready
to run a mail server on the internet. Outsourcing your local mail is also a
good option, to someone that has the ability to stop these problems without
spending your whole day on it.
The ability to point and click your way through an Exchange configuration is not
the same as having the ability to be a mail server admin. Perhaps you want to
hire someone that is, or perhaps you want to outsource. Or you can keep
learning yourself, hopefully your employer is patient.
Dave D
>
> Thanks,
> Abraham
>
> -----Original Message-----
> From: Rob MacGregor [mailto:rob.macgregor@gmail.com]
> Sent: Thursday, January 01, 2009 3:23 PM
> To: spf-help@v2.listbox.com
> Subject: Re: [spf-help] Spoofing
>
> On Thu, Jan 1, 2009 at 20:07, Abraham Sanni <sabraham@cananinc.com> wrote:
> > Yes, am making it up just show how is configure.
> >
> > So how can I stop spoofing?
>
> 1) Publish an SPF record, using "-all" (you have)
>
> 2) Check SPF yourself
>
> 3) Realise that there is no 100% solution - this is only part of the
> picture. See also http://www.openspf.org/FAQ/Envelope_from_scope
>
> --
> Please keep list traffic on the list.
>
> Rob MacGregor
> Whoever fights monsters should see to it that in the process he
> doesn't become a monster. Friedrich Nietzsche
>
>
> -------------------------------------------
> Sender Policy Framework: http://www.openspf.org
> Modify Your Subscription: http://www.listbox.com/member/
> Archives: https://www.listbox.com/member/archive/1020/=now
> RSS Feed: https://www.listbox.com/member/archive/rss/1020/
> Powered by Listbox: http://www.listbox.com
>
>
>
> -------------------------------------------
> Sender Policy Framework: http://www.openspf.org
> Modify Your Subscription: http://www.listbox.com/member/
> Archives: https://www.listbox.com/member/archive/1020/=now
> RSS Feed: https://www.listbox.com/member/archive/rss/1020/
> Powered by Listbox: http://www.listbox.com
>
+-------------------------
+ Dave Dennis
+ Seattle, WA
+ Speakeasy, Inc.
+ dmd@speakeasy.net
+
http://www.speakeasy.net +-------------------------
-------------------------------------------
Sender Policy Framework:
http://www.openspf.org Modify Your Subscription:
http://www.listbox.com/member/ Archives:
https://www.listbox.com/member/archive/1020/=now RSS Feed:
https://www.listbox.com/member/archive/rss/1020/ Powered by Listbox:
http://www.listbox.com