Results 1 to 4 of 4

Thread: Spamassassin + DNS

  1. #1
    Join Date
    Sep 2014
    Posts
    24

    Spamassassin + DNS

    Hey there,

    I am trying to fight spam, like we all do. I have a few questions which i hope to get answered here:

    Question 1: VSPF record.
    I have 2 domains with both a v=spf1 record. One is on my main domain (on which the mailserver is running) and the other one is on one of my customers domain.

    On my main domain (webunity.nl); the VSPF contains ALL IPs assigned to my server
    Code:
    v=spf1 mx a ip4:141.138.194.220/32 ip4:80.69.85.202/32 ip4:80.69.85.201/32 ip4:24.132.30.124/32 ip4:80.69.85.200/32 ip4:80.69.85.171/32 ip6:2a02:348:78:c2dc::1/48 a:pyrus.webunity.nl -all
    On my customers domain, the VSPF contains only the HTTPS ip (for sending email from the website) and the main IPV4 IP from the mailserver itself (which is mail.maindomain.com) which is a CNAME for mail.webunity.nl

    Code:
    v=spf1 mx a ip4:141.138.194.14/32 ip4:141.138.194.220/32 ip6:2a02:348:78:c2dc::1/48 a:pyrus.webunity.nl -all
    The question is: "What is needed in the VSPF record?"

    Isn't the following SPF record enough (for my main domain):
    Code:
    v=spf1 a:pyrus.webunity.nl ip4:141.138.194.220/32 ip6:2a02:348:78:c2dc::1/48 -all
    And this one for all domains that use thesame mailserver?
    Code:
    v=spf1 redirect=webunity.nl
    Question 2: _dmarc and _domainkey
    My second domain has DNS entries for _dmarc and _domainkey. This makes spamassassin flag SPAM as ***SPAM*** which it doesn't on the main domain. It has been too long to know how i configured it. By looking at custombuild and versions, i have Exim and clamAV but i really don't know where to look further.

    Question 3: Move my spam to the INBOX.Junk folder
    Related to the above, i want to move all spam to the junk folder. Any pointers for me?

  2. #2
    Join Date
    Jul 2008
    Location
    Maastricht
    Posts
    3,057
    The question is: "What is needed in the VSPF record?"
    It's not VSPF record but SPF record.
    What needed is all ip's or mail servers which are allowed to send mail for that domain. Next to that, normally if you use "v=spf1 mx a" the sending mailserver is already included so an ip is not needed anymore. However, DA put's it there by default.

    If you send out mail via ipv6 too then it might be wise to include the ipv6 of the sending mailserver hostname, not all ipv6 addresses.

    Isn't the following SPF record enough (for my main domain):
    better is:
    Code:
    v=spf1 a mx ip6:2a02:348:78:c2dc::1/48 -all
    This includes your default mailserver (provided you have a mx record for pyrus.webunity.nl and this is also your mailserver ehlo/helo name, mostly your servers hostname) and a ptr record for this with your registrar would be wise to.
    The -all prevents ALL mail sended from different adresses.

    Try this for your own main domain:
    https://www.unlocktheinbox.com/spfwizard/

    Leave the one for the customer domains like it is because they use the same mailserver anyway, you don't need to change the default there.
    Next to that, keep in mind that some users might rather send their mail a different way. Suppose they have Ziggo and want to use the Ziggo smtp server to send their mail. Then you can't use the -all on the SPF line because this would block this possibility.
    Unless you oblige them to send mail via your mailserver but then they have to use (for example KPN customers too) port 587 or 465 to send mail trough your system.

    Keep in mind that even with the -all at the end, SPF does not keep that much spam outside, a lot of systems don't use or check SPF records.
    A better way to fight spam is to install spamassassin, the newest exim.conf (also called spamblocker.conf) with exim.pl, blockcracking and Easy Spamfighter.
    You can additionaly create some razor/pyzor checks too. There are some threads about this last one here on the forums.

    Question 2: Could be caused by the SPF line. Change it to ~all and see if that helps. Not sure about that one, you could check the logs.

    Question 3: You can set that up in the Spamassassin setup of your account.
    Greetings, Richard.

  3. #3
    Join Date
    Sep 2014
    Posts
    24
    Quote Originally Posted by Richard G View Post
    It's not VSPF record but SPF record.
    Question 3: You can set that up in the Spamassassin setup of your account.
    Thanx Richard. Where do i set that up? I migrated from EximConf 2.2 to the latest. I had SpamAssassin installed manually, now i am doing that via CB and everything still works. ESF is also being installed as we speak, but still i can't find the 'move to Inbox.Spam' folder setting...

    edit:
    I have now used https://www.directadmin.com/features.php?id=1679 in combination with https://www.directadmin.com/features.php?id=2024 which should enable me to use the INBOX.spam folder (which is in line with my current setup).

    Then i did:
    Code:
    /etc/init.d/directadmin restart
    echo "action=rewrite&value=filter&user=webunity" >> /usr/local/directadmin/data/task.queue
    /usr/local/directadmin/dataskq d2000
    to test it for just one user. It created my filter in /etc/virtual/webunity.nl/filter with contents:
    Code:
    # Exim Filter
    
    # created by DirectAdmin, version 1.52.1
    # Do not modify this file as any changes will be
    # overwritten when the user makes a change.
    # (data is only written to this file, not read)
    
    
    
    
    
    if
        $h_X-Spam-Status: contains "Yes,"
    then
        if
          	$local_part is "webunity"
        then
    
            save /home/webunity/Maildir/.INBOX.spam/new/ 660
        else
            if "${if exists{/home/webunity/imap/${domain}/${local_part}}{yes}{no}}" is "yes"
            then
                save /home/webunity/imap/$domain/$local_part/Maildir/.INBOX.spam/new/ 660
            else
                save /home/webunity/Maildir/.INBOX.spam/new/ 660
            endif
    
        endif
        finish
    endif
    
    if error_message then finish endif
    However, my /etc/virtual/webunity.nl/filter.conf (different file) is somewhat strange. Is that intended?
    Code:
    action=action=email
    high_score=15
    high_score_block=no
    where=userspamfolder
    p.s. the following guide; https://www.directadmin.com/features.php?id=1674 (Changes in CustomBuild 2.0 will set RoundCube and SquirrelMail to stop using INBOX.* folders to be more compliant with most email client's out there..) is not applicable to me yet since i have my own RoundCube install.
    Last edited by webunity; 11-15-2017 at 05:07 AM.

  4. #4
    Join Date
    Jul 2008
    Location
    Maastricht
    Posts
    3,057
    Thanx Richard. Where do i set that up?
    I did not use any of both links you pointed to in the edit. As you can read in the first link, that value is default to 1 so you don't need to set it up.
    Login to your DA control panel and go to user level.
    Click "Spamassassin setup" and then you can see the option "Send the spam to the user's spam folder."
    Should be this:
    Code:
    http://www.webunity.nl:2222/CMD_SPAMASSASSIN?domain=webunity.nl
    Which configures the filter.conf if I'm not mistaken.

    It is not strange that there is a filter and a filter.conf that's working as designed so no worries about that.

    Looks fine to me now.
    Greetings, Richard.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •