Spamassassin + DNS

webunity

Verified User
Joined
Sep 23, 2014
Messages
49
Hey there,

I am trying to fight spam, like we all do. I have a few questions which i hope to get answered here:

Question 1: VSPF record.
I have 2 domains with both a v=spf1 record. One is on my main domain (on which the mailserver is running) and the other one is on one of my customers domain.

On my main domain (webunity.nl); the VSPF contains ALL IPs assigned to my server
Code:
v=spf1 mx a ip4:141.138.194.220/32 ip4:80.69.85.202/32 ip4:80.69.85.201/32 ip4:24.132.30.124/32 ip4:80.69.85.200/32 ip4:80.69.85.171/32 ip6:2a02:348:78:c2dc::1/48 a:pyrus.webunity.nl -all

On my customers domain, the VSPF contains only the HTTPS ip (for sending email from the website) and the main IPV4 IP from the mailserver itself (which is mail.maindomain.com) which is a CNAME for mail.webunity.nl

Code:
v=spf1 mx a ip4:141.138.194.14/32 ip4:141.138.194.220/32 ip6:2a02:348:78:c2dc::1/48 a:pyrus.webunity.nl -all

The question is: "What is needed in the VSPF record?"

Isn't the following SPF record enough (for my main domain):
Code:
v=spf1 a:pyrus.webunity.nl ip4:141.138.194.220/32 ip6:2a02:348:78:c2dc::1/48 -all

And this one for all domains that use thesame mailserver?
Code:
v=spf1 redirect=webunity.nl

Question 2: _dmarc and _domainkey
My second domain has DNS entries for _dmarc and _domainkey. This makes spamassassin flag SPAM as ***SPAM*** which it doesn't on the main domain. It has been too long to know how i configured it. By looking at custombuild and versions, i have Exim and clamAV but i really don't know where to look further.

Question 3: Move my spam to the INBOX.Junk folder
Related to the above, i want to move all spam to the junk folder. Any pointers for me?
 
The question is: "What is needed in the VSPF record?"
It's not VSPF record but SPF record.;)
What needed is all ip's or mail servers which are allowed to send mail for that domain. Next to that, normally if you use "v=spf1 mx a" the sending mailserver is already included so an ip is not needed anymore. However, DA put's it there by default.

If you send out mail via ipv6 too then it might be wise to include the ipv6 of the sending mailserver hostname, not all ipv6 addresses.

Isn't the following SPF record enough (for my main domain):
better is:
Code:
v=spf1 a mx ip6:2a02:348:78:c2dc::1/48 -all
This includes your default mailserver (provided you have a mx record for pyrus.webunity.nl and this is also your mailserver ehlo/helo name, mostly your servers hostname) and a ptr record for this with your registrar would be wise to.
The -all prevents ALL mail sended from different adresses.

Try this for your own main domain:
https://www.unlocktheinbox.com/spfwizard/

Leave the one for the customer domains like it is because they use the same mailserver anyway, you don't need to change the default there.
Next to that, keep in mind that some users might rather send their mail a different way. Suppose they have Ziggo and want to use the Ziggo smtp server to send their mail. Then you can't use the -all on the SPF line because this would block this possibility.
Unless you oblige them to send mail via your mailserver but then they have to use (for example KPN customers too) port 587 or 465 to send mail trough your system.

Keep in mind that even with the -all at the end, SPF does not keep that much spam outside, a lot of systems don't use or check SPF records.
A better way to fight spam is to install spamassassin, the newest exim.conf (also called spamblocker.conf) with exim.pl, blockcracking and Easy Spamfighter.
You can additionaly create some razor/pyzor checks too. There are some threads about this last one here on the forums.

Question 2: Could be caused by the SPF line. Change it to ~all and see if that helps. Not sure about that one, you could check the logs.

Question 3: You can set that up in the Spamassassin setup of your account.
 
It's not VSPF record but SPF record.;)
Question 3: You can set that up in the Spamassassin setup of your account.

Thanx Richard. Where do i set that up? I migrated from EximConf 2.2 to the latest. I had SpamAssassin installed manually, now i am doing that via CB and everything still works. ESF is also being installed as we speak, but still i can't find the 'move to Inbox.Spam' folder setting...

edit:
I have now used https://www.directadmin.com/features.php?id=1679 in combination with https://www.directadmin.com/features.php?id=2024 which should enable me to use the INBOX.spam folder (which is in line with my current setup).

Then i did:
Code:
/etc/init.d/directadmin restart
echo "action=rewrite&value=filter&user=webunity" >> /usr/local/directadmin/data/task.queue
/usr/local/directadmin/dataskq d2000

to test it for just one user. It created my filter in /etc/virtual/webunity.nl/filter with contents:
Code:
# Exim Filter

# created by DirectAdmin, version 1.52.1
# Do not modify this file as any changes will be
# overwritten when the user makes a change.
# (data is only written to this file, not read)





if
    $h_X-Spam-Status: contains "Yes,"
then
    if
      	$local_part is "webunity"
    then

        save /home/webunity/Maildir/.INBOX.spam/new/ 660
    else
        if "${if exists{/home/webunity/imap/${domain}/${local_part}}{yes}{no}}" is "yes"
        then
            save /home/webunity/imap/$domain/$local_part/Maildir/.INBOX.spam/new/ 660
        else
            save /home/webunity/Maildir/.INBOX.spam/new/ 660
        endif

    endif
    finish
endif

if error_message then finish endif

However, my /etc/virtual/webunity.nl/filter.conf (different file) is somewhat strange. Is that intended?
Code:
[B]action=action=email[/B]
high_score=15
high_score_block=no
where=userspamfolder

p.s. the following guide; https://www.directadmin.com/features.php?id=1674 (Changes in CustomBuild 2.0 will set RoundCube and SquirrelMail to stop using INBOX.* folders to be more compliant with most email client's out there..) is not applicable to me yet since i have my own RoundCube install.
 
Last edited:
Thanx Richard. Where do i set that up?
I did not use any of both links you pointed to in the edit. As you can read in the first link, that value is default to 1 so you don't need to set it up.
Login to your DA control panel and go to user level.
Click "Spamassassin setup" and then you can see the option "Send the spam to the user's spam folder."
Should be this:
Code:
http://www.webunity.nl:2222/CMD_SPAMASSASSIN?domain=webunity.nl
Which configures the filter.conf if I'm not mistaken.

It is not strange that there is a filter and a filter.conf that's working as designed so no worries about that.

Looks fine to me now.
 
Back
Top