Page 1 of 1

How to prevent mail spoofing?

Posted: Sat Sep 09, 2017 12:33 pm
by NikoCodey
Hello,

I'm having difficulties figuring out how to prevent mail spoofing, i heard SPF is a good idea, however i have no idea how to set it up.

In other words, I'd like to block fake email such as emkei.cz or phpmail from reaching my inbox

Can anyone help?

Thanks.

Re: How to prevent mail spoofing?

Posted: Sun Oct 22, 2017 10:23 pm
by NikoCodey
Hello,

I had to bump this due to no response and no help from searching :(

Re: How to prevent mail spoofing?

Posted: Mon Oct 23, 2017 7:20 am
by mehargags
Take a good read at topics in the MAIL SERVER Section of the forums
The first few sticky posts address your typical issue

You can enable these filtering rules in your EXIM/SpamAssasin to fail if :
1. rDNS PTR records not match "mail from domain"
2. SPF records not published/matched
3. DKIM signatures not present/fail

This is a fine tuning process and will require much reading and trial

Re: How to prevent mail spoofing?

Posted: Mon Oct 23, 2017 9:01 pm
by NikoCodey
mehargags wrote:Take a good read at topics in the MAIL SERVER Section of the forums
The first few sticky posts address your typical issue

You can enable these filtering rules in your EXIM/SpamAssasin to fail if :
1. rDNS PTR records not match "mail from domain"
2. SPF records not published/matched
3. DKIM signatures not present/fail

This is a fine tuning process and will require much reading and trial
Thanks for the reply mehargags, I've noticed that clamav and spamassassin were not installed on the server, did some digging and figured out that it does not automatically install on a server with less than 3 gb of ram.

I've installed clamav and spamassassin and i installed the rules from this thread - http://forum.vestacp.com/viewtopic.php?f=12&t=11271

However, when i send a fake mail, it still does not get rejected. In the headers it says:
-1.0 SPF_HELO_PASS SPF: HELO matches SPF record
1.0 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail)

Any help?

Re: How to prevent mail spoofing?

Posted: Mon Oct 23, 2017 11:23 pm
by NikoCodey
Just thought I'd update my progress.

Managed to get it to detect the bad SPF, it moves the message to junk, however,
rewrite_header Subject *****SPAM*****

in the spamassassin configuration does not work.

Any help?

Re: How to prevent mail spoofing?

Posted: Tue Oct 24, 2017 9:59 am
by mehargags
I'm not much knowledgable about SA and filtering so just wait for some more appropriate responses.
meantime just check this link https://www.lifewire.com/spamassassin-m ... am-1166252