[BlueOnyx:19557] Re: Enforcing SPF

[Ernie]

I already have delay_checks off, it doesn't reall help.

Yesterday I complied smf-spf and libspf2 and installed them on a test BX server,
a little fiddly but not too bad. libspf2 required a symlink in /usr/lib64
before smf-spf would find it even though the correct path was in the Makefile.
I set it to use sylog local4.* which logs to /var/log/spf.log and makes
interesting reading. Lots of bad SPF setups out there.

The default is to only reject mails which have an SPF policy of fail, which
is a good start.


- Ernie.

> 
> On Thu, 12 May 2016, Ernie wrote:
> 
> > Recently there seems to be a huge increase of self-spam that is emails which
> > pretend to be from the intended recipients email address.
> 
> Despite what the GUI help pop up says about setting sendmail's 
> 'delay_checks' option, I've found that turning it *OFF* kills off most of 
> the "FROM: == TO: " spams.  In fact, if you dig into the sendmail docs, 
> there's a place I saw where it admits that using "delay_checks" opens you 
> up to that very sort of spam attack.
> 
> Go to the main menu "Network Services", then "Email", then "Advanced". 
> Uncheck the "Enable delay_checks" tickbox.
> 
> We saw an *immediate* effect:  With "delay_checks" off, SpamHaus began 
> killing nearly *all* the offending spam sources.  If you're getting a 
> massive wave of those, you can turn "delay_checks" off and on and see the 
> effect in real time!  It was pretty astonishing.
> 
> Supposedly "delay_checks" helps when using a DNS-based block list like 
> SpamHaus, but any benefit it may give is nothing compared to the fact that 
> spam received went to nearly zero when it's off!
> 
> It would be interesting to know if you see the same thing.
> 
> -- 
> =^_^=  Tigerwolf
> _______________________________________________
> Blueonyx mailing list
> Blueonyx at mail.blueonyx.it
> http://mail.blueonyx.it/mailman/listinfo/blueonyx
> 


-- 
"I Ping therefore I am."