1 Topic by fisher006

  • fisher006
  • Member
  • Offline
  • Registered: 2016-08-01
  • Posts: 46

Topic: E-mail spoofing

iRedMail version (check /etc/iredmail-release):  0.9.5-1
- Linux/BSD distribution name and version:  centos 7
- Store mail accounts in which backend (LDAP/MySQL/PGSQL):  MySQL
- Web server (Apache or Nginx): Nginx
- Manage mail accounts with iRedAdmin-Pro? NO
- Related log if you're reporting an issue:




it it’s normal behavior for iredmail about spoofed e-mails?


We make a test’s spoofing and iredmail accept this e-mails ( very low points for bad SPF)

we make a test manual and from this tool: https://spf.guru/tools/spoofing

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,793

Re: E-mail spoofing

Short answer: yes it's normal.

*) iRedAPD is a policy server which gets only info of smtp session, not mail message (header + body), so iRedAPD cannot detect the different sender address in "From:" header.

*) Postfix doesn't have builtin settings/tools to compare the sender address sent by sender server during smtp session and the one in mail header.

*) In this example (https://spf.guru/tools/spoofing), sender uses its own mail server with proper EHLO and server hostnames, it's just normal. One example is PayPal payment notification email, it's sent by PayPal, but the From: address is always different.

3 Reply by fisher006

  • fisher006
  • Member
  • Offline
  • Registered: 2016-08-01
  • Posts: 46

Re: E-mail spoofing

Yes  - but paypal have valid SPF record's smile

OK nvm I change SPF_CHECK  from 0.1 to 2

in

/etc/mail/spamassassin/local.cf wink


Thanks