1 Topic by slovenka

  • slovenka
  • Member
  • Offline
  • Registered: 2014-12-14
  • Posts: 51

Topic: Spamassassin SPF check and SRS

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 1.6.2
- Deployed with iRedMail Easy or the downloadable installer? downloadable
- Linux/BSD distribution name and version: CentOS 7
- Store mail accounts in which backend (LDAP/MySQL/PGSQL):  LDAP
- Web server (Apache or Nginx): Nginx
- Manage mail accounts with iRedAdmin-Pro? Yes
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====
Hello,
we have SRS enabled and just wanted to ask if this is true. From documentation for SRS:
"If sender address was rewritten, SpamAssassin will check SPF against the domain name specified in iRedAPD parameter srs_domain (which is server hostname by default), if you don't have SPF DNS record for srs_domain, SpamAssassin may tag a score of the matched SPF_FAIL rule."

Does this means that because we have SRS enabled, we don't check SPF records for incoming email?

Because we noticed that SPF check are "SPF_NONE" for all domains, even if they have SPF record. No SPF_PASS for last months.

Is there some way to enable SPF checks and have SRS enabled?

Thank you very much!
Slovenka

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,788

Re: Spamassassin SPF check and SRS

Currently no workaround yet, unless we develop a milter program to replace iRedAPD for SRS: milter gets full email headers and smtp session info, so it can precisely rewrite addresses for SRS.

3 Reply by slovenka

  • slovenka
  • Member
  • Offline
  • Registered: 2014-12-14
  • Posts: 51

Re: Spamassassin SPF check and SRS

Hello Zhang!
Thank you for answering. Do you think this would be hard to implement (develop)? I don't have such deep knowledge in programming, so I could only help with the testing.

Would you be willing to develop this milter program, so the problem is solved and iRedMail gets more secure and resilient against spam?

Or is disabling SRS still better (even if we have a lot of forwards) than having SPF checks disabled?

Thank you very much!
Slovenka

4 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,788

Re: Spamassassin SPF check and SRS

slovenka wrote:

Do you think this would be hard to implement (develop)?

The core of a milter is done: https://github.com/iredmail/iRedAPD/issues/11

slovenka wrote:

Would you be willing to develop this milter program, so the problem is solved and iRedMail gets more secure and resilient against spam?

Planned. But it's all about time, we're busy working on iRedMail Pro (it's a combination of iRedMail installer + iRedMail Easy platform + iRedAdmin-Pro), still in early beta.
https://docs.iredmail.org/pro.html

slovenka wrote:

Or is disabling SRS still better (even if we have a lot of forwards) than having SPF checks disabled?

SRS is good for forwarding, the problem is the srs in iRedAPD is not good enough limited by Postfix access policy delegation protocol.

5 Reply by slovenka

  • slovenka
  • Member
  • Offline
  • Registered: 2014-12-14
  • Posts: 51

Re: Spamassassin SPF check and SRS

Ok, thank you, we will patiently wait for the milter program for SRS.
Thank you!
Slovenka