Enable SPF checking without SpamAssin

[Mise]

Hi,

I'm trying to enable SPF checking to reject messages with SPF fail or softfail checking. Without enabling SpamAssisn.

I have found in Cpanel forums this old solution to be included inside Exim -> Advanced Editor (custom_begin_mailauth):

# Enable SPF rejection without SpamAssassin
deny message = SPF: $sender_host_address is not allowed to send mail from $sender_address_domain
spf = fail:softfail

although I cannot see the SPF checking text in the header of new messages.
Is this solution still valid, or maybe today it doesn't work?. Is there another updated way?

* I add: I can see inside the logs how the SPF rejection is working although no SPF info in the header's messages.

thanks!

 

[cPRex]

Hey there! You're correct that typically you'd need SpamAssassin enabled in order to do this work.

I believe this is the older post you're referring to: SPF Verification

and this seems to be straight out of the Exim documentation here:

https://tldp.org/HOWTO/Spam-Filtering-for-MX/exim-spf.html

If that isn't working how you expect, it might be best to put in a ticket to have our team check the system directly.

We do have DKIM verification that you can enable directly from WHM >> Exim Configuration Manager under the "Allow DKIM verification for incoming messages" option, which would definitely help to decrease spam, likely even more than an SPF check would.

 

[Mise]

yes, the code is working, I can see this in logs. Although I don't see the "SPF:... " line inside the headers of incoming messages.

Different from SPF ( which in front users can be explained like a bad server configuration in the other part), I have doubts about DKIM verification.
I'm not sure if most of all legitimate traffic already has DKIM keys

What's your thoughts?. Is DKIM already used beyond 90%?

thanks!

 

[cPRex]

I think DKIM is extremely widespread - if you want to send messages to Gmail and actually have hope of making it to the inbox, you need to have it.

If you'd like to create a ticket to have us check the SPF configuration we'd be happy to look!

 

[Mise]

yes, I have DKIM configured in all users. Not need to open a support ticket for this, thanks


My question is to know if rejecting incoming messages without DKIM signature it can be a good idea.

 

[cPRex]

I think it's a great idea - anyone that is sending email to major providers at this point needs to have DKIM enabled, so any automated scripts will almost certainly fail that verification check.

 

[irshad101]

I think it's a great idea - anyone that is sending email to major providers at this point needs to have DKIM enabled, so any automated scripts will almost certainly fail that verification check.

I got it now, thanks so much

 

[irshad101]

I have enabled DKIM but still spam is arriving to inbox.

one our inbox is getting 1000s of Bounce message with subject "Mail delivery failed: returning message to sender"
But when we check email delivery report that domain never send email to that email address which is bouncing back
also when we check that domain less than 10 emails in 24 hours but receive more than 1000 bounce messages like that.

How to stop these Please?

Thanks

 

[cPRex]

Do you see a large amount of messages leaving the server in the Exim log at /var/log/exim_mainlog?

You could also work through some of these steps to make sure there isn't spam leaving the system: How to find the source of spam emails

 

[irshad101]

Do you see a large amount of messages leaving the server in the Exim log at /var/log/exim_mainlog?

You could also work through some of these steps to make sure there isn't spam leaving the system: How to find the source of spam emails

No there is no large amount of messages leaving the server, online large number of incoming message of bounce notifications from many different domains.

 

[cPRex]

It sounds like your address was likely spoofed or set as the return address for someone else's spam, so there isn't much you can do about that. The only thing you could do on the server-side would be to create a filter to delete those messages or move them to a folder or even a separate email address so you could look through them if you wanted to.