Incoming email SPF verification

[irshad101]

Hello,

I have cPanel server with CENTOS 7.9 v94.0.10

we are receiving server wise LOT of spam emails, I have checked the Exim Configuration Manager and Apache SpamAssassin™: Forced Global ON is (ON)

but we are still receiving lot of SPAM and most of spam when I check did't pass SPF check with sender domain and IP address.

We also receive emails from our own domains from different IPS.

how can I enable and make sure that every incoming emails pass the SPF check?

Thanks

 

[keat63]

You could use DMARC to block emails which fail SPF, however, you will end up blocking legitimate email as some web masters are lazy and don't have SPF enabled at thier end.

Regarding the emails from your own domains, are they actually coming from your own domains, or is the 'from' address being spoofed.

If they are coming from your own domains, ie, your domains are authenticate the sending, then you should try to investigate which accounts might be doing this, and change some passwords.

 

[irshad101]

Hello,

no emails are coming from other servers while I check IPS
also all my domains have valid SPF then when IP is different email must be rejected but emails are receiving.

could you please help me how to "use DMARC to block emails which fail SPF"?

Thanks so much

 

[cPRex]

We had a similar post on this last week:

Enable SPF checking without SpamAssin

Hi, I'm trying to enable SPF checking to reject messages with SPF fail or softfail checking. Without enabling SpamAssisn. I have found in Cpanel forums this old solution to be included inside Exim -> Advanced Editor (custom_begin_mailauth): # Enable SPF rejection without SpamAssassin deny...

forums.cpanel.net

and I recommended that if you really want to stop spam, to enable the DKIM checks instead of just SPF.

 

[keat63]

For DMARC, you need to create a new DNS entry.

Hostname= _dmarc
type= txt/spf
Destination/Target= v=DMARC1\;p=none\;sp=none\;adkim=r\;aspf=r\;pct=100\;fo=0\;rf=afrf\;ri=86400\;rua=mailto:some_email\@yourdomain.com\;ruf=mailto:some_email\@yourdomain.com

Fill in your own email address (leave the backslash in place)

The example I gave above will allow failures to be delivered
None: v=DMARC1; p=none; sp=none; rf=afrf; pct=100; ri=86400

The below entries will either reject or quarantine depending on which you choose.


Reject: v=DMARC1; p=reject; sp=none;
Quarantine: v=DMARC1; p=quarantine; sp=none;

However, be warned about what I said when legitimate email is likely to be rejected or quarantined, as a great many web servers won't have SPF installed.

 

[irshad101]

Thanks but is this for outgoing email or incoming email.

I want to implement it on all incoming emails on all domain in cPanel server.