Latest revision as of 11:04, 18 May 2017

Installare

sudo apt-get install postfix-policyd-spf-python

Copiare file esempio

zcat  /usr/share/doc/postfix-policyd-spf-python/policyd-spf.conf.commented.gz | sudo tee /etc/postfix-policyd-spf-python/policyd-spf.conf

Impostare solo marcatura header, senza respingere. Per test:

sudoedit /etc/postfix-policyd-spf-python/policyd-spf.conf

HELO_reject = False
Mail_From_reject = False

Testare che non ci siano errori:

/usr/bin/python3 /usr/bin/policyd-spf /etc/postfix-policyd-spf-python/policyd-spf.conf

Impostare il demone in postfix:

sudoedit /etc/postfix/master.cf

policyd-spf unix -      n       n       -       0       spawn
           user=nobody argv=/usr/bin/python3 /usr/bin/policyd-spf /etc/postfix-policyd-spf-python/policyd-spf.conf

Impostare il timeout:

sudoedit /etc/postfix/main.cf

policyd-spf_time_limit = 3600

Impostare il check, DOPO reject_unauth_destination

sudoedit /etc/postfix/main.cf

smtpd_recipient_restrictions =
  ...
  reject_unauth_destination
  check_policy_service unix:private/policyd-spf
  ...

Riavviare postfix:

sudo /etc/init.d/postfix restart

Inviare un messaggio con mittente gmail, senza utilizare i server gmail. Si troverà nello stesso un'header:

Received-SPF: Softfail (domain owner discourages use of this host) identity=mailfrom; client-ip=1.2.3.4; helo=clientname envelope-from=example@gmail.com; receiver=example@example.com

Anche nei log si potrà trovare:

Mar 28 17:42:27 emip policyd-spf[15914]: Softfail; identity=mailfrom; client-ip=1.2.3.4; helo=example; envelope-from=example@gmail.com; receiver=example@example.com

Invece per invii legittimi l'header sarà:

Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=209.85.128.177; helo=mail-wr0-f177.google.com; envelope-from=example@gmail.com; receiver=example@example.com

E nei log:

 Mar 28 17:50:25 emip policyd-spf[16722]: Pass; identity=mailfrom; client-ip=209.85.128.177; helo=mail-wr0-f177.google.com; envelope-from=example@gmail.com; receiver=example@example.com

Al termine, impostare il respingimento dei messaggi non adeguati:

sudoedit /etc/postfix-policyd-spf-python/policyd-spf.conf

HELO_reject = SPF_Not_Pass
Mail_From_reject = Fail

Riavviare:

sudo /etc/init.d/postfix restart

Ritestare, usando questa volta @microsoft.com come mittente: il messaggio sarà rifiutato dal mailserver:

Mar 28 17:55:41 emip policyd-spf[19663]: Fail; identity=mailfrom; client-ip=1.2.3.4; helo=example; envelope-from=example@microsoft.com; receiver=example@example.com
Mar 28 17:55:41 emip postfix/smtpd[19179]: NOQUEUE: reject: RCPT from mail.galimberti.net[1.2.3.4]: 550 5.7.1 <example@example.com>: Recipient address rejected: Message rejected due to: SPF fail - not authorized. Please see http://www.openspf.net/Why?s=mfrom;id=example@microsoft.com;ip=1.2.3.4;r=example@example.com; from=<example@microsoft.com> to=<example@example.com> proto=ESMTP helo=<example>

Riferimenti

Configure SPF and DKIM in Postfix on Debian 8

Implementare il filtro antispam SPF in Postfix: Difference between revisions

Latest revision as of 11:04, 18 May 2017

Riferimenti

Navigation menu

Implementare il filtro antispam SPF in Postfix: Difference between revisions

Latest revision as of 11:04, 18 May 2017

Riferimenti

Navigation menu

Search