Virtualmin check SPF records?

SYSTEM INFORMATION
OS type and version: Centos 7.9
Webmin version: 1.981
Virtualmin version: 6.17.pro
Related products version: Spamassassin 3.4.0

I don’t understand why this email has not been stopped by the antispam, theoretically it should check SPF but here it has not done it.

> Return-Path: <Confirming.bbva@bbva.com>
> X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on server
> X-Spam-Flag: YES
> X-Spam-Level: ****
> X-Spam-Status: Yes, score=4.1 required=4.0 tests=BAYES_00,DCC_CHECK,	FSL_BULK_SIG,HTML_MESSAGE,MALW_ATTACH,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,	SPF_FAIL,SPF_HELO_NONE,T_REMOTE_IMAGE,URIBL_BLOCKED,URI_NOVOWEL autolearn=no	autolearn_force=no version=3.4.0
> X-Spam-DCC: x.dcc-servers: server 104; Body=3 Fuz1=38 Fuz2=many
> X-Spam-Pyzor: Reported 0 times.
> X-Spam-Report: 	*  0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked.	*       See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block	*      for more information.	*      [URIs: bbva.es]	*  0.0 RCVD_IN_MSPIKE_H3 RBL: Good reputation (+3)	*      [79.172.201.200 listed in wl.mailspike.net]	* -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1%	*      [score: 0.0000]	*  0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record	*  0.0 SPF_FAIL SPF: sender does not match SPF record (fail)	*      [SPF failed: Please see http://www.openspf.net/Why?s=mfrom;id=confirming.bbva%40bbva.com;ip=79.172.201.200;r=server]	*  0.5 URI_NOVOWEL URI: URI hostname has long non-vowel sequence	*  0.0 HTML_MESSAGE BODY: HTML included in message	*  2.0 DCC_CHECK Detected as bulk mail by DCC (dcc-servers.net)	*  0.0 RCVD_IN_MSPIKE_WL Mailspike good senders	*  0.0 FSL_BULK_SIG Bulk signature with no Unsubscribe	*  3.5 MALW_ATTACH Attachment filename suspicious, probable malware exploit	*  0.0 T_REMOTE_IMAGE Message contains an external image
> X-Original-To: barcelona@domain.com
> Delivered-To: barcelona.domain@server.aaa.org
> Received: from third.ysolutions.hu (third.ysolutions.hu [79.172.201.200])	by server.aaa.org (Postfix) with ESMTPS id C21A98138115;	Thu, 18 Nov 2021 13:30:51 +0100 (CET)
> Received: from webmail.ysolutions.hu (localhost [127.0.0.1])	by third.ysolutions.hu (Postfix) with ESMTP id 5880D2180CF5;	Thu, 18 Nov 2021 13:28:57 +0100 (CET)
> DKIM-Filter: OpenDKIM Filter v2.11.0 third.ysolutions.hu 5880D2180CF5
> MIME-Version: 1.0
> Content-Type: multipart/mixed; boundary="=_6806d086efda8946f9ca9f1c6d9e1206"
> Date: Thu, 18 Nov 2021 13:28:57 +0100
> From: Confirming.bbva@bbva.com
> To: undisclosed-recipients:;
> Subject: [SPAM] BBVA-Confirming Factura
> In-Reply-To: <1632203281.192140559@f29.my.com>
> References: <1632203281.192140559@f29.my.com>
> Message-ID: <23248aadf4f5d3bf54eaaee78b5cfab9@bbva.com>
> X-Sender: Confirming.bbva@bbva.com
> User-Agent: Roundcube Webmail/1.3.9
> X-Greylist: Default is to whitelist mail, not delayed by milter-greylist-4.6.2 (server.aaa.org [0.0.0.0]); Thu, 18 Nov 2021 13:30:51 +0100 (CET)
> X-Spam-Prev-Subject: BBVA-Confirming Factura
> 
> > Blockquote

yes it has checked SPF (SPF_FAIL) and also marked as spam… (X-Spam-Flag: YES)
not sure what you want to do. (?)

Simply mark it as spam if it does not comply with spf, for example if it does not comply with spf add 3 or 5 points to the spam level.

[score: 0.0000]	*  0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record	*  0.0 SPF_FAIL SPF: sender does not match SPF record (fail)	

Here 0 points fail SPF, i don’t understand why ??

add your own score in local.cf or elsewhere, eg
score SPF_FAIL 3

also it is marked as spam. (x-spam-flag). maybe you want to add rewrite_subject to also add SPAM to the subject? it’s just another option in spamassassin you can enable…

1 Like

What surprises me is that I don’t see any place where I can do this with virtualmin, for me it is something basic.

I understand that virtualmin is a product to help manage a hosting and this is basically web and mail, the antispam to mail is like the firewall to the services, how is it possible that you can not manage this in virtualmin?
@Ilia I’m sorry but Is there any plan to manage this in virtualmin ??

I am almost always confused about each mail-related question a user asks. Perhaps, it is just a complex topic.

I don’t understand why this email has not been stopped by the antispam, theoretically it should check SPF but here it has not done it.

What do you mean by “hasn’t been stopped”? What result do you expect to get? The message has spam score header and the subject was prepended with [SPAM]. It was stopped and things evidently work just fine. If you expect this message to be thrown away (or something else) you would need to check configurable options on virtual-server.name - Server Configuration ⇾ Spam and Virus Delivery page:


It would be useful to check on Spam and Virus scanning documentation.

[score: 0.0000]	*  0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record	*  0.0 SPF_FAIL SPF: sender does not match SPF record (fail)	

Here 0 points fail SPF, i don’t understand why ??

@Ilia This is i don’t understand, SPF its fail but is not adding anything to the counter

I think it would be an easy and great improvement that when SPF fails it would add points to the spam counter, or at least from the panel it could be managed.
doesn’t it seem logical to you?
and do not take this as a negative complaint, it is not my intention, but as a contribution to the improvement of the product, which also I think it should not be difficult to implement, don’t you think?

and more things to contribute and that I don’t think would cost much and would be of great help would be something as simple as the incorporation of antispam lists from the panel.

This can be setup manually by editing Servers ⇾ SpamAssassin Mail Filter: Header and Body Tests / Advanced Mode page:

2 Likes

@Jamie What do you think if we made SpamAssassin test scores, in particular SPF_ score, configuration ported to Server Configuration ⇾ Spam and Virus Delivery page for simplicity, as I agree it might be hard to configure.

2 Likes

Yes this is the config page i know, if you can make this for me its great, and if you could also add the option to add list of anti-spam server filters, it would be perfect. :heart_eyes:

Sorry i view this SPF config now, frankly I had no idea that this option was there and I’ve been looking all these years, maybe in some last update it has been added ?? anyway thanks a lot !!!

It’s rare that users would want to change the default spamassassin rule scores… I’m surprised that SPF_FAIL is only scoring 0 points by default.

Yes, this is my surprise, SPF_FAIL 0 points :thinking:

Is that what’s it’s set to in the default SpamAssassin configuration? Or is it overridden in any of the files under /etc/spamassassin ?

@Jamie i don’t remember touch anything about this

On my system, the default scores are in /usr/share/spamassassin/50_scores.cf