Mark message subject of SPF SoftFail messages as suspicious

P

poetry

Active Member
May 28, 2020
206
63
33
This would be a nice feature but don't think it's possible. Can anyone give advice how you would do this?

I know that messages that have SoftFail will get SA score SPF_SOFTFAIL but this cannot be applied to action objects right? You just cannot rely to bump the SA score to higher value to mark messages as suspicious as this get's very high false positive rates. I would love to set messages as suspicious to some specific SA scores like for example SPF_SOFTFAIL. Is there any other way to detect SPF_SOFTFAIL?

If you read the http://www.open-spf.org/SPF_Record_Syntax/ you will see that it's noted there:

Result
Explanation
Intended action
SoftFailThe SPF record has designated the host as NOT being allowed to send but is in transitionaccept but mark

This is the recommendation from the SPF standard so it should be implemented right?

So will this be implemented in the future like SPF FAIL feature?. Would be great thanks.
 
Currently it's not possible to use SpamAssassin hits as 'What Objects'

Your idea is to always mark messages which match SPF_SOFTFAIL (and other spamassassin rules)?
Is this measure any good in your environment? would it really help?
If so - I'm not sure why not increase the score to something that in your ruleset will cause the mail to get tagged/put in quarantine
If not - why would you want to treat this specially?

(In our environments SPF_SOFTFAIL is not a good indicator for spam - iirc)

poetry said:
So will this be implemented in the future like SPF FAIL feature?. Would be great thanks.
Click to expand...
How should PMG react on this - for a hard-fail it is easy - just reject the mail (although this causes quite a few issues in many deployments, since SPF simply is not such a good indicator of ham/spam mails)?
 
I guess I have to give up on this. There is a clear reason something is not configured correctly if you are getting SPF_SOFTFAIL and it is at least on some spam emails usually a good indicator of a suspicious email. It's very hard to detect or mark suspicious emails with high accuracy if you just use the spam score. I would like to be able to mark messages depending on spamassasin detection that I find reliable in my environment. I will keep trying to find another way to do this or will just give up. I had to disable adding suspicious to subject based on spam score because I was getting way too many false positives I am guessing that is also because I am using custom spam scores. The reason I am using custom spam scores is so I am getting better spam detection. I think we all try to do our best to detect as much spam as possible with the options that are available that is why we are trying to find ways we can improve anything we can.
 
Last edited:
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back