11-30-2009 05:16 PM
Hi All,
I was wondering if anyone can post examples of their DKIM and SPF filtering on their inbound mail flows that I might be able to look at. It would seem that all the filters I have attempted puts a lot of legitimate mail into the quarantine and has little to no effect on the spam side.
Help???
12-02-2009 08:55 PM
what we need from you:
- sample message (attached as rfc822 copy)
- your filter syntax (click rules view for a paste-able text-friendly output)
- config.xml file (attached if possible)
- an overview of what you're trying to accomplish
andrew
12-03-2009 07:32 PM
Hi Andrew,
I'm just looking for generalized filtering people are doing for SPF and DKIM. Right now we have not implemented any filtering at this time, because mailing lists breaks DKIM and some network administrators haven't paid attention to their SPF policies.
While we have set everything we need on the outbound traffic, I was just wondering how people are dealing with these items on the inbound... or if anyone is actually monitoring DKIM and SPF on the inbound at all.
So, I guess I'm looking for best practices or examples on how people are implementing these items on their Ironports.
12-03-2009 10:41 PM
We have a simple 'logging only' rule:
SPF_Fail: if (spf-status == "fail") { deliver(); }
12-08-2009 03:43 PM
Hi all,
On our side, we Quarantine mails which fail SPF or DKIM validation.
Don't know about the code, but in the GUI it looks like this :
Conditions
Apply rule:
Order Condition Rule Delete
1 DKIM Authentication dkim-authentication == "hardfail"
2 SPF Verification spf-status == "fail"
Actions
Order Action Rule Delete
1 Add Header insert-header("X-Ironport-Quarantine", "Quarantine")
Statistically, we have quarantined 1438 mails using this content filter over the last month (total mail traffic was over 4.4M mails, with 84% blocked at SMTP level by the reputation filter)
Hope it helps !
Fred
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide