This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
system:annoyances [2021-04-27T07:12:16+0000] michael_paoli |
system:annoyances [2021-04-28T03:02:26+0000] michael_paoli |
||
---|---|---|---|
Line 545: | Line 545: | ||
sflug.org. 86400 IN TXT "v=spf1 -all" | sflug.org. 86400 IN TXT "v=spf1 -all" | ||
SPF version 2 could be good/better ... but later, not a top priority. | SPF version 2 could be good/better ... but later, not a top priority. | ||
+ | </file> | ||
+ | |||
+ | <file> | ||
+ | So, let's look into enabling SPF checking upon receipt of incoming ... | ||
+ | I also noticed what looks like something about a daemon - which may be preferable for large volumes/streams of incoming ... | ||
+ | let's look at documentation bit more ... | ||
+ | $ man spfd.mail-spf-perl | ||
+ | $ systemctl list-unit-files | fgrep spf | ||
+ | $ | ||
+ | So, nothin' in systemd unit files nor exim4 config that supports the spf daemon, so doing that would mean fair bit more manual configuring. | ||
+ | For now let's presume spfquery (non-daemonized) is quite "good enough" for now - we can change later if we need to. | ||
+ | So ... let's configure that ... | ||
+ | added ...: | ||
+ | # tail -n 1 conf.d/main/000_localmacros | ||
+ | CHECK_RCPT_SPF = true | ||
+ | # systemctl restart exim4.service | ||
+ | # That should be enough for that to now be operational - that should stop >> 50% of the incoming spam (attempts). Should see results in logs | ||
+ | quite soon (if not already). | ||
+ | </file> | ||
+ | <file> | ||
+ | Not seeing an SPF failure in the logs ... quite yet. | ||
+ | Let's test something that should fail ... | ||
+ | Drats - test made it through, even though the config should'a rejected it. | ||
+ | Oh, let's also add berkeleylug.com to the email domains, so that should work. | ||
+ | # DEBIAN_PRIORITY=medium dpkg-reconfigure exim4-config | ||
+ | # systemctl start exim4.service | ||
+ | Let's try sending to postmaster@berkeleylug.com | ||
+ | and yes, that got delivered fine. | ||
+ | So ... why is SPF check not working? | ||
+ | </file> | ||
+ | <file> | ||
+ | # systemctl stop exim4.service | ||
+ | # ls -d /usr/*bin/*exim*conf* | ||
+ | /usr/sbin/update-exim4.conf /usr/sbin/update-exim4.conf.template | ||
+ | # update-exim4.conf | ||
+ | # systemctl start exim4.service | ||
+ | SPF check still not working. | ||
+ | </file> | ||
+ | <file> | ||
+ | Wordpress email ... something to circle back on later. | ||
+ | For now, for header it uses: | ||
+ | From: WordPress <wordpress@berkeleylug.com> | ||
+ | Looks like the only bit of that that's easy to change is the domain. Looks like it uses php mail. There are plugins to change that, but | ||
+ | that's then more complications. As for envelope, since it's using Apache, between that and exim, that ends up as: | ||
+ | MAIL FROM:<www-data@balug.org> | ||
+ | Again, not simple to change that. More to circle back on for later. | ||
+ | For now, dropped in aliases for www-data and wordpress, so at least attempts to those - and for now at least, won't bounce at those domains if | ||
+ | attempted. So, that should help deliverability (and, on the receiving side, probably some more spam for postmaster as I presently aliased those to | ||
+ | postmaster ... "good enough" for now). | ||
</file> | </file> |