No announcement yet.

SPF Check before pipe

  • Filter
  • Time
  • Show
Clear All
new posts

  • SPF Check before pipe

    I am piping emails from a specific user to append a text file, I simply create .qmail-user and put the following

    | tee -a /the/path/to/the/file

    what I am looking for is piping only emails that pass the SPF and DKIM check, I want to make sure that the emails that is piped is coming from a specific domain that is also being sent legitimately from that domain.

    I have access to the DNS records of the sender domain.

    Any ideas?

  • #2

    Welcome to IW forums

    I think you maybe looking at this wrong sorry

    If your piping emails from a different server, the blocking needs completing on that server as the siteworx account on the IW server is only collecting the email

    If I am wrong sorry and please provide exact setup of where the email is been piped from ie on same server or from third party server

    However that said, all domains should have spf and dkims setup as default (ours do where the nameservers point to our platforms)

    Please be aware though, some emails do get through where the spf and dkims match records even if email sent is using a different domain.

    I hope that helps a little

    Many thanks



    • #3
      This is the setup:
      I have two domains, domain A which is on office 365 (for example) and domain B that is on IW

      I want emails sent to anyone@B from anyone@A to be piped to a file ( | tee -a /path/of/file )

      but anyone pretending to be from A and not really from A should not go through.

      I might be looking at this wrong but this is my setup



      • #4
        Hi Sam

        Many thanks

        You would need to make sure the spf record for domain A is set to hard fail

        Qmail/spam assassin would check spf and if hard fail, should spam or delete email, depending how you set the siteworx email

        Many thanks



        • #5
          Hi John,

          That make sense, but how would I make sure that emails are passing spam assassin before being piped? or does it already pass spam assassin by default if spam assassin is on?

          my .default-anyone contains only one line

          | tee -a /path/of/file

          should i add any to this?


          • #6
            Hi Sam

            Many thanks

            Domain A should reject email been received if spf set to hard fail and not authorized as should domain b

            The piping of email happens only once the email has been received in domain A or b email inbox

            So the piping would not check anything, it just pipes what in the inbox

            So the essence of the issue is stopping false email in domain A inbox if I understood correctly

            Many thanks and I hope that helps a little