SPF Check before pipe

ialameh · November 19, 2018, 1:42pm

Hi,
I am piping emails from a specific user to append a text file, I simply create .qmail-user and put the following

| tee -a /the/path/to/the/file

what I am looking for is piping only emails that pass the SPF and DKIM check, I want to make sure that the emails that is piped is coming from a specific domain that is also being sent legitimately from that domain.

I have access to the DNS records of the sender domain.

Any ideas?

d2d4j · November 19, 2018, 2:06pm

Hi

Welcome to IW forums

I think you maybe looking at this wrong sorry

If your piping emails from a different server, the blocking needs completing on that server as the siteworx account on the IW server is only collecting the email

If I am wrong sorry and please provide exact setup of where the email is been piped from ie on same server or from third party server

However that said, all domains should have spf and dkims setup as default (ours do where the nameservers point to our platforms)

Please be aware though, some emails do get through where the spf and dkims match records even if email sent is using a different domain.

I hope that helps a little

Many thanks

John

ialameh · November 21, 2018, 1:10am

This is the setup:
I have two domains, domain A which is on office 365 (for example) and domain B that is on IW

I want emails sent to anyone@B from anyone@A to be piped to a file ( | tee -a /path/of/file )

but anyone pretending to be from A and not really from A should not go through.

I might be looking at this wrong but this is my setup

Thanks
Sam

d2d4j · November 21, 2018, 2:23am

Hi Sam

Many thanks

You would need to make sure the spf record for domain A is set to hard fail

Qmail/spam assassin would check spf and if hard fail, should spam or delete email, depending how you set the siteworx email

Many thanks

John

ialameh · November 21, 2018, 1:41pm

Hi John,

That make sense, but how would I make sure that emails are passing spam assassin before being piped? or does it already pass spam assassin by default if spam assassin is on?

my .default-anyone contains only one line

| tee -a /path/of/file

should i add any to this?

d2d4j · November 21, 2018, 2:15pm

Hi Sam

Many thanks

Domain A should reject email been received if spf set to hard fail and not authorized as should domain b

The piping of email happens only once the email has been received in domain A or b email inbox

So the piping would not check anything, it just pipes what in the inbox

So the essence of the issue is stopping false email in domain A inbox if I understood correctly

Many thanks and I hope that helps a little

John