starred/modoboa-modoboa
1
0
Fork 0
mirror of https://github.com/modoboa/modoboa.git synced 2026-04-25 08:56:02 +03:00
Code Issues 60 Projects Releases 10 Packages Wiki Activity

[GH-ISSUE #624] Manage SPF #585

New issue
Closed
opened 2026-02-27 11:12:30 +03:00 by kerem · 29 comments
kerem commented 2026-02-27 11:12:30 +03:00
Owner
Copy link

Originally created by @SomeGeek on GitHub (Oct 23, 2014).
Original GitHub issue: https://github.com/modoboa/modoboa/issues/624

Provide the option to manage SPF within Modoboa. SPF is a method to prevent spam by using DNS-checks.

Proposed options:

  • SPF checking mode
    • Only create Received-SPF headers, never block
    • Use temporary error notices when you have DNS lookup problems
    • Reject mail when SPF resolves to "fail" (deny)
    • Reject mail when SPF resolves to "softfail"
    • Reject mail when SPF resolves to "neutral"
    • Reject mail when SPF does not resolve to "pass"
  • SPF local rules
  • SPF guess rules
  • SPF explanation
  • Continue in case of DNS problems
Originally created by @SomeGeek on GitHub (Oct 23, 2014). Original GitHub issue: https://github.com/modoboa/modoboa/issues/624 Provide the option to manage SPF within Modoboa. SPF is a method to prevent spam by using DNS-checks. Proposed options: - SPF checking mode - Only create Received-SPF headers, never block - Use temporary error notices when you have DNS lookup problems - Reject mail when SPF resolves to "fail" (deny) - Reject mail when SPF resolves to "softfail" - Reject mail when SPF resolves to "neutral" - Reject mail when SPF does not resolve to "pass" - SPF local rules - SPF guess rules - SPF explanation - Continue in case of DNS problems
kerem 2026-02-27 11:12:30 +03:00
kerem commented 2026-02-27 11:12:31 +03:00
Author
Owner
Copy link

@hadifarnoud commented on GitHub (May 10, 2016):

or better yet, give user instructions on what DNS records to add. Unfortunately I'm not a developer to be able to help.

<!-- gh-comment-id:218066797 --> @hadifarnoud commented on GitHub (May 10, 2016): or better yet, give user instructions on what DNS records to add. Unfortunately I'm not a developer to be able to help.
kerem commented 2026-02-27 11:12:31 +03:00
Author
Owner
Copy link

@tonioo commented on GitHub (Oct 16, 2016):

@SomeGeek Which component would provide the actions you're talking about ? Because Postfix does not permit that.

<!-- gh-comment-id:254053909 --> @tonioo commented on GitHub (Oct 16, 2016): @SomeGeek Which component would provide the actions you're talking about ? Because Postfix does not permit that.
kerem commented 2026-02-27 11:12:31 +03:00
Author
Owner
Copy link

@nikaro commented on GitHub (Jan 22, 2017):

@tonioo you can use a SPF policy agent (cf. https://help.ubuntu.com/community/Postfix/SPF).

<!-- gh-comment-id:274351096 --> @nikaro commented on GitHub (Jan 22, 2017): @tonioo you can use a SPF policy agent (cf. https://help.ubuntu.com/community/Postfix/SPF).
kerem commented 2026-02-27 11:12:31 +03:00
Author
Owner
Copy link

@tonioo commented on GitHub (Jan 23, 2017):

@nikaro Thank you for the link. Maybe I'm wrong but I think DMARC would be a better answer in this case. What's your opinion?

<!-- gh-comment-id:274480210 --> @tonioo commented on GitHub (Jan 23, 2017): @nikaro Thank you for the link. Maybe I'm wrong but I think [DMARC](https://dmarc.org/) would be a better answer in this case. What's your opinion?
kerem commented 2026-02-27 11:12:31 +03:00
Author
Owner
Copy link

@nikaro commented on GitHub (Jan 23, 2017):

DMARC checks can be done by OpenDMARC milter, but it seems to come in addition ton SPF and DKIM checks in the configuration i've seen on internet. But i don't know how they interface themselves with each others.

As i understand the things, a DMARC DNS record only enforce the policy to adopt regarding SPF and DKIM (and additionally specify a email address where to send reports).

<!-- gh-comment-id:274503583 --> @nikaro commented on GitHub (Jan 23, 2017): DMARC checks can be done by OpenDMARC milter, but it seems to come in addition ton SPF and DKIM checks in the configuration i've seen on internet. But i don't know how they interface themselves with each others. As i understand the things, a DMARC DNS record only enforce the policy to adopt regarding SPF and DKIM (and additionally specify a email address where to send reports).
kerem commented 2026-02-27 11:12:31 +03:00
Author
Owner
Copy link

@tonioo commented on GitHub (Jan 23, 2017):

Absolutely, you indicate other MTA how they should handle unauthenticated (SPF and DKIM) messages coming from your domain. That's a more general setup but I do agree it is not the same "side" of the problem.
Blocking traffic based on a local configuration and only because SPF might be a bit too restrictive from my point of view...

<!-- gh-comment-id:274508760 --> @tonioo commented on GitHub (Jan 23, 2017): Absolutely, you indicate other MTA how they should handle unauthenticated (SPF and DKIM) messages coming from your domain. That's a more general setup but I do agree it is not the same "side" of the problem. Blocking traffic based on a local configuration and only because SPF might be a bit too restrictive from my point of view...
kerem commented 2026-02-27 11:12:31 +03:00
Author
Owner
Copy link

@fpiccinali commented on GitHub (Jan 28, 2017):

What about to provide a tool within the UI to check SPF records is present. (as in MX and DNSBL checks in Domains list)

Maybe check if they are properly configured could be more complicated.

<!-- gh-comment-id:275831408 --> @fpiccinali commented on GitHub (Jan 28, 2017): What about to provide a tool within the UI to check SPF records is present. (as in MX and DNSBL checks in Domains list) Maybe check if they are properly configured could be more complicated.
kerem commented 2026-02-27 11:12:31 +03:00
Author
Owner
Copy link

@tonioo commented on GitHub (Feb 1, 2017):

@fpiccinali Yes, that's something I plan to add.

<!-- gh-comment-id:276607994 --> @tonioo commented on GitHub (Feb 1, 2017): @fpiccinali Yes, that's something I plan to add.
kerem commented 2026-02-27 11:12:31 +03:00
Author
Owner
Copy link

@ValdikSS commented on GitHub (Dec 15, 2020):

Currently, as for 15 Decembler 2020, Modoboa 1.17.0 does not check any of SPF, DKIM, DMARC of the incoming mail.
Letters generated by email spoofing test service https://emailspooftest.com/ all received into inbox.

E3 Testing SPF from emailSpoofTest.com -Critical severity

YOU SHOULD NEVER RECEIVE THIS EMAIL!

This email system failed inbound email SPF security checks. The sending IP is not allowed to send mail for this domain. This security issue is the most common way spam and phishing get in to compromise users and spread ransomware.

E2 Testing DKIM from emailSpoofTest.com -High severity

YOU SHOULD NEVER RECEIVE THIS EMAIL!

This email system failed to properly enforce strict DMARC alignment of DKIM for inbound email. The DNS for the sending domain forces DKIM as a security measure and your servers ignore this. This security issue can be used to compromise users.
<!-- gh-comment-id:745395137 --> @ValdikSS commented on GitHub (Dec 15, 2020): Currently, as for 15 Decembler 2020, Modoboa 1.17.0 does not check any of SPF, DKIM, DMARC of the incoming mail. Letters generated by email spoofing test service https://emailspooftest.com/ all received into inbox. ``` E3 Testing SPF from emailSpoofTest.com -Critical severity YOU SHOULD NEVER RECEIVE THIS EMAIL! This email system failed inbound email SPF security checks. The sending IP is not allowed to send mail for this domain. This security issue is the most common way spam and phishing get in to compromise users and spread ransomware. ``` ``` E2 Testing DKIM from emailSpoofTest.com -High severity YOU SHOULD NEVER RECEIVE THIS EMAIL! This email system failed to properly enforce strict DMARC alignment of DKIM for inbound email. The DNS for the sending domain forces DKIM as a security measure and your servers ignore this. This security issue can be used to compromise users. ```
kerem commented 2026-02-27 11:12:31 +03:00
Author
Owner
Copy link

@tonioo commented on GitHub (Dec 15, 2020):

@ValdikSS It should checked by Amavis... if it's running. Can you check that?

<!-- gh-comment-id:745415842 --> @tonioo commented on GitHub (Dec 15, 2020): @ValdikSS It should checked by Amavis... if it's running. Can you check that?
kerem commented 2026-02-27 11:12:31 +03:00
Author
Owner
Copy link

@ValdikSS commented on GitHub (Dec 15, 2020):

@tonioo, the header does contain X-Virus-Scanned: Debian amavisd-new header.
I've installed Modoboa today, using the installer, on Ubuntu 20.04.1.

Return-Path: <test@badspf.com>
Delivered-To: admin@uguuft.xyz
Received: from mail.uguuft.xyz
	by mail.uguuft.xyz with LMTP
	id kHOvGora2F+JDQAAagejBg
	(envelope-from <test@badspf.com>)
	for <admin@uguuft.xyz>; Tue, 15 Dec 2020 15:47:22 +0000
Received: from localhost (localhost [127.0.0.1])
	by mail.uguuft.xyz (Postfix) with ESMTP id 5B28F81EA7
	for <admin@uguuft.xyz>; Tue, 15 Dec 2020 15:47:22 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at mail.uguuft.xyz
Received: from mail.uguuft.xyz ([127.0.0.1])
	by localhost (mail.uguuft.xyz [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id PkMyGKagxiMh for <admin@uguuft.xyz>;
	Tue, 15 Dec 2020 15:47:16 +0000 (UTC)
Received: from p3nlsmtp16.shr.prod.phx3.secureserver.net (p3nlsmtp16.shr.prod.phx3.secureserver.net [72.167.234.241])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by mail.uguuft.xyz (Postfix) with ESMTPS
	for <admin@uguuft.xyz>; Tue, 15 Dec 2020 15:46:59 +0000 (UTC)
Received: from P3NWVPWEB097 ([50.62.160.34])
	by : HOSTING RELAY : with ESMTP
	id pCP6kiU1e2WpqpCP6kp4cp; Tue, 15 Dec 2020 08:38:20 -0700
X-CMAE-Analysis: v=2.4 cv=bsuJuGWi c=1 sm=1 tr=0 ts=5fd8d86c
 a=5ut4CJh8xkMQtYfDDsDMVA==:117 a=5ut4CJh8xkMQtYfDDsDMVA==:17 a=06rO89ENAAAA:8
 a=HpEJnUlJZJkA:10 a=kj9zAlcOel0A:10 a=EKrGBwzAl0PW3JTK6XoA:9
 a=CjuIK1q_8ugA:10 a=a-VhRbJMGjIA:10 a=ZSy8GxL5bGPctucz7bn6:22
 a=pHzHmUro8NiASowvMSCR:22 a=xoEH_sTeL_Rfw54TyV31:22
X-SECURESERVER-ACCT: UNKNOWN
MIME-Version: 1.0
From: test@badspf.com
To: admin@uguuft.xyz
Date: 15 Dec 2020 08:38:20 -0700
Subject: E3 Testing SPF from emailSpoofTest.com -Critical severity
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: quoted-printable
X-CMAE-Envelope: MS4xfEbeJpN9Sv31RavT/zNQRgMRf9aKw/yfSJ1vsFYtJZW0N/HxiAzhc4Z2OC6gREOjwFfqPkTKij5U7iUwG5qiRnhz8UzIHQPUvJsHY2TXpioHGsW4S3Qj
 WDXc4HdC+2KbX2Iq4zNH5iAF6ZAD8URMMAkbB0uNmdf3lLWVLJPNZac9HUYB5a0Xqo1C2J2f/idYrw==

YOU SHOULD NEVER RECEIVE THIS EMAIL!=0D=0A=0D=0AThis email system=
 failed inbound email SPF security checks. The sending IP is not =
allowed to send mail for this domain. This security issue is the =
most common way spam and phishing get in to compromise users and =
spread ransomware.=0D=0A=0D=0ATo correct; Configure your inbound =
email servers SPF correctly and try again. Go to emailspooftest.c=
om/score.aspx to complete a spoof report card, reference Email 3.=
 For help with correcting these email security issues please emai=
l: email@emailspooftest.com.=0D=0A=0D=0A=0D=0ASender Source IP: X=
XXXXXXXX
<!-- gh-comment-id:745417375 --> @ValdikSS commented on GitHub (Dec 15, 2020): @tonioo, the header does contain `X-Virus-Scanned: Debian amavisd-new` header. I've installed Modoboa today, using the installer, on Ubuntu 20.04.1. ``` Return-Path: <test@badspf.com> Delivered-To: admin@uguuft.xyz Received: from mail.uguuft.xyz by mail.uguuft.xyz with LMTP id kHOvGora2F+JDQAAagejBg (envelope-from <test@badspf.com>) for <admin@uguuft.xyz>; Tue, 15 Dec 2020 15:47:22 +0000 Received: from localhost (localhost [127.0.0.1]) by mail.uguuft.xyz (Postfix) with ESMTP id 5B28F81EA7 for <admin@uguuft.xyz>; Tue, 15 Dec 2020 15:47:22 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at mail.uguuft.xyz Received: from mail.uguuft.xyz ([127.0.0.1]) by localhost (mail.uguuft.xyz [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PkMyGKagxiMh for <admin@uguuft.xyz>; Tue, 15 Dec 2020 15:47:16 +0000 (UTC) Received: from p3nlsmtp16.shr.prod.phx3.secureserver.net (p3nlsmtp16.shr.prod.phx3.secureserver.net [72.167.234.241]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.uguuft.xyz (Postfix) with ESMTPS for <admin@uguuft.xyz>; Tue, 15 Dec 2020 15:46:59 +0000 (UTC) Received: from P3NWVPWEB097 ([50.62.160.34]) by : HOSTING RELAY : with ESMTP id pCP6kiU1e2WpqpCP6kp4cp; Tue, 15 Dec 2020 08:38:20 -0700 X-CMAE-Analysis: v=2.4 cv=bsuJuGWi c=1 sm=1 tr=0 ts=5fd8d86c a=5ut4CJh8xkMQtYfDDsDMVA==:117 a=5ut4CJh8xkMQtYfDDsDMVA==:17 a=06rO89ENAAAA:8 a=HpEJnUlJZJkA:10 a=kj9zAlcOel0A:10 a=EKrGBwzAl0PW3JTK6XoA:9 a=CjuIK1q_8ugA:10 a=a-VhRbJMGjIA:10 a=ZSy8GxL5bGPctucz7bn6:22 a=pHzHmUro8NiASowvMSCR:22 a=xoEH_sTeL_Rfw54TyV31:22 X-SECURESERVER-ACCT: UNKNOWN MIME-Version: 1.0 From: test@badspf.com To: admin@uguuft.xyz Date: 15 Dec 2020 08:38:20 -0700 Subject: E3 Testing SPF from emailSpoofTest.com -Critical severity Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable X-CMAE-Envelope: MS4xfEbeJpN9Sv31RavT/zNQRgMRf9aKw/yfSJ1vsFYtJZW0N/HxiAzhc4Z2OC6gREOjwFfqPkTKij5U7iUwG5qiRnhz8UzIHQPUvJsHY2TXpioHGsW4S3Qj WDXc4HdC+2KbX2Iq4zNH5iAF6ZAD8URMMAkbB0uNmdf3lLWVLJPNZac9HUYB5a0Xqo1C2J2f/idYrw== YOU SHOULD NEVER RECEIVE THIS EMAIL!=0D=0A=0D=0AThis email system= failed inbound email SPF security checks. The sending IP is not = allowed to send mail for this domain. This security issue is the = most common way spam and phishing get in to compromise users and = spread ransomware.=0D=0A=0D=0ATo correct; Configure your inbound = email servers SPF correctly and try again. Go to emailspooftest.c= om/score.aspx to complete a spoof report card, reference Email 3.= For help with correcting these email security issues please emai= l: email@emailspooftest.com.=0D=0A=0D=0A=0D=0ASender Source IP: X= XXXXXXXX ```
kerem commented 2026-02-27 11:12:31 +03:00
Author
Owner
Copy link

@tonioo commented on GitHub (Dec 15, 2020):

@ValdikSS FYI, Modoboa does not deal with DNS record creation/configuration so you must do it yourself.

<!-- gh-comment-id:745417839 --> @tonioo commented on GitHub (Dec 15, 2020): @ValdikSS FYI, Modoboa does not deal with DNS record creation/configuration so you must do it yourself.
kerem commented 2026-02-27 11:12:31 +03:00
Author
Owner
Copy link

@ValdikSS commented on GitHub (Dec 15, 2020):

@tonioo, I'm talking about inbound SPF/DKIM/DMARC checks. And yes, I've added the records on my domain.

<!-- gh-comment-id:745418625 --> @ValdikSS commented on GitHub (Dec 15, 2020): @tonioo, I'm talking about inbound SPF/DKIM/DMARC checks. And yes, I've added the records on my domain.
kerem commented 2026-02-27 11:12:31 +03:00
Author
Owner
Copy link

@tonioo commented on GitHub (Dec 15, 2020):

@ValdikSS Ok, I misunderstood your comment. But my answer is still the same, it should be checked. What is strange in your mail is it does not contain any Authentication-Results header. Amavis should add one... Can you check your logs please?

<!-- gh-comment-id:745421939 --> @tonioo commented on GitHub (Dec 15, 2020): @ValdikSS Ok, I misunderstood your comment. But my answer is still the same, it should be checked. What is strange in your mail is it does not contain any Authentication-Results header. Amavis should add one... Can you check your logs please?
kerem commented 2026-02-27 11:12:31 +03:00
Author
Owner
Copy link

@tonioo commented on GitHub (Dec 15, 2020):

At least it should check for SPF and DKIM. I don't think DMARC is handled by Amavis so it would require to add a dedicated component, like OpenDMARC. Or maybe replace Amavis/OpenDKIM by rspamd...

<!-- gh-comment-id:745423145 --> @tonioo commented on GitHub (Dec 15, 2020): At least it should check for SPF and DKIM. I don't think DMARC is handled by Amavis so it would require to add a dedicated component, like OpenDMARC. Or maybe replace Amavis/OpenDKIM by rspamd...
kerem commented 2026-02-27 11:12:31 +03:00
Author
Owner
Copy link

@ValdikSS commented on GitHub (Dec 15, 2020):

@tonioo, there's amavis record in the logs of these messages.
Is this an installation issue? Probably configuration change/incompatibility with Ubuntu 20.04.1?

Dec 15 15:47:16 mail postfix/smtpd[3460]: D2ABE81EA7: client=localhost[127.0.0.1], orig_client=p3nlsmtp16.shr.prod.phx3.secureserver.net[72.167.234.241]
Dec 15 15:47:16 mail postfix/cleanup[3461]: D2ABE81EA7: message-id=<>
Dec 15 15:47:16 mail opendkim[1121]: D2ABE81EA7: no signing table match for 'test@baddkim.com'
Dec 15 15:47:16 mail opendkim[1121]: D2ABE81EA7: no signature data
Dec 15 15:47:16 mail postfix/qmgr[2740]: D2ABE81EA7: from=<test@baddkim.com>, size=2383, nrcpt=1 (queue active)
Dec 15 15:47:16 mail dovecot: lmtp(3465): Connect from local
Dec 15 15:47:16 mail amavis[2051]: (02051-05) Passed CLEAN {RelayedInbound}, [72.167.234.241]:56782 [50.62.160.34] <test@baddkim.com> -> <admin@uguuft.xyz>, mail_id: BLCTT18YxdID, Hits: 0.123, size: 1912, queued_as: D2ABE81EA7, 5320 ms
Dec 15 15:47:16 mail postfix/smtpd[3338]: proxy-accept: END-OF-MESSAGE: 250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as D2ABE81EA7; from=<test@baddkim.com> to=<admin@uguuft.xyz> proto=ESMTP helo=<p3nlsmtp16.shr.prod.phx3.secureserver.net>
Dec 15 15:47:17 mail dovecot: lmtp(admin@uguuft.xyz)<3465><SL3HN4Ta2F+JDQAAagejBg>: sieve: msgid=unspecified: stored mail into mailbox 'INBOX'
Dec 15 15:47:17 mail postfix/lmtp[3464]: D2ABE81EA7: to=<admin@uguuft.xyz>, relay=mail.uguuft.xyz[private/dovecot-lmtp], delay=0.15, delays=0.07/0.01/0/0.08, dsn=2.0.0, status=sent (250 2.0.0 <admin@uguuft.xyz> SL3HN4Ta2F+JDQAAagejBg Saved)
Dec 15 15:47:17 mail dovecot: lmtp(3465): Disconnect from local: Client has quit the connection (state=READY)
Dec 15 15:47:17 mail postfix/qmgr[2740]: D2ABE81EA7: removed

Dec 15 15:47:22 mail postfix/smtpd[3460]: 5B28F81EA7: client=localhost[127.0.0.1], orig_client=p3nlsmtp16.shr.prod.phx3.secureserver.net[72.167.234.241]
Dec 15 15:47:22 mail postfix/cleanup[3461]: 5B28F81EA7: message-id=<>
Dec 15 15:47:22 mail opendkim[1121]: 5B28F81EA7: no signing table match for 'test@badspf.com'
Dec 15 15:47:22 mail opendkim[1121]: 5B28F81EA7: no signature data
Dec 15 15:47:22 mail postfix/qmgr[2740]: 5B28F81EA7: from=<test@badspf.com>, size=2406, nrcpt=1 (queue active)
Dec 15 15:47:22 mail dovecot: lmtp(3465): Connect from local
Dec 15 15:47:22 mail amavis[2051]: (02051-06) Passed CLEAN {RelayedInbound}, [72.167.234.241]:56786 [50.62.160.34] <test@badspf.com> -> <admin@uguuft.xyz>, mail_id: PkMyGKagxiMh, Hits: 1.041, size: 1935, queued_as: 5B28F81EA7, 5494 ms
Dec 15 15:47:22 mail postfix/smtpd[3340]: proxy-accept: END-OF-MESSAGE: 250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 5B28F81EA7; from=<test@badspf.com> to=<admin@uguuft.xyz> proto=ESMTP helo=<p3nlsmtp16.shr.prod.phx3.secureserver.net>
Dec 15 15:47:22 mail dovecot: lmtp(admin@uguuft.xyz)<3465><kHOvGora2F+JDQAAagejBg>: sieve: msgid=unspecified: stored mail into mailbox 'INBOX'
Dec 15 15:47:22 mail postfix/lmtp[3464]: 5B28F81EA7: to=<admin@uguuft.xyz>, relay=mail.uguuft.xyz[private/dovecot-lmtp], delay=0.16, delays=0.07/0.01/0/0.07, dsn=2.0.0, status=sent (250 2.0.0 <admin@uguuft.xyz> kHOvGora2F+JDQAAagejBg Saved)
Dec 15 15:47:22 mail postfix/qmgr[2740]: 5B28F81EA7: removed
<!-- gh-comment-id:745426477 --> @ValdikSS commented on GitHub (Dec 15, 2020): @tonioo, there's amavis record in the logs of these messages. Is this an installation issue? Probably configuration change/incompatibility with Ubuntu 20.04.1? ``` Dec 15 15:47:16 mail postfix/smtpd[3460]: D2ABE81EA7: client=localhost[127.0.0.1], orig_client=p3nlsmtp16.shr.prod.phx3.secureserver.net[72.167.234.241] Dec 15 15:47:16 mail postfix/cleanup[3461]: D2ABE81EA7: message-id=<> Dec 15 15:47:16 mail opendkim[1121]: D2ABE81EA7: no signing table match for 'test@baddkim.com' Dec 15 15:47:16 mail opendkim[1121]: D2ABE81EA7: no signature data Dec 15 15:47:16 mail postfix/qmgr[2740]: D2ABE81EA7: from=<test@baddkim.com>, size=2383, nrcpt=1 (queue active) Dec 15 15:47:16 mail dovecot: lmtp(3465): Connect from local Dec 15 15:47:16 mail amavis[2051]: (02051-05) Passed CLEAN {RelayedInbound}, [72.167.234.241]:56782 [50.62.160.34] <test@baddkim.com> -> <admin@uguuft.xyz>, mail_id: BLCTT18YxdID, Hits: 0.123, size: 1912, queued_as: D2ABE81EA7, 5320 ms Dec 15 15:47:16 mail postfix/smtpd[3338]: proxy-accept: END-OF-MESSAGE: 250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as D2ABE81EA7; from=<test@baddkim.com> to=<admin@uguuft.xyz> proto=ESMTP helo=<p3nlsmtp16.shr.prod.phx3.secureserver.net> Dec 15 15:47:17 mail dovecot: lmtp(admin@uguuft.xyz)<3465><SL3HN4Ta2F+JDQAAagejBg>: sieve: msgid=unspecified: stored mail into mailbox 'INBOX' Dec 15 15:47:17 mail postfix/lmtp[3464]: D2ABE81EA7: to=<admin@uguuft.xyz>, relay=mail.uguuft.xyz[private/dovecot-lmtp], delay=0.15, delays=0.07/0.01/0/0.08, dsn=2.0.0, status=sent (250 2.0.0 <admin@uguuft.xyz> SL3HN4Ta2F+JDQAAagejBg Saved) Dec 15 15:47:17 mail dovecot: lmtp(3465): Disconnect from local: Client has quit the connection (state=READY) Dec 15 15:47:17 mail postfix/qmgr[2740]: D2ABE81EA7: removed Dec 15 15:47:22 mail postfix/smtpd[3460]: 5B28F81EA7: client=localhost[127.0.0.1], orig_client=p3nlsmtp16.shr.prod.phx3.secureserver.net[72.167.234.241] Dec 15 15:47:22 mail postfix/cleanup[3461]: 5B28F81EA7: message-id=<> Dec 15 15:47:22 mail opendkim[1121]: 5B28F81EA7: no signing table match for 'test@badspf.com' Dec 15 15:47:22 mail opendkim[1121]: 5B28F81EA7: no signature data Dec 15 15:47:22 mail postfix/qmgr[2740]: 5B28F81EA7: from=<test@badspf.com>, size=2406, nrcpt=1 (queue active) Dec 15 15:47:22 mail dovecot: lmtp(3465): Connect from local Dec 15 15:47:22 mail amavis[2051]: (02051-06) Passed CLEAN {RelayedInbound}, [72.167.234.241]:56786 [50.62.160.34] <test@badspf.com> -> <admin@uguuft.xyz>, mail_id: PkMyGKagxiMh, Hits: 1.041, size: 1935, queued_as: 5B28F81EA7, 5494 ms Dec 15 15:47:22 mail postfix/smtpd[3340]: proxy-accept: END-OF-MESSAGE: 250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 5B28F81EA7; from=<test@badspf.com> to=<admin@uguuft.xyz> proto=ESMTP helo=<p3nlsmtp16.shr.prod.phx3.secureserver.net> Dec 15 15:47:22 mail dovecot: lmtp(admin@uguuft.xyz)<3465><kHOvGora2F+JDQAAagejBg>: sieve: msgid=unspecified: stored mail into mailbox 'INBOX' Dec 15 15:47:22 mail postfix/lmtp[3464]: 5B28F81EA7: to=<admin@uguuft.xyz>, relay=mail.uguuft.xyz[private/dovecot-lmtp], delay=0.16, delays=0.07/0.01/0/0.07, dsn=2.0.0, status=sent (250 2.0.0 <admin@uguuft.xyz> kHOvGora2F+JDQAAagejBg Saved) Dec 15 15:47:22 mail postfix/qmgr[2740]: 5B28F81EA7: removed ```
kerem commented 2026-02-27 11:12:31 +03:00
Author
Owner
Copy link

@ValdikSS commented on GitHub (Dec 15, 2020):

Another security issue, slightly related to SPF/DKIM/DMARC checks, is that the mail from the outside with spoofed Return-Path, From and To headers is getting DKIM-signed by Modoboa.

I've got the following mail from the outside, without any authentication credentials used by the external server:

Return-Path: <admin@uguuft.xyz>
Delivered-To: admin@uguuft.xyz
Received: from mail.uguuft.xyz
	by mail.uguuft.xyz with LMTP
	id mKUrI3/a2F+JDQAAagejBg
	(envelope-from <admin@uguuft.xyz>)
	for <admin@uguuft.xyz>; Tue, 15 Dec 2020 15:47:11 +0000
Received: from localhost (localhost [127.0.0.1])
	by mail.uguuft.xyz (Postfix) with ESMTP id 6FC1181EA7
	for <admin@uguuft.xyz>; Tue, 15 Dec 2020 15:47:11 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=uguuft.xyz;
	s=modoboa; t=1608047231;
	bh=vLwvy9NKAcx3/8SQ61N3HyRffAbJM4ydRpN69hpTOvs=;
	h=From:To:Date:Subject:From;
	b=Ai7tztjPKn4J4QsJp5ICgZn44bMaEResDHngfHQw8ECEULM62IxyEoSLfbnsThYjr
	 +FJ2hjIitZeztL8y5pdm2qX5KJOXH2hhKukL3Y1/p+ahPLwJEdv3b9UXhqRa/T+Xn1
	 5+iGIlrkPR9zwZx+fEnosWDPVrakdyZEilG5asm5m+jIASb4mRPe0ynIHkxU0dniyP
	 wbeZRXygLgIFxlfvepUxOodv/lQfimvCgXB8041SJZZkPy8mdDwO/rwlaAoSO+xQMk
	 9yv3BjZKlpfB6+ITCFxU06qVrYKNbvrE5O1BlKD9zl2RMF93/IZ6+xLz2se4MIFmBa
	 y//hMsSdcAsSg==
X-Virus-Scanned: Debian amavisd-new at mail.uguuft.xyz
X-Spam-Flag: NO
X-Spam-Score: 3.094
X-Spam-Level: ***
X-Spam-Status: No, score=3.094 tagged_above=2 required=6.31
	tests=[FROM_SUSPICIOUS_NTLD=1, FROM_SUSPICIOUS_NTLD_FP=1,
	MISSING_MID=0.14, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01,
	RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_NONE=0.001, SPF_SOFTFAIL=0.972,
	URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.uguuft.xyz ([127.0.0.1])
	by localhost (mail.uguuft.xyz [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id May5V2kKb2mZ for <admin@uguuft.xyz>;
	Tue, 15 Dec 2020 15:47:06 +0000 (UTC)
Received: from p3nlsmtp16.shr.prod.phx3.secureserver.net (p3nlsmtp16.shr.prod.phx3.secureserver.net [72.167.234.241])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by mail.uguuft.xyz (Postfix) with ESMTPS
	for <admin@uguuft.xyz>; Tue, 15 Dec 2020 15:46:59 +0000 (UTC)
Received: from P3NWVPWEB097 ([50.62.160.34])
	by : HOSTING RELAY : with ESMTP
	id pCP6kiU1e2WpqpCP6kp4cr; Tue, 15 Dec 2020 08:38:20 -0700
X-CMAE-Analysis: v=2.4 cv=bsuJuGWi c=1 sm=1 tr=0 ts=5fd8d86c
 a=5ut4CJh8xkMQtYfDDsDMVA==:117 a=5ut4CJh8xkMQtYfDDsDMVA==:17 a=06rO89ENAAAA:8
 a=HpEJnUlJZJkA:10 a=kj9zAlcOel0A:10 a=MKtGQD3n3ToA:10 a=GNOgjrTkpOwA:10
 a=ZZnuYtJkoWoA:10 a=EKrGBwzAl0PW3JTK6XoA:9 a=CjuIK1q_8ugA:10
 a=a-VhRbJMGjIA:10 a=ZSy8GxL5bGPctucz7bn6:22
X-SECURESERVER-ACCT: UNKNOWN
MIME-Version: 1.0
From: admin@uguuft.xyz
To: admin@uguuft.xyz
Date: 15 Dec 2020 08:38:20 -0700
Subject: E4 Testing internal authentication from emailSpoofTest.com
 -Critical severity
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: quoted-printable
X-CMAE-Envelope: MS4xfEbeJpN9Sv31RavT/zNQRgMRf9aKw/yfSJ1vsFYtJZW0N/HxiAzhc4Z2OC6gREOjwFfqPkTKij5U7iUwG5qiRngpqxp3Le6k7Ta1Ydfx/piIx7JaQ2Yj
 jBHA3nF9JlBfEO+8+zeLdFUJ6YCLvkk+Wnz7i2j8eSmilHp7km0kZ1pDm8J0xZRlABbMiW/JUOT52g==

YOU SHOULD NEVER RECEIVE THIS EMAIL!=0D=0A=0D=0AThis email system=
 failed to authenticate internal email. This misconfiguration all=
ows outsiders to impersonate internal employees. This security is=
sue is used often to compromise users, steal data, and manipulate=
 internal affairs.=0D=0A=0D=0ATo correct; Configure your inbound =
email servers authentication correctly and try again. Go to email=
spooftest.com/score.aspx to complete a spoof report card, referen=
ce Email 4. For help with correcting these email security issues =
please email: email@emailspooftest.com.=0D=0A=0D=0A=0D=0ASender S=
ource IP: XXXXXXXXXX
<!-- gh-comment-id:745432270 --> @ValdikSS commented on GitHub (Dec 15, 2020): Another security issue, slightly related to SPF/DKIM/DMARC checks, is that the mail from the outside with spoofed `Return-Path`, `From` and `To` headers is getting **DKIM-signed** by Modoboa. I've got the following mail from the outside, without any authentication credentials used by the external server: ``` Return-Path: <admin@uguuft.xyz> Delivered-To: admin@uguuft.xyz Received: from mail.uguuft.xyz by mail.uguuft.xyz with LMTP id mKUrI3/a2F+JDQAAagejBg (envelope-from <admin@uguuft.xyz>) for <admin@uguuft.xyz>; Tue, 15 Dec 2020 15:47:11 +0000 Received: from localhost (localhost [127.0.0.1]) by mail.uguuft.xyz (Postfix) with ESMTP id 6FC1181EA7 for <admin@uguuft.xyz>; Tue, 15 Dec 2020 15:47:11 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=uguuft.xyz; s=modoboa; t=1608047231; bh=vLwvy9NKAcx3/8SQ61N3HyRffAbJM4ydRpN69hpTOvs=; h=From:To:Date:Subject:From; b=Ai7tztjPKn4J4QsJp5ICgZn44bMaEResDHngfHQw8ECEULM62IxyEoSLfbnsThYjr +FJ2hjIitZeztL8y5pdm2qX5KJOXH2hhKukL3Y1/p+ahPLwJEdv3b9UXhqRa/T+Xn1 5+iGIlrkPR9zwZx+fEnosWDPVrakdyZEilG5asm5m+jIASb4mRPe0ynIHkxU0dniyP wbeZRXygLgIFxlfvepUxOodv/lQfimvCgXB8041SJZZkPy8mdDwO/rwlaAoSO+xQMk 9yv3BjZKlpfB6+ITCFxU06qVrYKNbvrE5O1BlKD9zl2RMF93/IZ6+xLz2se4MIFmBa y//hMsSdcAsSg== X-Virus-Scanned: Debian amavisd-new at mail.uguuft.xyz X-Spam-Flag: NO X-Spam-Score: 3.094 X-Spam-Level: *** X-Spam-Status: No, score=3.094 tagged_above=2 required=6.31 tests=[FROM_SUSPICIOUS_NTLD=1, FROM_SUSPICIOUS_NTLD_FP=1, MISSING_MID=0.14, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_NONE=0.001, SPF_SOFTFAIL=0.972, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no Received: from mail.uguuft.xyz ([127.0.0.1]) by localhost (mail.uguuft.xyz [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id May5V2kKb2mZ for <admin@uguuft.xyz>; Tue, 15 Dec 2020 15:47:06 +0000 (UTC) Received: from p3nlsmtp16.shr.prod.phx3.secureserver.net (p3nlsmtp16.shr.prod.phx3.secureserver.net [72.167.234.241]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.uguuft.xyz (Postfix) with ESMTPS for <admin@uguuft.xyz>; Tue, 15 Dec 2020 15:46:59 +0000 (UTC) Received: from P3NWVPWEB097 ([50.62.160.34]) by : HOSTING RELAY : with ESMTP id pCP6kiU1e2WpqpCP6kp4cr; Tue, 15 Dec 2020 08:38:20 -0700 X-CMAE-Analysis: v=2.4 cv=bsuJuGWi c=1 sm=1 tr=0 ts=5fd8d86c a=5ut4CJh8xkMQtYfDDsDMVA==:117 a=5ut4CJh8xkMQtYfDDsDMVA==:17 a=06rO89ENAAAA:8 a=HpEJnUlJZJkA:10 a=kj9zAlcOel0A:10 a=MKtGQD3n3ToA:10 a=GNOgjrTkpOwA:10 a=ZZnuYtJkoWoA:10 a=EKrGBwzAl0PW3JTK6XoA:9 a=CjuIK1q_8ugA:10 a=a-VhRbJMGjIA:10 a=ZSy8GxL5bGPctucz7bn6:22 X-SECURESERVER-ACCT: UNKNOWN MIME-Version: 1.0 From: admin@uguuft.xyz To: admin@uguuft.xyz Date: 15 Dec 2020 08:38:20 -0700 Subject: E4 Testing internal authentication from emailSpoofTest.com -Critical severity Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable X-CMAE-Envelope: MS4xfEbeJpN9Sv31RavT/zNQRgMRf9aKw/yfSJ1vsFYtJZW0N/HxiAzhc4Z2OC6gREOjwFfqPkTKij5U7iUwG5qiRngpqxp3Le6k7Ta1Ydfx/piIx7JaQ2Yj jBHA3nF9JlBfEO+8+zeLdFUJ6YCLvkk+Wnz7i2j8eSmilHp7km0kZ1pDm8J0xZRlABbMiW/JUOT52g== YOU SHOULD NEVER RECEIVE THIS EMAIL!=0D=0A=0D=0AThis email system= failed to authenticate internal email. This misconfiguration all= ows outsiders to impersonate internal employees. This security is= sue is used often to compromise users, steal data, and manipulate= internal affairs.=0D=0A=0D=0ATo correct; Configure your inbound = email servers authentication correctly and try again. Go to email= spooftest.com/score.aspx to complete a spoof report card, referen= ce Email 4. For help with correcting these email security issues = please email: email@emailspooftest.com.=0D=0A=0D=0A=0D=0ASender S= ource IP: XXXXXXXXXX ```
kerem commented 2026-02-27 11:12:31 +03:00
Author
Owner
Copy link

@tonioo commented on GitHub (Dec 15, 2020):

@ValdikSS Ok, so the interesting part of your second message is that it is actually checked by Amavis. And maybe that the real issue is the DKIM signature being applied on untrusted sender!

<!-- gh-comment-id:745438157 --> @tonioo commented on GitHub (Dec 15, 2020): @ValdikSS Ok, so the interesting part of your second message is that it is actually checked by Amavis. And maybe that the real issue is the DKIM signature being applied on untrusted sender!
kerem commented 2026-02-27 11:12:31 +03:00
Author
Owner
Copy link

@ValdikSS commented on GitHub (Dec 15, 2020):

Consider adding the following into /etc/opendkim.conf configuration:

##  Add an "Authentication-Results:" header even to unsigned messages
##  from domains with no "signs all" policy.  The reported DKIM result
##  will be "none" in such cases.  Normally unsigned mail from non-strict
##  domains does not cause the results header to be added.

AlwaysAddARHeader     yes


##  Remove all Authentication-Results: headers on all arriving mail.

RemoveARAll           yes
<!-- gh-comment-id:745438332 --> @ValdikSS commented on GitHub (Dec 15, 2020): Consider adding the following into `/etc/opendkim.conf` configuration: ``` ## Add an "Authentication-Results:" header even to unsigned messages ## from domains with no "signs all" policy. The reported DKIM result ## will be "none" in such cases. Normally unsigned mail from non-strict ## domains does not cause the results header to be added. AlwaysAddARHeader yes ## Remove all Authentication-Results: headers on all arriving mail. RemoveARAll yes ```
kerem commented 2026-02-27 11:12:31 +03:00
Author
Owner
Copy link

@ValdikSS commented on GitHub (Dec 15, 2020):

And maybe that the real issue is the DKIM signature being applied on untrusted sender!

No, that's unrelated, it's another check (E4), and the others are bad SPF (E3) and missing DKIM with DMARC policy enforcement (E2).

Please try it yourself on https://emailspooftest.com/

<!-- gh-comment-id:745439215 --> @ValdikSS commented on GitHub (Dec 15, 2020): >And maybe that the real issue is the DKIM signature being applied on untrusted sender! No, that's unrelated, it's another check (E4), and the others are bad SPF (E3) and missing DKIM with DMARC policy enforcement (E2). Please try it yourself on https://emailspooftest.com/
kerem commented 2026-02-27 11:12:31 +03:00
Author
Owner
Copy link

@tonioo commented on GitHub (Dec 15, 2020):

@ValdikSS I'm using rspamd on my local server and results are better. Do you think the configuration you pasted should solve this issue?

<!-- gh-comment-id:745440091 --> @tonioo commented on GitHub (Dec 15, 2020): @ValdikSS I'm using rspamd on my local server and results are better. Do you think the configuration you pasted should solve this issue?
kerem commented 2026-02-27 11:12:31 +03:00
Author
Owner
Copy link

@ValdikSS commented on GitHub (Dec 15, 2020):

@tonioo, I'm not an expert in email or email configuration/daemons. I'm testing different email server configurators/installators and checking their features. One of the check is anti-spoofing functionality for incoming mails.

Mail-in-a-box also lacks proper SPF/DKIM/DMARC check, but they use OpenDMARC, which could be properly configured in just two configuration options.
https://github.com/mail-in-a-box/mailinabox/issues/1755#issuecomment-706944871

<!-- gh-comment-id:745445024 --> @ValdikSS commented on GitHub (Dec 15, 2020): @tonioo, I'm not an expert in email or email configuration/daemons. I'm testing different email server configurators/installators and checking their features. One of the check is anti-spoofing functionality for incoming mails. Mail-in-a-box also lacks proper SPF/DKIM/DMARC check, but they use OpenDMARC, which could be properly configured in just two configuration options. https://github.com/mail-in-a-box/mailinabox/issues/1755#issuecomment-706944871
kerem commented 2026-02-27 11:12:31 +03:00
Author
Owner
Copy link

@tonioo commented on GitHub (Dec 15, 2020):

@ValdikSS Need to check this. Actually it might be a configuration issue with the postfix <> amavis integration. Could you try to modify the /etc/postfix/master.cf ? You just need to add the no_milters option like this:

127.0.0.1:10025 inet    n       -       -       -       -       smtpd
        -o content_filter=
        -o local_recipient_maps=
        -o relay_recipient_maps=
        -o smtpd_restriction_classes=
        -o smtpd_delay_reject=no
        -o smtpd_client_restrictions=permit_mynetworks,reject
        -o smtpd_helo_restrictions=
        -o smtpd_sender_restrictions=
        -o smtpd_recipient_restrictions=permit_mynetworks,reject
        -o smtpd_data_restrictions=reject_unauth_pipelining
        -o smtpd_end_of_data_restrictions=
        -o mynetworks=127.0.0.0/8
        -o smtpd_error_sleep_time=0
        -o smtpd_soft_error_limit=1001
        -o smtpd_hard_error_limit=1000
        -o smtpd_client_connection_count_limit=0
        -o smtpd_client_connection_rate_limit=0
        -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters
<!-- gh-comment-id:745447031 --> @tonioo commented on GitHub (Dec 15, 2020): @ValdikSS Need to check this. Actually it might be a configuration issue with the postfix <> amavis integration. Could you try to modify the /etc/postfix/master.cf ? You just need to add the ``no_milters`` option like this: ``` 127.0.0.1:10025 inet n - - - - smtpd -o content_filter= -o local_recipient_maps= -o relay_recipient_maps= -o smtpd_restriction_classes= -o smtpd_delay_reject=no -o smtpd_client_restrictions=permit_mynetworks,reject -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o smtpd_data_restrictions=reject_unauth_pipelining -o smtpd_end_of_data_restrictions= -o mynetworks=127.0.0.0/8 -o smtpd_error_sleep_time=0 -o smtpd_soft_error_limit=1001 -o smtpd_hard_error_limit=1000 -o smtpd_client_connection_count_limit=0 -o smtpd_client_connection_rate_limit=0 -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters ```
kerem commented 2026-02-27 11:12:31 +03:00
Author
Owner
Copy link

@ValdikSS commented on GitHub (Dec 15, 2020):

@tonioo, that fixed DKIM signature on spoofed email, it's no longer getting signed, but other than that nothing has changed, all 11 emails are still got into inbox.

<!-- gh-comment-id:745456523 --> @ValdikSS commented on GitHub (Dec 15, 2020): @tonioo, that fixed DKIM signature on spoofed email, it's no longer getting signed, but other than that nothing has changed, all 11 emails are still got into inbox.
kerem commented 2026-02-27 11:12:31 +03:00
Author
Owner
Copy link

@tonioo commented on GitHub (Dec 15, 2020):

@ValdikSS Can you check the X-Spam-Score header in received messages?

<!-- gh-comment-id:745477527 --> @tonioo commented on GitHub (Dec 15, 2020): @ValdikSS Can you check the X-Spam-Score header in received messages?
kerem commented 2026-02-27 11:12:31 +03:00
Author
Owner
Copy link

@ValdikSS commented on GitHub (Dec 15, 2020):

@tonioo, E4 test has:

X-Spam-Flag: NO
X-Spam-Score: 3.094
X-Spam-Level: ***
X-Spam-Status: No, score=3.094 tagged_above=2 required=6.31

Other tests do not contain this header.

<!-- gh-comment-id:745483551 --> @ValdikSS commented on GitHub (Dec 15, 2020): @tonioo, E4 test has: ``` X-Spam-Flag: NO X-Spam-Score: 3.094 X-Spam-Level: *** X-Spam-Status: No, score=3.094 tagged_above=2 required=6.31 ``` Other tests do not contain this header.
kerem commented 2026-02-27 11:12:31 +03:00
Author
Owner
Copy link

@tonioo commented on GitHub (Dec 16, 2020):

@ValdikSS So it means their score is too small to be displayed in the headers... That's strange. Maybe default Spamassassin rules have changed with Ubuntu 20.04?

<!-- gh-comment-id:745853998 --> @tonioo commented on GitHub (Dec 16, 2020): @ValdikSS So it means their score is too small to be displayed in the headers... That's strange. Maybe default Spamassassin rules have changed with Ubuntu 20.04?
kerem commented 2026-02-27 11:12:31 +03:00
Author
Owner
Copy link

@bloeys commented on GitHub (May 10, 2021):

Any updates on this? Using the latest version and the same test all emails still go into inbox 😅
Is there any fix currently to improve filtering?

<!-- gh-comment-id:836288557 --> @bloeys commented on GitHub (May 10, 2021): Any updates on this? Using the latest version and the same test all emails still go into inbox 😅 Is there any fix currently to improve filtering?
kerem commented 2026-02-27 11:12:31 +03:00
Author
Owner
Copy link

@blu-IT commented on GitHub (Sep 21, 2021):

I tested the service above too. All mails (E1 - E10) go into the inbox BUT the most are marked as SPAM:

E1 is a false positive
E2 - E4 are correctly marked as SPAM
E6, E7, E8 & E10 are correctly marked as SPAM
E5 & E9 are false negative / should be marked as SPAM, but aren't marked.

<!-- gh-comment-id:924164748 --> @blu-IT commented on GitHub (Sep 21, 2021): I tested the service above too. All mails (E1 - E10) go into the inbox BUT the most are marked as SPAM: E1 is a false positive E2 - E4 are correctly marked as SPAM E6, E7, E8 & E10 are correctly marked as SPAM E5 & E9 are false negative / should be marked as SPAM, but aren't marked.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
fix/sievefilters-allow-email-in-rule-name
dependabot/npm_and_yarn/frontend/axios-1.15.0
translations_04c0b653215cb5fa48ab101eae1a1917_ja_JP
translations_5d93982e9fd6dab991db4faf93ce9ded_ja_JP
fix/login-issue-3995
fix/sievefilters-issues
add-vitepress-openapi
2974-dmarc-empty-email
2.3.x
updated-doc-2.3.0
feature/OIDC
delete-all-alarms
translations_modoboa-admin-locale-en-lc-messages-djangojs-po--master_af_ZA
translations_modoboa-admin-locale-en-lc-messages-djangojs-po--master_ar
translations_modoboa-admin-locale-en-lc-messages-djangojs-po--master_ca
1.x
translations_modoboa-admin-locale-en-lc-messages-djangojs-po--master_sk
translations_modoboa-admin-locale-en-lc-messages-djangojs-po--master_tr
translations_modoboa-admin-locale-en-lc-messages-djangojs-po--master_es_ES
translations_modoboa-admin-locale-en-lc-messages-djangojs-po--master_uk
translations_modoboa-admin-locale-en-lc-messages-djangojs-po--master_zh_CN
translations_modoboa-admin-locale-en-lc-messages-djangojs-po--master_de_DE
translations_modoboa-admin-locale-en-lc-messages-djangojs-po--master_da_DK
1.8.x
1.7.x
1.6.x
1.4.x
1.3.x
1.2.x
2.8.2
2.8.1
2.8.0
2.7.2
2.7.1
2.7.0
2.6.5
2.6.4
2.6.3
2.6.2
2.6.1
2.6.0
2.5.1
2.5.0
2.4.11
2.4.10
2.4.9
2.4.8
2.4.7
2.4.6
2.4.5
2.4.4
2.4.3
2.4.2
2.4.1
2.4.0
2.3.6
2.3.5
2.3.4
2.3.3
2.3.2
2.3.1
2.3.0
2.3.0-beta.4
2.3.0-beta.3
2.3.0-beta.2
2.3.0-beta.1
2.2.4
2.2.3
2.2.2
2.2.1
2.2.0
2.1.2
2.1.1
2.1.0
2.0.5
2.0.4
2.0.3
2.0.2
2.0.1
2.0.0
2.0.0-beta.3
2.0.0-beta.2
2.0.0-beta.1
1.17.0
1.16.1
1.16.0
1.15.0
1.14.0
1.13.1
1.13.0
1.12.2
1.12.1
1.12.0
1.11.1
1.11.0
1.10.7
1.10.6
1.10.5
1.10.4
1.10.3
1.10.2
1.10.1
1.10.0
1.9.1
1.9.0
1.8.3
1.8.2
1.8.1
1.8.0
1.7.4
1.7.3
1.7.2
1.7.1
1.7.0
1.6.3
1.6.2
1.6.1
1.6.0
1.5.3
1.5.2
1.5.1
1.5.0
1.4.5
1.4.4
1.4.3
1.4.2
1.4.1
1.4.0
1.3.5
1.3.4
1.2.2
1.3.3
1.3.2
1.3.1
1.3.0
1.2.1
1.2.0
1.2.0-rc2
1.2.0-rc1
1.1.7
1.1.6
1.1.5
1.1.4
1.1.3
1.1.2
1.1.1
1.1.0
1.0.1
1.0.0
0.9.5
0.9.4
0.9.3
0.9.2
0.9.1
0.9
0.8.8
0.8.7
0.8.6.1
0.8.6
0.8.5
0.8.4
0.8.3
0.8.3-rc1
0.8.2
0.8.1
0.8
0.8-rc2
0.8-rc1
0.7.2
0.7.1
0.7
0.6.1
0.6
0.5
0.3
0.2
0.1
Labels
Clear labels   
bug

   
bug

   
dependencies

   
design

   
documentation

   
duplicate

   
enhancement

   
enhancement

   
enhancement

   
feedback-needed

   
help-needed

   
help-needed

   
installer

   
invalid

   
looking-for-sponsors

   
modoboa-contacts

   
new-ui

   
new-ui

   
pr

   
pull-request

Mirrored from GitHub Pull Request

  
pyconfr

   
python

   
question

   
security

   
stale

   
webmail

   
wontfix
No labels
bug
bug
dependencies
design
documentation
duplicate
enhancement
enhancement
enhancement
feedback-needed
help-needed
help-needed
installer
invalid
looking-for-sponsors
modoboa-contacts
new-ui
new-ui
pr
pull-request
pyconfr
python
question
security
stale
webmail
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/modoboa-modoboa#585
No description provided.