SPF implementation

[bpmod]

Hello all

I haven't really been able to get any info as to how to implement SPF for incoming mail. There is plenty of info as to how to set up your domain with an SPF record so that anybody using SPF for filtering will allow mail through from your domain.

My provider (I have a dedicated server running WHM/cPanel) tells me that cPanel's version of Exim does not support SPF checking, but openspf.org says that Exim provides "native support" for SPF.

I am tired of getting hundreds of spam emails that purport to be from myself. All of my clients are complaining about the same thing. The non-tech-savvy ones believe that somebody has hacked into their email accounts and is sending spam out using them.

What steps should I go through to get SPF checking working fully on my server?

Thanks

Brian

[Infopro]

You should check what those accounts have unrouted mail set for in your cPanel. Should be:
Current Setting: :fail: no such address here

As for SPF, Look for a new icon in cPanel called Email authentication. A few clicks and its done. This is working as expected so far here with no complaints from users who have set it.

[bpmod]

You should check what those accounts have unrouted mail set for in your cPanel. Should be:
Current Setting: :fail: no such address here

As for SPF, Look for a new icon in cPanel called Email authentication. A few clicks and its done. This is working as expected so far here with no complaints from users who have set it.

Hello?

Is this thing on?

[cPanelDavidG]

Hello?

Is this thing on?

Can you be more specific? Do you think your server is not properly analyzing SPF records before accepting mail?

[bpmod]

I am sorry. I thought I had been very specific.

There is no checking of SPF on any incoming mail (except a cursory check by SpamAssassin which has no effect whatsoever) on the server. I have not been able to find anything at all on openspf's website, exim's website or cPanel's website as to how to set up this checking. Everything I have read (including what is available under "email authentication" in cPanel) is for publishing SPF records, which I have done.

Is this more clear?

Thanks

Brian

[cpanelkenneth]

I am sorry. I thought I had been very specific.

There is no checking of SPF on any incoming mail (except a cursory check by SpamAssassin which has no effect whatsoever) on the server. I have not been able to find anything at all on openspf's website, exim's website or cPanel's website as to how to set up this checking. Everything I have read (including what is available under "email authentication" in cPanel) is for publishing SPF records, which I have done.

Is this more clear?

Thanks

Brian

We don't have full support for SPF lookups on incoming mail. Support for that is currently in beta-testing.

[katmai]

just the kind of news i was looking for

[krisdv]

We don't have full support for SPF lookups on incoming mail. Support for that is currently in beta-testing.

Is this still in beta-testing or is there already a way to enable this server wide?

[wemail]

I use a shared hosting system on cPanel version 11.18.6-RELEASE, and it appears to have the SPF & DomainKeys options available - though it does give what another thread described as incorrect error messages.

Can you give us any idea of when the support will be in the RELEASE version, as I have many users with SPAM problems.

TIA

[bpmod]

We don't have full support for SPF lookups on incoming mail. Support for that is currently in beta-testing.

Any word as to when we can expect to see this?

Thanks

Brian

[cpanelkenneth]

The Exim 4.69-5 RPM supports SPF and DomainKeys checks on incoming mail at SMTP time. This RPM is in EDGE at this time, but will make it's way to the other branches barring issues.

[wemail]

We would be reluctant to activate SPF checking unless SRS is also available, as SPF alone will "break" forwarding, which is an essential part of our site.

When SPF is fully available, will SRS be ready to activate too?

[cpanelkenneth]

We would be reluctant to activate SPF checking unless SRS is also available, as SPF alone will "break" forwarding, which is an essential part of our site.

When SPF is fully available, will SRS be ready to activate too?

SRS functionality is present in the Exim 4.69-5 RPM but is unsupported by cPanel. You will need to perform all the configuration manually.

[wemail]

SRS functionality is present in the Exim 4.69-5 RPM but is unsupported by cPanel. You will need to perform all the configuration manually.

Can you please supply any link to appropriate configuration guidance?

The auto-update upgraded us to cPanel 11.23.1-R24893 just now. This has Exim 4.68-1 and the config options offer "Blacklist: SPF Checking (Reject mail at SMTP time if the sender fails SPF checks)".

Does your above reply mean that we still have to wait for 4.69-5 to be able to use SPF+SRS?

Thanks

[cpanelkenneth]

Can you please supply any link to appropriate configuration guidance?

The auto-update upgraded us to cPanel 11.23.1-R24893 just now. This has Exim 4.68-1 and the config options offer "Blacklist: SPF Checking (Reject mail at SMTP time if the sender fails SPF checks)".

Does your above reply mean that we still have to wait for 4.69-5 to be able to use SPF+SRS?

Thanks

This might be a way to start:

http://wiki.exim.org/SRS


The Exim 4.69-5 RPM is in EDGE and CURRENT. Once it is pushed to RELEASE, then your will have functionality for both SRS and SPF in the Exim binary.

If you tick the SPF checkbox w/o having that version of Exim, then SpamAssassin is used to perform the lookup.