Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Warn about DKIM not existing or failing - on received emails

Discussion in 'E-mail Discussions' started by nunoperalta, Dec 12, 2017.

Tags:
  1. nunoperalta

    nunoperalta Member

    Joined:
    Jan 27, 2012
    Messages:
    12
    Likes Received:
    1
    Trophy Points:
    53
    cPanel Access Level:
    Root Administrator
    Hello,

    I've just tested sending a fake email to my inbox, and while I see that SpamAssassin detected that SPF didn't match, it didn't give enough score (min 5.0 in my setup) to show ***SPAM*** on the subject.

    Basically, unless I look at the headers of every email I receive, there is no way to know straight away that an email was spoofed. My Outlook will not warn about that either.


    Is there any easy way to add a prefix to the Subject, just like SpamAssassin does, when DKIM doesn't exist, or DKIM failed verification, or sender doesn't match SPF?

    Thank you.
     
    #1 nunoperalta, Dec 12, 2017
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    42,782
    Likes Received:
    1,712
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    You could manually add SPF rules in the SpamAssassin configuration file to enable more aggressive scoring on SPF failures. The global SpamAssassin configuration file on cPanel servers is located at:

    /etc/mail/spamassassin/local.cf

    Here's an example of how SPF rules are implemented when "Enable the Apache SpamAssassin™ ruleset that cPanel uses on cpanel.net" is enabled under the "Apache SpamAssassin" tab in "WHM >> Exim Configuration Manager >> Basic Editor":

    Code:
    #
# SPF failures and information
#
ifplugin Mail::SpamAssassin::Plugin::SPF
score SPF_NONE 0
score SPF_HELO_NONE 0
score SPF_PASS -0.001
score SPF_HELO_PASS -0.001
score SPF_FAIL 4.0
score SPF_HELO_FAIL 4.0
score SPF_HELO_NEUTRAL 0
score SPF_HELO_SOFTFAIL 1.5
score SPF_NEUTRAL 0
score SPF_SOFTFAIL 1.5
endif

    Thus, you'd want to increase the score value on "score SPF_SOFTFAIL 1.5" to something higher than 1.5. Alternatively, the following post offers a workaround if you'd like to enable SPF checking directly in Exim so that it rejects messages that fail SPF verification:

    SPF Verification

    Thank you.
     
    #2 cPanelMichael, Dec 12, 2017
  3. nunoperalta

    nunoperalta Member

    Joined:
    Jan 27, 2012
    Messages:
    12
    Likes Received:
    1
    Trophy Points:
    53
    cPanel Access Level:
    Root Administrator
    Thank you very much Michael - that's definitely helpful!

    However, I would be very interested in doing something similar for DKIM empty or failing.

    Does SpamAssassin support it?
    Or do I need to change exim.conf, maybe checking for the value of $dkim_verify_status? Are there any already-tested ways of doing this?
    (note that I still want to receive the email - just want to add some prefix on the subject)

    If I change exim.conf, will cPanel overwrite it at some point?

    Very kind regards!
     
    #3 nunoperalta, Dec 13, 2017
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    42,782
    Likes Received:
    1,712
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    For DKIM, the following options are available under the "ACL Options" tab in "WHM >> Exim Configuration Manager >> Basic Editor":

    Allow DKIM verification for incoming messages
    Reject DKIM failures

    Thank you.
     
    #4 cPanelMichael, Dec 13, 2017
  5. nunoperalta

    nunoperalta Member

    Joined:
    Jan 27, 2012
    Messages:
    12
    Likes Received:
    1
    Trophy Points:
    53
    cPanel Access Level:
    Root Administrator
    Thank you.

    What exacly does "Allow DKIM verification for incoming messages" do when the verification fails?

    Note that I don't want to reject them (so the second option will remain disabled), but I want to add a prefix to the subject instead.

    Very kind regards.
     
    #5 nunoperalta, Dec 13, 2017
  6. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    42,782
    Likes Received:
    1,712
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    The Allow DKIM verification for incoming messages option enables scanning for DKIM records with Exim, so the information will appear in the message header but Exim won't actually reject email. Additionally, there are no features to automatically rewrite the subject for DKIM failures, so you may also want to review the following SpamAssassin document about how you could scan for DKIM and mark messages as SPAM:

    Mail::SpamAssassin::Plugin::DKIM - perform DKIM verification tests

    Thank you.
     
    #6 cPanelMichael, Dec 13, 2017
  7. nunoperalta

    nunoperalta Member

    Joined:
    Jan 27, 2012
    Messages:
    12
    Likes Received:
    1
    Trophy Points:
    53
    cPanel Access Level:
    Root Administrator
    I see. Thank you.

    My "Allow DKIM verification for incoming messages" option is disabled in WHM.

    However, SpamAssassin must still be verifying DKIM anyway, as I get the following rules when messages do succeed in DKIM:

    DKIM_VALID_AU
    DKIM_SIGNED
    DKIM_VALID

    (which is good)


    But the Fake test message I sent only has the following:

    SPF_SOFTFAIL
    SPF_HELO_PASS

    It doesn't have anything about DKIM not existing or failing.


    Just like you suggested I could increase the score of SPF_SOFTFAIL to auto-mark as SPAM, shouldn't SpamAssassin also be adding points (or at least have a rule for that) when there is no DKIM at all?

    Thank you.
     
    #7 nunoperalta, Dec 13, 2017
  8. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    42,782
    Likes Received:
    1,712
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    SpamAssassin uses it's own method of checking for DKIM, as I understand. The KAM ruleset is enabled by default and uses some DKIM rules:

    Code:
    /etc/mail/spamassassin/KAM.cf
    You'd need to create additional custom rules if you wanted to add additional scoring or checking. Or, since that's unsupported, you may also want to consider creating a feature request to have DKIM verification handled through SpamAssassin natively:

    Submit A Feature Request

    Are you sending the message from the cPanel server or a remote mail server? Note you won't see any actual DKIM information in the message header unless Allow DKIM verification for incoming messages is enabled.

    Thank you.
     
    #8 cPanelMichael, Dec 13, 2017
  9. nunoperalta

    nunoperalta Member

    Joined:
    Jan 27, 2012
    Messages:
    12
    Likes Received:
    1
    Trophy Points:
    53
    cPanel Access Level:
    Root Administrator
    I use this website to send the email. I wanted to make sure I do it through and external server/service.
    Emkei's Fake Mailer

    It sends no DKIM (as I was expecting anyway).


    Thank you. I'll have a look at your tips.
    I'll create a feature request as well.
     
    #9 nunoperalta, Dec 13, 2017
  10. nunoperalta

    nunoperalta Member

    Joined:
    Jan 27, 2012
    Messages:
    12
    Likes Received:
    1
    Trophy Points:
    53
    cPanel Access Level:
    Root Administrator
    Perfect! I created my own .cf file that will raise the score of SPF_FAIL (and SoftFail), and check whether DKIM is invalid or not exist. I tested another email from the website above and got the exact result I wanted!! :)

    Also sent a proper email from a Gmail account and that wasn't marked as SPAM.

    Thank you very much for your help, Michael.
     
    #10 nunoperalta, Dec 13, 2017
    cPanelMichael likes this.
(You must log in or sign up to post here.)
Loading...
Similar Threads - Warn DKIM existing
  1. xfactor5

    lfd excessive resource usage warnings with litespeed

    xfactor5, Apr 24, 2018 at 7:56 AM, in forum: General Discussion
    Replies:
    1
    Views:
    27
    cPanelLauren
    Apr 24, 2018 at 10:16 AM
  2. Miguel G

    Apache override templates installed warning

    Miguel G, Apr 9, 2018, in forum: EasyApache
    Replies:
    9
    Views:
    104
    cPanelLauren
    Apr 11, 2018
  3. ahmedps

    HTTP shows a blank page for sites and HTTPS shows certificate warning

    ahmedps, Mar 29, 2018, in forum: General Discussion
    Replies:
    1
    Views:
    65
    cPanelMichael
    Mar 29, 2018
  4. Reiyad

    Warning: cPanel is unable to verify that this server is an authoritative nameserver

    Reiyad, Mar 7, 2018, in forum: E-mail Discussions
    Replies:
    5
    Views:
    234
    cPanelMichael
    Mar 7, 2018
  5. Spirogg

    SOLVED dovecot: master: Warning: Killed with signal 15 (by pid=13468 uid=0 code=kill)

    Spirogg, Feb 21, 2018, in forum: E-mail Discussions
    Replies:
    3
    Views:
    458
    Spirogg
    Feb 21, 2018

Share This Page