I have postfix + spamassassin.
Spamassassin suppose to check the SPF of the sender, but I received following spam:
[email protected] = this is the email on my postfix
Return-Path: <[email protected]>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
astra4450.dedicatedpanel.com
X-Spam-Level: ***
X-Spam-Status: No, score=3.4 required=5.0 tests=BAYES_00,
HEADER_FROM_DIFFERENT_DOMAINS,HTML_MESSAGE,RCVD_IN_SBL,SPF_HELO_PASS,SPF_PASS,
TO_IN_SUBJ,TVD_PH_BODY_ACCOUNTS_PRE,T_KAM_HTML_FONT_INVALID,URIBL_BLOCKED,
URIBL_DBL_MALWARE,URIBL_PH_SURBL,URIBL_SBL,URIBL_SBL_A autolearn=no
autolearn_force=no version=3.4.0
Delivered-To: [email protected]
Received: from mail.hostify.vn (mail.hostify.vn [150.95.110.152])
by mx6.example.com (Postfix) with ESMTPS id A0C74100F20F14
for <[email protected]>; Wed, 13 Dec 2023 03:26:58 +0200 (EET)
Received: from localhost (localhost [127.0.0.1])
by mail.hostify.vn (Postfix) with ESMTP id 0FFB9166DF7
for <[email protected]>; Wed, 13 Dec 2023 08:26:57 +0700 (+07)
Received: from mail.hostify.vn ([127.0.0.1])
by localhost (mail.hostify.vn [127.0.0.1]) (amavisd-new, port 10032)
with ESMTP id EaHftMvBvz9k for <[email protected]>;
Wed, 13 Dec 2023 08:26:56 +0700 (+07)
Received: from localhost (localhost [127.0.0.1])
by mail.hostify.vn (Postfix) with ESMTP id 9CEAE167AA0
for <[email protected]>; Wed, 13 Dec 2023 08:26:56 +0700 (+07)
X-Virus-Scanned: amavisd-new at hostify.vn
Received: from mail.hostify.vn ([127.0.0.1])
by localhost (mail.hostify.vn [127.0.0.1]) (amavisd-new, port 10026)
with ESMTP id Y2hw8khgynlj for <[email protected]>;
Wed, 13 Dec 2023 08:26:56 +0700 (+07)
Received: from [88.209.206.208] (unknown [88.209.206.208])
by mail.hostify.vn (Postfix) with ESMTPSA id 9CF741675DA
for <[email protected]>; Wed, 13 Dec 2023 08:26:55 +0700 (+07)
From: Admin Helpdesk <[email protected]>
To: [email protected]
Subject: Password Verification For [email protected]
Date: 12 Dec 2023 17:26:54 -0800
Message-ID: <[email protected]>
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_0012_CFC45DD6.E88DD181"
From what I can conclude, the SPF for [email protected] was correct and sender is "spoofed" in the header as [email protected]
However there is no way SPF for [email protected] to be correct.
Today I installed some tool called pypolicyd-spf
, but as long as I was able to check, it also check only mail from:
SMTP command and not email headers.
Am I missing something or may be using wrong tool for the job?