When a stranger uses a local address SPF check gets ignored completely

Discussions on webmail and the Professional version.
Post Reply
marcotibben
Posts: 15
Joined: Fri Aug 31, 2012 2:59 pm

When a stranger uses a local address SPF check gets ignored completely

Post by marcotibben »

Hi,

I'm getting really sick and tired of this problem and really believe its a mailenable shortcoming.

- I do not want to activate the 'authenticated users can spoof sender addresses', because that brought me all kinds of trouble with costumers who have specific software solutions which uses its own smtp servers and people who use Hotmail or gmail with external pop3 accounts, and costumers who use external newsletter solutions.. and then can't mail with people on my server.. so please don't state that as an answer...

- i have SPF records installed, and all works perfectly.. UNTIL.. someone spoofs the e-mailaddress.. suddenly mailenable does no attempt whatsoever to look at the SPF records..? it just completely ignores the SPF check, there is no mention of it in the header, while all other mail does have that mention.. just because some external spammer says he's someone else and puts a false e-mail address in the from field? That's clearly a security risk! Logfiles clearly state its an SMTP-IN activity and in no way a registered user of the system, just a external spammer sending mail to my server. So why just ignore all SPF checks?!? You should really fix this, because fishing maill is coming in in bucketloads. I would love to have ALL incoming e-mails SPF checked.

marcotibben
Posts: 15
Joined: Fri Aug 31, 2012 2:59 pm

Re: When a stranger uses a local address SPF check gets ignored completely

Post by marcotibben »

well it's great to have this many responses to this serious problem.. thanks!
in addition to solving this very annoying problem (lets call it a bug) I went through the debug log.. which states:

05/15/19 13:44:58 ME-I0101: [1832] Whitelisted: Message from ([SMTP:example@domain.com]) has been whitelisted because the recipient (xxxx/xxxx) has whitelisted the sender.

this while I have NO whitelists enabled in the system at all! whitelists are potential leaks, so I would never use one.. meanwhile hackers use some kind of bug apparently to get mail into the system UNCHECKED..

well.. thats nice! please fix this..! quick..

MailEnable-Ian
Site Admin
Posts: 9738
Joined: Mon Mar 22, 2004 4:44 am
Location: Melbourne, Victoria, Australia

Re: When a stranger uses a local address SPF check gets ignored completely

Post by MailEnable-Ian »

Hi,

The log snippet indicates that the destination mailbox has white listed the sender address.

05/15/19 13:44:58 ME-I0101: [1832] Whitelisted: Message from ([SMTP:example@domain.com]) has been white listed because the recipient (xxxx/xxxx) has whitelisted the sender.

You need to log into the web mail client for recipient xxxx/xxxx and navigate to the "Options" page. Expand the "Spam" node and click on "Whitelist" option. Check the list to see if the recipient has white listed the email address or domain.
Regards,

Ian Margarone
MailEnable Support

marcotibben
Posts: 15
Joined: Fri Aug 31, 2012 2:59 pm

Re: When a stranger uses a local address SPF check gets ignored completely

Post by marcotibben »

MailEnable-Ian wrote:You need to log into the web mail client for recipient xxxx/xxxx and navigate to the "Options" page. Expand the "Spam" node and click on "Whitelist" option. Check the list to see if the recipient has white listed the email address or domain.
Hi Ian, thanks for the reply!

I logged in via the webmail, options, spam.. there is no 'whitelist' option there, only 'Spam Rules'..
in my overall mailenable configuration i have also disabled all whitelisting..

Hence it's very strange the logs saying it's whitelisted.. might spammers have found a bug in mailenable?
I'm using the latest release..

MailEnable-Ian
Site Admin
Posts: 9738
Joined: Mon Mar 22, 2004 4:44 am
Location: Melbourne, Victoria, Australia

Re: When a stranger uses a local address SPF check gets ignored completely

Post by MailEnable-Ian »

Hi,

Navigate within the MailEnable installation path on the server to: Mail Enable\Config\Postoffices\(post office name)\MAILBOXES\(mailbox name)\Senders\Whitelist. Check if there are any files present and delete them. Chances are, that the mailbox whitelisted the address prior to disabaling the whitelist option for web mail.
Regards,

Ian Margarone
MailEnable Support

marcotibben
Posts: 15
Joined: Fri Aug 31, 2012 2:59 pm

Re: When a stranger uses a local address SPF check gets ignored completely

Post by marcotibben »

MailEnable-Ian wrote:Navigate within the MailEnable installation path on the server to: Mail Enable\Config\Postoffices\(post office name)\MAILBOXES\(mailbox name)\Senders\Whitelist. Check if there are any files present and delete them. Chances are, that the mailbox whitelisted the address prior to disabaling the whitelist option for web mail.
There were indeed ..from 2009! ! Thnx for the help, let's hope this fixes it :)

Post Reply