• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • We are looking for U.S.-based freelancer or agency working with SEO or WordPress for a quick 30-min interviews to gather feedback on XOVI, a successful German SEO tool we’re looking to launch in the U.S.
    If you qualify and participate, you’ll receive a $30 Amazon gift card as a thank-you. Please apply here. Thanks for helping shape a better SEO product for agencies!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Question Block IP via SPF local rules

J

Jose Maria Sarachaga

New Pleskian
Server operating system version
Ubuntu 20.04.5 LTS
Plesk version and microupdate number
Plesk Obsidian 18.0.47 Update #5
Hello everyone

I'd like to block incoming email from certain IP's via SPF local rules in Plesk. Currently i'm blocking these IP's via Plesk Firewall and is working fine, BUT i have no trace of it.
By blocking on Firewall the connection is never established nor logged, and if i could block via SPF local rules it would get logged.

Reading about SPF record syntax i see "include" and "+ip4" keywords, and at the very end "-all", but i can't find something like "-ip4:x.x.x.x" or "exclude:x.x.x.x".

Since this email server has very strict policies among SPF, DKIM and firewall rules, sometimes i have the problem of legit emails not coming in (new senders) because they don't care about mail authentication/reputation/security/spf so i need to have more information on the failed delivery to explain the customer/sender why emails are not getting in.

Correct email configuration is underrated, there's a lack of knowledge of many people and rather take the time to make my customer's customers get things right. I rather struggle with this than struggle with ransomware or leakage.

Any hints?
 
SPF only allows to specify which servers are authorized to send email for a specific domain. There is no mechanism within SPF that allows for blocking of specific IP addresses or domains. Other than a firewall, which you are already using, I have no alternative suggestions for you.

Jose Maria Sarachaga said:
Correct email configuration is underrated, there's a lack of knowledge [...]
Click to expand...
Sadly I feel this is true :(
 
Jose Maria Sarachaga said:
Hello everyone

I'd like to block incoming email from certain IP's via SPF local rules in Plesk. Currently i'm blocking these IP's via Plesk Firewall and is working fine, BUT i have no trace of it.
By blocking on Firewall the connection is never established nor logged, and if i could block via SPF local rules it would get logged.
Click to expand...

That's to me the main problem of the firewall, that it doesn't log anything. Several customers complain about the relatively minor spam attacks they get without knowing the ammount of stuff that doesn't get through, and we can't present them with any evidence otherwise.

Sadly I dont' have an answer to the original question, but maybe a combination of custom SPF and SpamAssassin rules could work? Maybe someone with better understanding of those tools could help.
 
JVG said:
Sadly I dont' have an answer to the original question, but maybe a combination of custom SPF and SpamAssassin rules could work? Maybe someone with better understanding of those tools could help.
Click to expand...
Just a note that in our Warden Anti-spam and Virus protection 3.0 release we added the ability to reject IP addresses or CIDRs at the SMTP level. Take a look at the Mail Server Access section in our announcement:

 
JVG said:
maybe a combination of custom SPF and SpamAssassin rules could work? Maybe someone with better understanding of those tools could help.
Click to expand...
Oops! I meant SpamAssassin custom rule and fail2ban custom filter, one for logging and the other for blocking based on the logged entry.
 
You must log in or register to reply here.

Similar threads

F
Issue SOGo - emails sent from webmail, both manually created and autoresponder/vacation/out-of-office, are rejected. They miss spf, dkim, dmarc, everything
Replies
1
Views
406
Farfalk
F
V
Issue Need Help with DKIM and SPF
Replies
2
Views
1K
nayoung109
N
C
Question Analysing Sender IP in Mail Headers
Replies
0
Views
2K
Change Maker
C
P
Issue SPF error sending IP 127.0.0.1
Replies
10
Views
4K
MrZuru
M
D
Issue Migration Manager
Replies
6
Views
1K
alapshin
A
Back
Top