Hello,
We are currently receiving phishing emails using our own domain as sender and Sophos let them in despite our SPF record in "mydomain.org" DNS :
v=spf1 mx ~all
We are using Sophos XG310 18.0.4 MR-4 acting as a transparent proxy
In the example below the SPF check should fail since "se.seeddoor.live" is not listed in our SPF record :
Return-Path: <admin@mydomain.org>
Received: from mx2.mydomain.org (LHLO mx2.mydomain.org) (192.168.1.4) by
mx2.mydomain.org with LMTP; Tue, 30 Mar 2021 22:07:51 +0200 (CEST)
Received: from localhost (localhost [127.0.0.1])
by mx2.mydomain.org (Postfix) with ESMTP id 8C8D91DC0BE9
for <mathieu@mydomain.org>; Tue, 30 Mar 2021 22:07:51 +0200 (CEST)
X-Virus-Scanned: amavisd-new at mydomain.org
X-Spam-Flag: NO
X-Spam-Score: 4.678
X-Spam-Level: ****
X-Spam-Status: No, score=4.678 required=6.6 tests=[BAYES_50=0.8,
HTML_MESSAGE=0.001, MIME_HTML_ONLY=0.1, SPF_HELO_NONE=0.001,
SPF_NONE=0.001, TO_EQ_FM_DOM_HTML_ONLY=1.37, URIBL_BLOCKED=0.001,
URI_WP_HACKED=2.404] autolearn=no autolearn_force=no
Received: from mx2.mydomain.org ([127.0.0.1])
by localhost (mx2.mydomain.org [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id mnkapsi0itcd for <mathieu@mydomain.org>;
Tue, 30 Mar 2021 22:07:51 +0200 (CEST)
Received: from se.seeddoor.live (gw.mydomain.org [192.168.1.1])
by mx2.mydomain.org (Postfix) with ESMTPS id 0B86E1DC0BBE
for <mathieu@mydomain.org>; Tue, 30 Mar 2021 22:07:50 +0200 (CEST)
From: admin@mydomain.org
To: mathieu@mydomain.org
Subject: mydomain.org Mail Urgent Notification!
Am I missing something ? Is there another way in Sophos XG to drop emails using our own domain but not coming from our own IPs ?
Regards.
Mathieu
This thread was automatically locked due to age.
