Spam filter stripping SPF record

Hello, we are using exchange online protection for spam filtering before anything gets to the on premise sonicwall spam filter. When messages do get through, the sonicwalll is marking some of them as SPF failure so they are being blocked. We never had this
issue before on legit messages.
Is there something in EOP that strips SPF records?
Thanks,

Hi,
I think the mechanisms of Anti-Spam of EOP and SPF are different:
SPF record is a text (TXT) record that helps prevent spoofing and phishing by verifying the domain name.
Anti-spam feature in EOP uses Content Filtering policy. For more referernce:
Anti-Spam Protection FAQ
https://technet.microsoft.com/en-us/library/jj937231(v=exchg.150).aspx
EOP features
https://technet.microsoft.com/en-us/library/dn762130(v=exchg.150).aspx
Thanks,
Simon Wu
TechNet Community Support

Similar Messages

SPF Record?

Does anyone know about this? If so is this separate from the MX record? IS it really needed? Opinions please...

The SPF record and the MX record are two different things.
You can get some background concerning SPF records at:
http://www.openspf.org/Introduction
It is a good idea to publish a SPF record; however, (in my opinion) I would set the SPF record so that it will SoftFail ("~all").
Whether to have SpamAssassin evaluate SPF records (by installing the SPF perl module, see the instructions here: http://discussions.apple.com/thread.jspa?messageID=3813471 ) as a method to filter spam is another issue. Pterobyte did a stellar job of evaluating whether or not to do so. You can read his posts concerning this issue here (his conclusion, and I agree, is not to bother):
http://discussions.apple.com/thread.jspa?messageID=3800656
This matter is "kind" of like one of those liberal vs. conservative political issues that many folks have an opinion about, but I'll try and give you my experience with this. Back in January I set SpamAssassin to evaluate SPF records for the purpose of filtering for spam. I eventually removed the filtering for the reasons Pterobyte outlined and the reasons below:
(1) Most Domains SoftFail.
From what I can tell most domains that I was seeing coming through either had no SPF record or had a record that ended in ~a (SoftFail). Given this fact, SpamAssassin wasn't able to make heads-or-tails of most SPF records for spam filtering purposes.
As a side note, SPF seemed hard to implement when a company had several mobile users. So, I got the impression that many companies would just set their SPF to softfail for that reason.
(2) Spammers Can Publish an SPF Record
A spammer can post an SPF record, so SpamAssassin doesn't give a SPF_Pass much weight.
(3) The Rare Exception
The only time I could really see that SPF record evaluation was going to make a solid impact was with domains that had SPF records ending in -a, and the only time that it was going to make a difference was when a spammer was spoofing a domain with a record ending in -a.
I only did this for a few days mind you ... but I just wasn't seeing any spam that met that condition that wouldn't have been caught anyway.
I felt like the load on my server's resources was a bit much given the limited impact the checks were having.

Should I use an SPF Record?

Our site allows people to send a request to various subscribers by email. The emails are sent with the FROM being the requesters email address so that our subscribers can reply to them directly.
In the last week we have received a lot of bounced emails from accounts that don't exist on our server. I think setting up an SPF record could help in this regard.
However, given the way our service works, does it make sense to set up an SPF record?
Any thoughts would be appreciated.
Thanks.

Adding an SPF record would help in regards to people using your domain name as the source of spam messages. It wouldn't have any effect on emails you send out under other people's name, though.
If your server sends out a message from [email protected] your SPF record doesn't come into play at all, but under those circumstances you wouldn't get the bounce message anyway - it would go to [email protected] However, your IP address may get flagged as sending bogus email.
In any case I'd add a SPF record. It's not hard to do, and it helps insulate your domain from problems. There's no downside to having it unless users in your domain regularly send mail from other mail servers (which they shouldn't be doing anyway).

Virtual mail hosts: 255 character limit on SPF records

This one was a surprise to me, and caused a lot of headache, so I thought I'd pass it along.
I'm running multiple virtual mail hosts off of my doughty PowerMac single G5 1.8GHz running OS X Server 10.4.11. Some of the outgoing mail was being bounced as spam because a) there wasn't an SPF record on any of the domains and b) the domain of the mailserver didn't always match the domain of the sender. (Most often, it went out under the hostname of the server, cerberus.limbo.jcf.org—which is useless, since that's a LAN address.)
Trying to be a good citizen (and make sure that all of everyone's mail got through), I added SPF records that explicitly named each and every mailserver on the machine, just so that everything was clear and aboveboard—but they ended up being about 500 characters long.
Fastforward a week or two... and I was having problems with my DNS zones loading—I'd get errors that they'd timed out. After pulling my hair out for a while, I discovered that TXT records have a limit of 255 characters (including spaces, etc.) Some folks running servers on non-OS X Server machines have split the records over multiple TXT records (does that even work?), but you get exactly one TXT record per OS X Server machine: the Comment box.
I've now simplified the SPF records so that they read something like this:
+v=spf1 a mx mx:cerberus.limbo.jcf.org mx:cerberus.jcf.org mx:jcf.org ip:173.164.140.96/30 ip:207.58.140.213/30 include:comcast.businessclass.net include:comcast.com -all+
To translate:
• +v=spf1 a mx+ It authorizes deliveries from any IP listed in the DNS zone, and from any mailserver defined in the zone
• +mx:cerberus.limbo.jcf.org mx:cerberus.jcf.org mx:jcf.org+ It also explicitly authorizes deliveries from the server's main LAN and internet DNS names as well as the domain of the foundation for which I work (and through which emails are occasionally relayed)
• +ip:173.164.140.96/30 ip:207.58.140.213/30+ Next it authorizes the public static IP blocks for the server and the foundation's remote server
• +include:comcast.businessclass.net include:comcast.com+ Finally it includes the domain names of the ISP through which most of the mail are relayed
• -all The last item says that if the mail didn't originate from one of those addresses, it isn't ours.
(I think that I've got that right. If I've botched it anywhere, let me know, okay?)
That's 169 characters. The DNS zones loaded happily, and the mail seems to be going out without getting bounced. So far so good!
(There's probably a way to get the hostname on each email to match the domain from which it is being addressed, but I haven't gotten there yet.)
Message was edited by: David Kudler

Most often, it went out under the hostname of the server, cerberus.limbo.jcf.org—which is useless, since that's a LAN address.
You can control this via the myhostname setting in Postfix. This defines the name it uses to identify itself to remote mail servers, which sounds like it'll address a lot of your issues.
I added SPF records that explicitly named each and every mailserver on the machine, just so that everything was clear and aboveboard—but they ended up being about 500 characters long.
OK, this doesn't make sense. You don't need to list every virtual hostname for every domain.
All you need to do is add this specific mail server's address in each domain.
There's no requirement that the hostname of the mail server matches the domain name, so it's entirely valid to create an SPF record in domain1.com that lists mailserver.someotherdomain.com as authoritative. Then, as long as postfix's myhostname says it's mailserver.someotherdomain.com and your reverse DNS resolves to that address your problem is solved.
...but you get exactly one TXT record per OS X Server machine: the Comment box.
Unless you edit your zone file directly and add whatever other records you like. However, given the above, I don't think the 255-character limit should be an issue.
Even if you didn't want to mess with your zone files directly there's still a way around that - SPF allows for an 'include' record which basically tells remote servers to include the record from some other domain, so for each domain you could just tell it to include some other domain's record (which, in turn, could include another domain) allowing virtually unlimited record length (or, at least, 255 characters per domain you manage).
SPF Includes are covered here.
• include:comcast.businessclass.net include:comcast.com Finally it includes the domain names of the ISP through which most of the mail are relayed
Bzzzz. You've now allowed any other customer of comcastbusiness.net and comcast.com to send mail on your behalf. You probably don't want to do that. When you consider that 'comcast.com' includes every one of their residential customers you can see that you really don't want to do that.

Creating SPF records

Having run a few tests on our Server, on of the errors that has come up is that we don't have any SPF records.
Doing a search sends me to the following site, but it always comes up with the error - System Maintenance in progress. Please try again later.
microsoft.com/mscorp/safety/content/technologies/senderid/wizard/
Having looked at some other sites, I come up with different answers.
Here is my example, our website is hosted by another company, but we run our own mail server. I have used the following examples
domain - mydomain.com
mail server ip - 1.2.3.4
One wizard come up with the following to add to my DNS
mydomain.com. IN TXT "v=spf1 ip4:1.2.3.4"
Another wizard comes up with the following
"v=spf1 ip4:1.2.3.4 ?all"
Another wizard comes up with the following
"v=spf1 ip4:1.2.3.4 -all"
Any advice appreciated.
Trevor

Hi
No ones mentioned this that I;ve seen. But the SPF settings get applied to the domain at Nameserver level, so not on the local server, but wherever is configured that
www.mydomain.com - goes to 10.20.30.40 and remote.mydomain.com goes to 1.2.3.4 and mail.mydomain.com go to 1.2.3.4 etc
On the name server you set up a new TXT for .mydomain.com
the values need to have
v=spf1 - to show this is the SPF settings
I would then add the IP's and Domains of any PC authorised to send emails on your behalf
i.e. +ip4:1.2.3.4 +a:mail.mydomain.com +a:remote.mydomain.com - This covers your server doing email directly from it... some SPF servers I've found look for the a record and not IP when tracing back (usually pain ones, so never hurts to add as resolves
to same place)
If your website hosted elsewhere has an email form on it you'll need to authorise your webserver to send on your behalf as it will most likely send from a @mydomain.com email address (your own server could class it as spam if not included)
so +ip4:x.x.x.x(webserver IP) +a:www.mydomain.com
As for the all bit
-all is best - means no one else can pretend to be you. I;ve not used ?all, but due to the experience I'm about to explain it could be useful (saves having to use ~all which makes spf pointless)
If you use -all SPF checkers will only allow emails to come from authorised senders. This leads to a problem with people they email without things set up right... had a few problems. A clients customer, had a spam checker that was offsite, that forwards
the email on to the server. so email goes from SenderA to SpamCheckerB. SpamCheckerB scans the email and then forwards on to mailserverC
MailserverC is also set up to check for spam including SPF..... problems is the email has been 'officially' sent from SpamcheckerB and not SenderA.... thus gets rejected by SPF
If senderA doesn;t use SPF it all goes through fine, or if SPF set to ~all goes through fine
Obviously this is a bad set up at the customers end, but if your client or yourself can not send to certain customers (no matter how misconfigured they are, and it being their fault) has a knock on to the business
So please be aware of that if you use -all which is obviously best. Not sure what ?all would do in this case...
so my setting for your SPF would be
v=spf1 +ip4:1.2.3.4 +a:mail.mydomain.com +a:remote.mydomain.com +ip4:x.x.x.x(webserver IP) +a:www.mydomain.com -all
Hope this helps and gives you some trouble shooting ideas in advance

How do I set an SPF record?

I'm quite unfamiliar with SPF records, but I'm using FreshBooks to invoice my clients. However, my invoices seem to be going to many people's junk and spam folders. Freshbooks is suggesting to set an SPF record to avoid this. Can this be done with icloud emails, or is this specifically for a privately owned domain email?

If you have set up your Domain A-record on the registra to point web traffic to BC you do not set up another A-record in BC.

Nokia 6300 spam filter/blacklist (antispam/liste n...

hello. the option 'spam filter' on my nokia 6300 doesn't exit. However the user guide talk about it. Does someone know the problem?
I need help. thank you.
Moderator note: Non-english section removed. Please post in English.
Message Edited by concordia on 15-Sep-2008 10:33 AM

My questions:
Is possible to configure an account to not to be filtered?
Can I do a rule in ORIG_MAIL_ACCESS with the domain (not address)? or there is another option for this?
No.
It's so easy to "spoof" domain names, that it's really of no use to even try that.
One of the real weaknesses of using RBL is that some of them falsly post many domains. There are other issues, including performance.
You may want to have a look at another product to add onto your system, "SpamAssassin". It's free, open-source software that integrates right into your Messaging Server, and eliminates nearly 99% of the spam coming in. It can be configured to do something similar to RBL, use SPF, keep local databases, to WhiteLists, Black:Lists, etc.

Which mail servers go in SPF records?

It is not clear to me if the mail server that initiates email being sent needs to be in the SPF record or every server the mail relays through in our domain or only the last server that is directly connected to the Internet.
If our mail starts from our Exchange server and is relayed to a spam appliance and relayed again to a Unix mail server and finally out to the Internet, do we only put the last part of the chain in the SPF record (the Unix mail server) or do we also need
the originating mail server (Exchange) and any other servers it relays through included in the SPF record?

My understanding of using SPF records is that you only need to include the server(s) that ultimately delivers the mail out to the internet. When my server receives email from you, it checks for an SPF record that specifies that your server which
it is receiving the mail from is allowed to send the mail.

SPF Record edit to remove worldsecuresystems as an mx:?

How can I remove "mx: include:worldsecuresystems.com" from my SPF Record? I use GMail as my provider, and whether I edit the record or delete it and create a new one, "mx: include:worldsecuresystems.com" gets placed back into the text.
Anybody know why this might be?
WorldSecureSystems is the nameserver, not a mail exchange.
Thanks in advance!
Scott

You're right, it is probably my misunderstanding of the SPF Record at fault here.................... Coupla points, if I could ask for further advice,
(1) BC sends no mail for me. I use it only for web admin. Is it still gonna want to auto-populate its MX: entry into the SPF record?
(2) I'm getting the following error from a kitterman.com spf validation test.........
Input accepted, querying now...
evaluating v=spf1 mx include:worldsecuresystems.com a:google.com mx:ASPMX.L.google.com mx:googlehosted.com mx:zoho.com include:zcsend.net include:spf.ihance.net include:_spf.google.com ~all ...
Results - record processed without error.
The result of the test (this should be the default result of your record) was, ambiguous . The explanation returned was, SPF Ambiguity Warning: No MX records found for mx mechanism: www.greaterintell.com.
Additionally, my email Campaign software cannot verify the SPF portion of an Email Authorization validation. Trying to get things the way they should be................
Bottom line problem is that my penetration rating on email campaigns is not where I would expect it to be, I'm only at about 10%. I must be getting recognized as spam to some degree, some where.........
Appreciate any thoughts you might have.

When i try to set up my icloud account the system says it is sending me an email to verify. I never get the email and it is not in my spam filter. How can i get set up??

when i try to set up my icloud account the system says it is sending me an email to verify. I never get the email and it is not in my spam filter. How can i get set up??

Make sure that your Apple ID is your email address and you do not have any other or old IDs associated with you. Go to www.appleid.apple.com and confirm this info. Make sure that the email address you are trying to sign up with is your primary one.

Is there a Spam filter for Mail? In iOS 5?

I haven't seen this question posted for a couple of years, so I'm curious if iOS 4 has addressed my concern. Can Mail for iPod Touch 4th Generation be set up with some sort of spam filter? I have very good filters associated with my various email accounts at their servers (Gmail, GoDaddy, Earthlink) but all of these accounts pass the spam through to my iPod.
Will this be fixed in iOS 5?
And also ... why do some messages not offer the "Trash Can" icon, but only the multiple button option to "Move to>Trash"?
Thanks

No. iOS5 isn't out yet. We don't know what's in it. But likely there isn't.

How do you set up your spam filter?

Greetings,
I have been fiddling with my spam filter for some time now and I still can't get it to work really good. I use the normal "Exempt if sender is in addressbook & Sender is in previous recipient but NOT "using my full name" because that seems to put everything in spam. I use the toggle "IF ALL CONDITIONS ARE MET". I also add the line "if message is junk mail" then move to trash.
The above does work but not real great.
Furthermore, I made up some more rules such as subject lines contain doctor etc and they work better.
Can someone post what they do in their basic junk mail filtering and custom rules to help me out? Also, when a piece of junk mail ends up by mistake in the junkmail box I click "not junkmail". This never returns the mail to the correct box and just sits there and I have to manually drag it. Is this correct?
//Cheers

Hello Julie.
Your junk filter appears to not be working properly. Try this first:
1. Go to Preferences > Junk Mail and disable junk mail filtering.
2. Quit Mail, then open it again.
3. Go to Preferences > Junk Mail, enable junk mail filtering, and configure it however you wish -- I recommend you to leave it at the default Automatic settings.
4. Reset the junk filter database (Preferences > Junk Mail > Reset).

Amavisd not running, mails not delivered when spam filter is enabled

Hey everyone,
So I've got a slight problem here with a 10.4.11 server. Our spam filter was set to be too tolerant of spam, allowing a threshold 22.0 before bouncing it, so through the command line I edited /etc/amavisd.conf to $sa_kill_level_deflt = 6.0; tag2 is set to 3.0. Then I bounced amavisd via:
sudo /bin/launchctl unload /System/Library/LaunchDaemons/org.amavis.amavisd.plist
sudo /bin/launchctl load /System/Library/LaunchDaemons/org.amavis.amavisd.plist
Well that caused all sorts of whacky issues with the queue. The server couldn't connect to itself and wouldn't deliver any mail, only queue it up. So I went back in to amavisd.conf and changed the parameters back to default, then bounced amavisd again. To no avail. Then I restored from a backup file I had created and bounced amavisd again to no avail.
Finally I removed the junkmail and virus filters via SA, saved, then reenabled them to no avail. Then I just disabled them and mail is flowing again, but I still have 187 messages in my queue that wont get delivered no matter how many times I flush it.
After more research, I issued a ps -U clamav to see if amavisd is running, below are the only results I get:
PID TT STAT TIME COMMAND
1291 ?? Ss 0:00.01 freshclam -d -D -pfreshclam.pid -c 1
I would assume it is NOT running...? I next issued amavisd to see if it throws any errors, and get the following:
ERROR: MISSING REQUIRED BASIC MODULES:
MIME::Parser
BEGIN failed--compilation aborted at /usr/bin/amavisd line 139.
So my next question is how do I repair amavisd so I can get it to run so I can reenable the content filter. Here are the results of postconf in case you need them:
2bounce_notice_recipient = postmaster
access_map_reject_code = 554
address_verify_default_transport = $default_transport
address_verify_local_transport = $local_transport
address_verify_map =
address_verify_negative_cache = yes
address_verify_negative_expire_time = 3d
address_verify_negative_refresh_time = 3h
address_verify_poll_count = 3
address_verify_poll_delay = 3s
address_verify_positive_expire_time = 31d
address_verify_positive_refresh_time = 7d
address_verify_relay_transport = $relay_transport
address_verify_relayhost = $relayhost
address_verify_sender = postmaster
address_verify_service_name = verify
address_verify_transport_maps = $transport_maps
address_verify_virtual_transport = $virtual_transport
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
allow_mail_to_commands = alias, forward
allow_mail_to_files = alias, forward
allow_min_user = no
allow_percent_hack = yes
allow_untrusted_routing = no
alternate_config_directories =
always_bcc =
append_at_myorigin = yes
append_dot_mydomain = yes
application_event_drain_time = 100s
backwards_bounce_logfile_compatibility = yes
berkeley_db_create_buffer_size = 16777216
berkeley_db_read_buffer_size = 131072
best_mx_transport =
biff = yes
body_checks =
body_checks_size_limit = 51200
bounce_notice_recipient = postmaster
bounce_queue_lifetime = 5d
bounce_service_name = bounce
bounce_size_limit = 50000
broken_sasl_auth_clients = no
canonical_maps =
cleanup_service_name = cleanup
command_directory = /usr/sbin
command_expansion_filter = 1234567890!@%-_=+:,./abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ
command_time_limit = 1000s
config_directory = /etc/postfix
content_filter =
daemon_directory = /usr/libexec/postfix
daemon_timeout = 18000s
debug_peer_level = 2
debug_peer_list =
default_database_type = hash
default_delivery_slot_cost = 5
default_delivery_slot_discount = 50
default_delivery_slot_loan = 3
default_destination_concurrency_limit = 20
default_destination_recipient_limit = 50
default_extra_recipient_limit = 1000
default_minimum_delivery_slots = 3
default_privs = nobody
default_process_limit = 100
default_rbl_reply = $rbl_code Service unavailable; $rbl_class [$rbl_what] blocked using $rbl_domain${rbl_reason?; $rbl_reason}
default_recipient_limit = 10000
default_transport = smtp
default_verp_delimiters = +=
defer_code = 450
defer_service_name = defer
defer_transports =
delay_notice_recipient = postmaster
delay_warning_time = 0h
deliver_lock_attempts = 20
deliver_lock_delay = 1s
disable_dns_lookups = no
disable_mime_input_processing = no
disable_mime_output_conversion = no
disable_verp_bounces = no
disable_vrfy_command = no
dont_remove = 0
double_bounce_sender = double-bounce
duplicate_filter_limit = 1000
empty_address_recipient = MAILER-DAEMON
enable_errors_to = no
enable_original_recipient = yes
enable_server_options = yes
error_notice_recipient = postmaster
error_service_name = error
expand_owner_alias = no
export_environment = TZ MAIL_CONFIG
fallback_relay =
fallback_transport =
fast_flush_domains = $relay_domains
fast_flush_purge_time = 7d
fast_flush_refresh_time = 12h
fault_injection_code = 0
flush_service_name = flush
fork_attempts = 5
fork_delay = 1s
forward_expansion_filter = 1234567890!@%-_=+:,./abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ
forward_path = $home/.forward${recipient_delimiter}${extension}, $home/.forward
hash_queue_depth = 1
hash_queue_names = incoming, active, deferred, bounce, defer, flush, hold, trace
header_address_token_limit = 10240
header_checks =
header_size_limit = 102400
helpful_warnings = yes
home_mailbox =
hopcount_limit = 50
html_directory = no
ignore_mx_lookup_error = no
import_environment = MAIL_CONFIG MAIL_DEBUG MAIL_LOGTAG TZ XAUTHORITY DISPLAY
in_flow_delay = 1s
inet_interfaces = all
initial_destination_concurrency = 5
invalid_hostname_reject_code = 501
ipc_idle = 100s
ipc_timeout = 3600s
ipc_ttl = 1000s
line_length_limit = 2048
lmtp_cache_connection = yes
lmtp_connect_timeout = 0s
lmtp_data_done_timeout = 600s
lmtp_data_init_timeout = 120s
lmtp_data_xfer_timeout = 180s
lmtp_destination_concurrency_limit = $default_destination_concurrency_limit
lmtp_destination_recipient_limit = $default_destination_recipient_limit
lmtp_lhlo_timeout = 300s
lmtp_mail_timeout = 300s
lmtp_quit_timeout = 300s
lmtp_rcpt_timeout = 300s
lmtp_rset_timeout = 120s
lmtp_sasl_auth_enable = no
lmtp_sasl_password_maps =
lmtp_sasl_security_options = noplaintext, noanonymous
lmtp_send_xforward_command = no
lmtp_skip_quit_response = no
lmtp_tcp_port = 24
lmtp_xforward_timeout = 300s
local_command_shell =
local_destination_concurrency_limit = 2
local_destination_recipient_limit = 1
local_recipient_maps =
local_transport = local:$myhostname
luser_relay = undeliverable
mail_name = Postfix
mail_owner = postfix
mail_release_date = 20040915
mail_spool_directory = /var/mail
mail_version = 2.1.5
mailbox_command =
mailbox_command_maps =
mailbox_delivery_lock = flock
mailbox_size_limit = 0
mailbox_transport = cyrus
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
maps_rbl_domains =
maps_rbl_reject_code = 554
masquerade_classes = envelope_sender, header_sender, header_recipient
masquerade_domains =
masquerade_exceptions =
max_idle = 100s
max_use = 100
maximal_backoff_time = 4000s
maximal_queue_lifetime = 5d
message_size_limit = 0
mime_boundary_length_limit = 2048
mime_header_checks = $header_checks
mime_nesting_limit = 100
minimal_backoff_time = 1000s
multi_recipient_bounce_reject_code = 550
mydestination = $myhostname,localhost.$mydomain,localhost,mail.mnn.org,$mydomain,youthchannel.o rg,mnn.org
mydomain = mnn.org
mydomain_fallback = localhost
myhostname = mail.mnn.org
mynetworks = 127.0.0.0/8,192.168.0.0/16,216.164.83.160/27
mynetworks_style = host
myorigin = $myhostname
nested_header_checks = $header_checks
newaliases_path = /usr/bin/newaliases
non_fqdn_reject_code = 504
notify_classes = resource, software
owner_request_special = yes
parent_domain_matches_subdomains = debug_peer_list,fast_flush_domains,mynetworks,permit_mx_backup_networks,qmqpd_a uthorized_clients,relay_domains,smtpd_access_maps
permit_mx_backup_networks =
pickup_service_name = pickup
prepend_delivered_header = command, file, forward
process_id_directory = pid
propagate_unmatched_extensions = canonical, virtual
proxy_interfaces =
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks
qmgr_clog_warn_time = 300s
qmgr_fudge_factor = 100
qmgr_message_active_limit = 20000
qmgr_message_recipient_limit = 20000
qmgr_message_recipient_minimum = 10
qmqpd_authorized_clients =
qmqpd_error_delay = 1s
qmqpd_timeout = 300s
queue_directory = /private/var/spool/postfix
queue_file_attribute_count_limit = 100
queue_minfree = 0
queue_run_delay = 1000s
queue_service_name = qmgr
rbl_reply_maps =
readme_directory = /usr/share/doc/postfix
receive_override_options =
recipient_bcc_maps =
recipient_canonical_maps =
recipient_delimiter =
reject_code = 554
relay_clientcerts =
relay_destination_concurrency_limit = $default_destination_concurrency_limit
relay_destination_recipient_limit = $default_destination_recipient_limit
relay_domains = $mydestination
relay_domains_reject_code = 554
relay_recipient_maps =
relay_transport = relay
relayhost =
relocated_maps =
require_home_directory = no
resolve_dequoted_address = yes
resolve_null_domain = no
rewrite_service_name = rewrite
sample_directory = /usr/share/doc/postfix/examples
sender_based_routing = no
sender_bcc_maps =
sender_canonical_maps =
sendmail_path = /usr/sbin/sendmail
service_throttle_time = 60s
setgid_group = postdrop
show_user_unknown_table_name = yes
showq_service_name = showq
smtp_always_send_ehlo = yes
smtp_bind_address =
smtp_connect_timeout = 30s
smtp_data_done_timeout = 600s
smtp_data_init_timeout = 120s
smtp_data_xfer_timeout = 180s
smtp_defer_if_no_mx_address_found = no
smtp_destination_concurrency_limit = $default_destination_concurrency_limit
smtp_destination_recipient_limit = $default_destination_recipient_limit
smtp_enforce_tls = no
smtp_helo_name = $myhostname
smtp_helo_timeout = 300s
smtp_host_lookup = dns
smtp_line_length_limit = 990
smtp_mail_timeout = 300s
smtp_mx_address_limit = 0
smtp_mx_session_limit = 2
smtp_never_send_ehlo = no
smtp_pix_workaround_delay_time = 10s
smtp_pix_workaround_threshold_time = 500s
smtp_quit_timeout = 300s
smtp_quote_rfc821_envelope = yes
smtp_randomize_addresses = yes
smtp_rcpt_timeout = 300s
smtp_rset_timeout = 120s
smtp_sasl_auth_enable = no
smtp_sasl_password_maps =
smtp_sasl_security_options = noplaintext, noanonymous
smtp_sasl_tls_security_options = $var_smtp_sasl_opts
smtp_sasl_tls_verified_security_options = $var_smtp_sasl_tls_opts
smtp_send_xforward_command = no
smtp_skip_5xx_greeting = yes
smtp_skip_quit_response = yes
smtp_starttls_timeout = 300s
smtp_tls_CAfile =
smtp_tls_CApath =
smtp_tls_cert_file =
smtp_tls_cipherlist =
smtp_tls_dcert_file =
smtp_tls_dkey_file = $smtp_tls_dcert_file
smtp_tls_enforce_peername = yes
smtp_tls_key_file = $smtp_tls_cert_file
smtp_tls_loglevel = 0
smtp_tls_note_starttls_offer = no
smtp_tls_per_site =
smtp_tls_scert_verifydepth = 5
smtp_tls_session_cache_database =
smtp_tls_session_cache_timeout = 3600s
smtp_use_tls = no
smtp_xforward_timeout = 300s
smtpd_authorized_verp_clients = $authorized_verp_clients
smtpd_authorized_xclient_hosts =
smtpd_authorized_xforward_hosts =
smtpd_banner = $myhostname ESMTP $mail_name
smtpd_client_connection_count_limit = 50
smtpd_client_connection_limit_exceptions = $mynetworks
smtpd_client_connection_rate_limit = 0
smtpd_client_restrictions = permit_mynetworks reject_rbl_client zen.spamhaus.org reject_rbl_client bl.spamcop.net permit
smtpd_data_restrictions =
smtpd_delay_reject = yes
smtpd_enforce_tls = no
smtpd_error_sleep_time = 1s
smtpd_etrn_restrictions =
smtpd_expansion_filter = \t\40!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghi jklmnopqrstuvwxyz{|}~
smtpd_hard_error_limit = 20
smtpd_helo_required = no
smtpd_helo_restrictions =
smtpd_history_flush_threshold = 100
smtpd_junk_command_limit = 100
smtpd_noop_commands =
smtpd_null_access_lookup_key =
smtpd_policy_service_max_idle = 300s
smtpd_policy_service_max_ttl = 1000s
smtpd_policy_service_timeout = 100s
smtpd_proxy_ehlo = $myhostname
smtpd_proxy_filter =
smtpd_proxy_timeout = 100s
smtpd_pw_server_security_options = gssapi,cram-md5,login,plain
smtpd_recipient_limit = 1000
smtpd_recipient_overshoot_limit = 1000
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination,permit
smtpd_reject_unlisted_recipient = yes
smtpd_reject_unlisted_sender = no
smtpd_restriction_classes =
smtpd_sasl_application_name = smtpd
smtpd_sasl_auth_enable = yes
smtpd_sasl_exceptions_networks =
smtpd_sasl_local_domain =
smtpd_sasl_security_options = noanonymous
smtpd_sasl_tls_security_options = $smtpd_sasl_security_options
smtpd_sender_login_maps =
smtpd_sender_restrictions =
smtpd_soft_error_limit = 10
smtpd_starttls_timeout = 300s
smtpd_timeout = 300s
smtpd_tls_CAfile =
smtpd_tls_CApath =
smtpd_tls_ask_ccert = no
smtpd_tls_auth_only = no
smtpd_tls_ccert_verifydepth = 5
smtpd_tls_cert_file =
smtpd_tls_cipherlist =
smtpd_tls_dcert_file =
smtpd_tls_dh1024_param_file =
smtpd_tls_dh512_param_file =
smtpd_tls_dkey_file = $smtpd_tls_dcert_file
smtpd_tls_key_file =
smtpd_tls_loglevel = 0
smtpd_tls_received_header = no
smtpd_tls_req_ccert = no
smtpd_tls_session_cache_database =
smtpd_tls_session_cache_timeout = 3600s
smtpd_tls_wrappermode = no
smtpd_use_pw_server = yes
smtpd_use_tls = no
soft_bounce = no
stale_lock_time = 500s
strict_7bit_headers = no
strict_8bitmime = no
strict_8bitmime_body = no
strict_mime_encoding_domain = no
strict_rfc821_envelopes = no
sun_mailtool_compatibility = no
swap_bangpath = yes
syslog_facility = mail
syslog_name = postfix
tls_daemon_random_bytes = 32
tls_daemon_random_source =
tls_random_bytes = 32
tls_random_exchange_name = ${config_directory}/prng_exch
tls_random_prng_update_period = 60s
tls_random_reseed_period = 3600s
tls_random_source =
trace_service_name = trace
transport_maps =
transport_retry_time = 60s
trigger_timeout = 10s
undisclosed_recipients_header = To: undisclosed-recipients:;
unknown_address_reject_code = 450
unknown_client_reject_code = 450
unknown_hostname_reject_code = 450
unknown_local_recipient_reject_code = 550
unknown_relay_recipient_reject_code = 550
unknown_virtual_alias_reject_code = 550
unknown_virtual_mailbox_reject_code = 550
unverified_recipient_reject_code = 450
unverified_sender_reject_code = 450
verp_delimiter_filter = -=+
virtual_alias_domains = $virtual_alias_maps
virtual_alias_expansion_limit = 1000
virtual_alias_maps = $virtual_maps
virtual_alias_recursion_limit = 1000
virtual_destination_concurrency_limit = $default_destination_concurrency_limit
virtual_destination_recipient_limit = $default_destination_recipient_limit
virtual_gid_maps =
virtual_mailbox_base =
virtual_mailbox_domains = $virtual_mailbox_maps
virtual_mailbox_limit = 51200000
virtual_mailbox_lock = fcntl
virtual_mailbox_maps =
virtual_minimum_uid = 100
virtual_transport = virtual
virtual_uid_maps =
TIA for an help!
Andrew

To get the queue going, issue:
sudo postsuper -r ALL
That said, I would think you initially introduced a typo in amavisd.conf. Next you probably restored amavisd and amavisd.conf files which were incompatible with each other and/or amavis incompatible with the updated perl modules of the latest security update.
To fix things, I would re-apply the latest combo updater and security updates (assuming you are running stock versions and have not installed your own versions of amavisd, etc).
If things still do not work, please post the output of:
amavisd -V

Is there a limit to number of conditions I can set in Mail's spam filter?

There seems to be a limit to the amount of conditions I can set in Mail's spam filter. ie there's no scroll bar down the side - the list just goes as long as my computer monitor's length will allow, and that's it.
Is that right - or is there a way to set more than about 28 conditions (in my case).

Tim,
yes, you can add more conditions (I don't know whether this is a limit or not) using AppleScript - the problem with the approach is that you will have somewhat of a hard time editing the rule in Mail after that as the buttons at the bottom of the window will no longer be accessible...
Look at the following AppleScript as an example on how to add a new condition to a rule called "Junk Rule"
Click to open this script in your Script Editor<pre style="font-family: 'Monaco', 'Courier New', Courier, monospace; overflow:auto; padding: 0.2em; font-size: 10px; width:500px">tell application "Mail"
tell rule "Junk Rule"
set theNewCondition to make new rule condition at end of rule conditions
tell theNewCondition
set rule type to subject header
set expression to "viagra"
set qualifier to does contain value
end tell
end tell
end tell</pre>
Andreas

Spam filter stripping SPF record

Similar Messages

Maybe you are looking for