Return-Path: 
 <users-return-109854-apmail-spamassassin-users-archive=spamassassin.apache.org@spamassassin.apache.org>
X-Original-To: apmail-spamassassin-users-archive@www.apache.org
Delivered-To: apmail-spamassassin-users-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 8DA9718C3A
	for <apmail-spamassassin-users-archive@www.apache.org>;
 Mon, 28 Sep 2015 06:23:57 +0000 (UTC)
Received: (qmail 55086 invoked by uid 500); 28 Sep 2015 06:23:54 -0000
Delivered-To: apmail-spamassassin-users-archive@spamassassin.apache.org
Received: (qmail 55056 invoked by uid 500); 28 Sep 2015 06:23:54 -0000
Mailing-List: contact users-help@spamassassin.apache.org; run by ezmlm
Precedence: bulk
list-help: <mailto:users-help@spamassassin.apache.org>
list-unsubscribe: <mailto:users-unsubscribe@spamassassin.apache.org>
List-Post: <mailto:users@spamassassin.apache.org>
List-Id: <users.spamassassin.apache.org>
Delivered-To: mailing list users@spamassassin.apache.org
Received: (qmail 55045 invoked by uid 99); 28 Sep 2015 06:23:54 -0000
Received: from Unknown (HELO spamd4-us-west.apache.org) (209.188.14.142)
    by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 28 Sep 2015 06:23:54 +0000
Received: from localhost (localhost [127.0.0.1])
	by spamd4-us-west.apache.org (ASF Mail Server at spamd4-us-west.apache.org)
 with ESMTP id 996C0C0596
	for <users@spamassassin.apache.org>; Mon, 28 Sep 2015 06:23:53 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at spamd4-us-west.apache.org
X-Spam-Flag: NO
X-Spam-Score: 0.995
X-Spam-Level: 
X-Spam-Status: No, score=0.995 tagged_above=-999 required=6.31
	tests=[KAM_LAZY_DOMAIN_SECURITY=1, RP_MATCHES_RCVD=-0.006,
	URIBL_BLOCKED=0.001] autolearn=disabled
Received: from mx1-us-west.apache.org ([10.40.0.8])
	by localhost (spamd4-us-west.apache.org [10.40.0.11]) (amavisd-new,
 port 10024)
	with ESMTP id NJ4Yu68PJ8yA for <users@spamassassin.apache.org>;
	Mon, 28 Sep 2015 06:23:41 +0000 (UTC)
Received: from mailout04.t-online.de (mailout04.t-online.de [194.25.134.18])
	by mx1-us-west.apache.org (ASF Mail Server at mx1-us-west.apache.org) with
 ESMTPS id 8A4C620562
	for <users@spamassassin.apache.org>; Mon, 28 Sep 2015 06:23:41 +0000 (UTC)
Received: from fwd26.aul.t-online.de (fwd26.aul.t-online.de [172.20.26.131])
	by mailout04.t-online.de (Postfix) with SMTP id D3FAD482F34
	for <users@spamassassin.apache.org>; Mon, 28 Sep 2015 08:23:39 +0200 (CEST)
Received: from musicman.homeip.net
 (Vmn58oZ-ZhUHliWLF9ZVmODrHy9Fg-TjeqUgB5jUS4KdRiRTIAsEL7+Vdhxq9Kwg1v@[93.233.87.234])
 by fwd26.t-online.de
	with (TLSv1:DHE-RSA-AES256-SHA encrypted)
	esmtp id 1ZgRqX-0PhnSy0; Mon, 28 Sep 2015 08:23:33 +0200
Received: (qmail 7836 invoked by uid 94); 28 Sep 2015 06:23:32 -0000
Received: from 192.168.75.9 by amadeus3 (envelope-from
 <wolfgang@noten5.maas-noten.de>, uid 82) with qmail-scanner-1.24
 (hbedv: 6.28.0.18/6.28.0.83. localrules: ???.  
 Clear:RC:1(192.168.75.9):.
 Processed in 0.023904 secs); 28 Sep 2015 06:23:32 -0000
DomainKey-Status: no signature
Received: from unknown (HELO noten5.maas-noten.de) (192.168.75.9)
  by amadeus3.local with SMTP; 28 Sep 2015 06:23:32 -0000
Received: (qmail 23211 invoked by uid 1000); 28 Sep 2015 06:24:40 -0000
Date: 28 Sep 2015 06:24:40 -0000
From: hamann.w@t-online.de
Subject: Re: SPAM from our own domain 
To: users@spamassassin.apache.org
Message-Id: <wolfgang-1150928082440.A0122422@noten5.maas-noten.de>
X-Mailer: TkMail 4.0beta9
Content-type: text/plain; charset=utf-8
In-Reply-To: <5608CD5A.9090502@motec.com.au> 
X-Qmail-Scanner-1.24: added fake MIME-Version header
MIME-Version: 1.0
X-ID: Vmn58oZ-ZhUHliWLF9ZVmODrHy9Fg-TjeqUgB5jUS4KdRiRTIAsEL7+Vdhxq9Kwg1v
X-TOI-MSGID: a577d0d2-0d36-4f38-a849-1a961b8a1e41

>> 
>> Hi Benny,
>> 
>> thanks for your email.
>> 
>> On 28/09/15 13:29, Benny Pedersen wrote:
>> > Tom Robinson skrev den 2015-09-28 05:02:
>> >
>> >> From tenayad@qka.com Thu Sep 24 13:    29:50 2015
>> >
>> > is this the envelope sender domain ?
>> 
>> I believe so. How can I be sure?
>> 
>> >
>> >> From:    "Incoming Fax" <Incoming.Fax@motec.com.au>
>> >
>> > is this unsigned dkim domain ?
>> >
>> Sorry to be a noob. What do you mean here?
>> 
>> >
>> > begin setup spf and dkim signing
>> We have a TXT record in DNS for spf. I'm not sure what to do with DKIM.
>> 
>> >
>> > use pypolicyd-spf in mta stage
>> 
>> Is that package going to work with qmail? If it does work with qmail, will it install on CentOS 5?
>> 
>> Kind regards,
>> Tom
>> 
>> 
Hi Tom,

I have installed dkim on qmail (not sure about details, it is working since a few years)
Your original post said there was SPF fail on the incoming message, so you could already
score on that.
I have enabled plugin support on qmail (not sure whether that is contained in your package),
and I have worked on qmail-scanner-queue.pl
Both are good places to add extra filtering. The plugin would outright reject mail,
where qmail-scanner would rather tag it as "potential virus"
So if you are very sure that nobody in your organisation would ever send from your domain
through a different mail server (maybe when sending from a mobile), you should probably use
the plugin. A plugin is an executable (script) that reads ENV variables like SMPTMAILFROM
and SMTPRCPTTO and either does nothing or outputs a single line of text like
E550 your mail is not welcome. Go away

Regards
Wolfgang