Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 1 subscriber
  • Views 2809 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SPF not working any more ?

StephaneGROBETY
Hello,

It seems that the SPF check is failing in some conditions. Specifically, I think it fails to validate local mail domains.

Here is the specifics:

I have a domain with a valid SPF record. That SPF record defines the list of IP addresses that can send mail on behalf of the domain and ends with "-all" 

POP/IMAP mail is handled (as it should) by an internal mail server while all SMTP traffic is handled by Astaro (with the antispam option enabled).

Today, I got a "bounce" from the Astaro machine. It isn't really a bounce, just a spammer who tried to send a mail to webmaster@mydomain.com with a return address (and sender) of webmaster@mydomain.com.

That message was actually accepted by Astaro and relayed to the internal mail server (which rejected it).

Since the domain has a valid SPF record, since AStaro has SPF validation on and since the sender IP address isn't part of the allowed sender IP per the SPF, how come the bounce was generated at all ?


This thread was automatically locked due to age.
Parents
  • 0
    What shows up in the Astaro SMTP log for that email?  Sometime before 8.303, the DKIM results started appearing in the log - I wonder if SPF now does, too.

    Also, you might check your exceptions - it's not unusual for people to exempt their own domain for some checks.

    Any luck?

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0
    What shows up in the Astaro SMTP log for that email?  Sometime before 8.303, the DKIM results started appearing in the log - I wonder if SPF now does, too.

    Also, you might check your exceptions - it's not unusual for people to exempt their own domain for some checks.

    Any luck?

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
  • 0 in reply to BAlfson
    Hello,

    Nope, I didn't exclude my own domain domain from SPF check (or any other antispam check).

    I don't quite understand it though: since that bounce, I saw other similar messages being bounced by Astaro because of failed SPF checks. 

    I also saw messages that should have been bounced by SPF actually go through (notably phishing spam "from" Paypal)

    In fact, it seems that, from time to time, Astaro fails to perform (or take into account) SPF validation. It's certainly not a permanent issue since I can see plenty of SPF bounce (which I find very satisfying: should DKIM or SPF be mandatory, we'd have way less of a spam problem).
Cookie Information Banner