Byteplant Forum

Home » CleanMail Support » CleanMail Server Talk » Turn of SPF checks?
Turn of SPF checks? [message #1884] Wed, 09 January 2008 21:00
MTR
Messages: 3
Registered: January 2008
Junior Member
Hi there,

is it possible to turn off the SPF checks? Some of my incoming mails are from a tool that connects to a POP3 Inbox and delivers mail to my mailserver. So the IP-adress of the connecting SMTP client is the IP-adress from my server (192.168.0.101).

1.1 SPF_FAIL SPF: sender does not match SPF record (fail)
[SPF failed: Please see http://www.openspf.org/why.html?sender=uk.customerservices%40example.com&ip=192.168.0.101&receiver=tserv.txr.local]


Because of this, every SPF check on a POP3 mail which comes from a known SPF host will fail

"tserv.txr.local rejected a message that claimed an envelope sender address of uk.customerservices@example.com.
tserv-001.taxacher.local received a message from 192.168.0.101 that claimed an envelope sender address of uk.customerservices@example.com.

However, the domain example.com has declared using SPF that it does not send mail through 192.168.0.101. That is why the message was rejected."



Is it possible to disable this SPF checks? How can I disable this SPF checks?


Kind regards,
Markus

Re: Turn of SPF checks? [message #1885 is a reply to message #1884] Fri, 11 January 2008 14:07 Go to previous message
support
Messages: 919
Registered: April 2004
Senior Member
> is it possible to turn off the SPF checks? Some of my incoming
> mails are from a tool that connects to a POP3 Inbox and
> delivers mail to my mailserver. So the IP-adress of the
> connecting SMTP client is the IP-adress from my server
> (192.168.0.101).
>
> 1.1 SPF_FAIL SPF: sender does not match SPF
> record (fail)
> [SPF failed: Please see
> http://www.openspf.org/why.html?sender=uk.customerservices%40example.com&ip=192.168.0.101&receiver=tserv.txr.local]
>
>
> Because of this, every SPF check on a POP3 mail which comes
> from a known SPF host will fail
>
> "tserv.txr.local rejected a message that claimed an envelope
> sender address of uk.customerservices@example.com.
> tserv-001.taxacher.local received a message from 192.168.0.101
> that claimed an envelope sender address of
> uk.customerservices@example.com.
>
> However, the domain example.com has declared using SPF that it
> does not send mail through 192.168.0.101. That is why the
> message was rejected."
>
>
>
> Is it possible to disable this SPF checks? How can I disable
> this SPF checks?

The easiest way to disable SPF checks is to remove the

loadplugin Mail::SpamAssassin::Plugin::SPF

line in sa\ruleset\init.pre.



Customer Support
Byteplant GmbH
Re: Turn off SPF checks? [message #1886 is a reply to message #1884] Fri, 11 January 2008 14:48 Go to previous message
James Wilkinson
Messages: 14
Registered: July 2007
Junior Member
You probably don't want to do that. Instead, set trusted_networks to include all your ISP's mailservers through which incoming e-mail comes (and all your local mailservers, and any backup mailservers that your ISP runs for you).

trusted_networks should be set in the sa\ruleset\local.cf file.

"Trusted", in this case, merely means that you trust your ISP not to deliberately put bogus information there.

If you do this, SpamAssassin won't run SPF against 192.168.0.101. It will look further back through the received headers to the computer which sent the e-mail to your ISP, and check whether SPF permits that computer to send e-mail from that domain to you -- in other words, it will use SPF in the way it's supposed to be used.

As an additional benefit, this means that SpamAssassin can properly run network checks against the computer that sent the e-mail to your ISP, and can also add points to the score if the sending computer name looks dodgy. In other words, SpamAssassin will run better.

Worked example: if e-mail that comes in through this POP3 mail has headings like this:

Received: from pop3.example.net ([192.168.0.101]) by tserv-001.taxacher.local([192.168.1.223], envelope-sender=) with POP3 (noSPAMtoday 3.0.5.1); Fri, 07 Dec 2007 11:07:45 +0000
Received: from smtp.example.net ([194.1.3.121]) by pop3.example.net; Fri, 07 Dec 2007 11:07:35 +0000 (GMT)
Received: from mail.com ([1.2.4.7]) by smtp.example.net; Fri, 07 Dec 2007 11:07:23 +0000 (GMT)

you might have
trusted_networks 192.168.0.0/16 194.1.3.0/24
because you trust pop3.example.net and smtp.example.net, but you don't trust the computer calling itself mail.com.

SpamAssassin would then do an SPF check for the domain example.com against 1.2.4.7.

See also http://wiki.apache.org/spamassassin/TrustedRelays
Re: Turn off SPF checks? [message #1887 is a reply to message #1886] Fri, 11 January 2008 20:56 Go to previous message
MTR
Messages: 3
Registered: January 2008
Junior Member
Thanks you for your replies! I will try to use this TrustedRelays thing, sounds interesting. Otherwise I will disable SPF Plugin as suggested above, but both solutions will help me with that problem. Thank you guys!
Previous Topic: Server hammered by rejected messages
Next Topic: sa-update for version 2.3.5.7?
Goto Forum:
  


Current Time: Fri Dec 02 23:19:40 CET 2016