Solved

SPF_SOFTFAIL on local mail

Posted on 2008-10-21
8
862 Views
Last Modified: 2013-12-09
Hi!

Apparently SPF records do not get checked when receiving mail from local senders (e.g. when I send mail to myself). However, SpamAssassin's SPF_SOFTFAIL rule still kicks in. It probably doesn't matter much since that rule isn't going to bump up the score high enough on genuine local mail to get tagged but still something that should get fixed regardless ....

Any ideas/help would be appreciated.
0
Comment
Question by:Julian Matz
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
8 Comments
 
LVL 4

Expert Comment

by:urgoll
ID: 22777197
Hello,
if SpamAssassin triggers a SPF_SOFTFAIL, then it means that you do have a SPF record for your domain. If so, you should either:
- modify your SPF record to allow mail from local sources
- configure spamassassin to NOT do SPF checks on your domain using:
whitelist_from_spf *@example.com

but that would allow spammers to spoof your own domain, thus reducing the usefulness of SPF checks.

Regards,
Christophe
0
 
LVL 21

Author Comment

by:Julian Matz
ID: 22778436
Hi Christophe,

I do have SPF set up for my domain. It seems to be set up correctly and when I run tests using my mail server's IPs they all result in SPF Pass. Postfix also seems to be set up correctly since I can see (SPF none | SPF pass | SPF softfail) in message headers. It's just when I send mail from one of my own accounts to myself that (presumably) Postfix doesn't check SPF but SA does. Does this make sense?
0
 
LVL 4

Expert Comment

by:urgoll
ID: 22779092
How do you send emails to yourself ? Do you sent your SMTP server on your mail client to your postfix server on port 25, or do you use some other server ?

Assuming you are using postfix as your SMTP server, then it is not doing the SPF check as it hits the 'permit_mynetworks' smtpd restriction rule. However, SpamAssassin has no such knowledge of 'allowed local subnets' and doesn't make a difference between original submission and relaying. So you may have to add to your SPF record your local network addresses as allowed senders.
0
How Do You Stack Up Against Your Peers?

With today’s modern enterprise so dependent on digital infrastructures, the impact of major incidents has increased dramatically. Grab the report now to gain insight into how your organization ranks against your peers and learn best-in-class strategies to resolve incidents.

 
LVL 21

Author Comment

by:Julian Matz
ID: 22779204
I use my mail client (Mozilla Thunderbird) to connect to my SMTP server (Postfix) on port 25.

These are the headers I receive:

X-Spam-Status: No, score=-1.3 required=5.0 tests=AWL,BAYES_00,RDNS_NONE,
      SPF_SOFTFAIL autolearn=no version=3.2.3

Received: from [127.0.0.1] (unknown [CLIENT_IP_ADDRESS])
      by MAIL_SERVER_FQDN (Postfix) with ESMTP id 7C00B5AE
      for <info@xxxxx.com>; Tue, 21 Oct 2008 20:56:44 +0100 (IST)


Do you mean add 127.0.0.1 to my SPF record?
0
 
LVL 4

Accepted Solution

by:
urgoll earned 500 total points
ID: 22779281
Yes, if you were to add 'ip4:127.0.0.1' to your SPF record, the problem would likely go away.

Also note that you have this test failing: RDNS_NONE

which means that your DNS server isn't probably configured to resolve the reverse lookup of 127.0.0.1. It should reverse to 'localhost' and 'localhost' should resolve to 127.0.0.1

Regards,
Christophe
0
 
LVL 21

Author Comment

by:Julian Matz
ID: 22779892
Ok, I know how rDNS works in general, but not sure about local/internal IPs.

When I type following:
$ host 127.0.0.1

I get this:
1.0.0.127.in-addr.arpa domain name pointer localhost.

I thought it would be more likely that the RDNS_NONE rule was being applied to my client IP assigned (by my ISP) to the machine from which I sent the email?
0
 
LVL 4

Expert Comment

by:urgoll
ID: 22780763
RDNS_NONE applies to the client IP address as seen from Postfix. In this case:

Received: from [127.0.0.1] (unknown [CLIENT_IP_ADDRESS])
      by MAIL_SERVER_FQDN (Postfix) with ESMTP id 7C00B5AE
      for ; Tue, 21 Oct 2008 20:56:44 +0100 (IST)

it appears to be the localhost.

Anyway, it doesn't seem to matter. I also noticed in the SpamAssassin that RDNS_NONE can sometimes be triggered regardless of the actual rDNS status for trusted sources. Tis may be the case.

0
 
LVL 21

Author Closing Comment

by:Julian Matz
ID: 31508557
Thanks!
0

Featured Post

Free Tool: Postgres Monitoring System

A PHP and Perl based system to collect and display usage statistics from PostgreSQL databases.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Import PST to Exchange using Power Shell new-mailboximportrequest command, you can simply import the PST file into Exchange mailbox or archived. To know How to import PST into Exchange  2013 read the complete article.
As tax season makes its return, so does the increase in cyber crime and tax refund phishing that comes with it
Familiarize people with the process of utilizing SQL Server stored procedures from within Microsoft Access. Microsoft Access is a very powerful client/server development tool. One of the SQL Server objects that you can interact with from within Micr…
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager

697 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question