Solved

SPF_SOFTFAIL on local mail

Posted on 2008-10-21
8
851 Views
Last Modified: 2013-12-09
Hi!

Apparently SPF records do not get checked when receiving mail from local senders (e.g. when I send mail to myself). However, SpamAssassin's SPF_SOFTFAIL rule still kicks in. It probably doesn't matter much since that rule isn't going to bump up the score high enough on genuine local mail to get tagged but still something that should get fixed regardless ....

Any ideas/help would be appreciated.
0
Comment
Question by:Julian Matz
  • 4
  • 4
8 Comments
 
LVL 4

Expert Comment

by:urgoll
ID: 22777197
Hello,
if SpamAssassin triggers a SPF_SOFTFAIL, then it means that you do have a SPF record for your domain. If so, you should either:
- modify your SPF record to allow mail from local sources
- configure spamassassin to NOT do SPF checks on your domain using:
whitelist_from_spf *@example.com

but that would allow spammers to spoof your own domain, thus reducing the usefulness of SPF checks.

Regards,
Christophe
0
 
LVL 21

Author Comment

by:Julian Matz
ID: 22778436
Hi Christophe,

I do have SPF set up for my domain. It seems to be set up correctly and when I run tests using my mail server's IPs they all result in SPF Pass. Postfix also seems to be set up correctly since I can see (SPF none | SPF pass | SPF softfail) in message headers. It's just when I send mail from one of my own accounts to myself that (presumably) Postfix doesn't check SPF but SA does. Does this make sense?
0
 
LVL 4

Expert Comment

by:urgoll
ID: 22779092
How do you send emails to yourself ? Do you sent your SMTP server on your mail client to your postfix server on port 25, or do you use some other server ?

Assuming you are using postfix as your SMTP server, then it is not doing the SPF check as it hits the 'permit_mynetworks' smtpd restriction rule. However, SpamAssassin has no such knowledge of 'allowed local subnets' and doesn't make a difference between original submission and relaying. So you may have to add to your SPF record your local network addresses as allowed senders.
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 21

Author Comment

by:Julian Matz
ID: 22779204
I use my mail client (Mozilla Thunderbird) to connect to my SMTP server (Postfix) on port 25.

These are the headers I receive:

X-Spam-Status: No, score=-1.3 required=5.0 tests=AWL,BAYES_00,RDNS_NONE,
      SPF_SOFTFAIL autolearn=no version=3.2.3

Received: from [127.0.0.1] (unknown [CLIENT_IP_ADDRESS])
      by MAIL_SERVER_FQDN (Postfix) with ESMTP id 7C00B5AE
      for <info@xxxxx.com>; Tue, 21 Oct 2008 20:56:44 +0100 (IST)


Do you mean add 127.0.0.1 to my SPF record?
0
 
LVL 4

Accepted Solution

by:
urgoll earned 500 total points
ID: 22779281
Yes, if you were to add 'ip4:127.0.0.1' to your SPF record, the problem would likely go away.

Also note that you have this test failing: RDNS_NONE

which means that your DNS server isn't probably configured to resolve the reverse lookup of 127.0.0.1. It should reverse to 'localhost' and 'localhost' should resolve to 127.0.0.1

Regards,
Christophe
0
 
LVL 21

Author Comment

by:Julian Matz
ID: 22779892
Ok, I know how rDNS works in general, but not sure about local/internal IPs.

When I type following:
$ host 127.0.0.1

I get this:
1.0.0.127.in-addr.arpa domain name pointer localhost.

I thought it would be more likely that the RDNS_NONE rule was being applied to my client IP assigned (by my ISP) to the machine from which I sent the email?
0
 
LVL 4

Expert Comment

by:urgoll
ID: 22780763
RDNS_NONE applies to the client IP address as seen from Postfix. In this case:

Received: from [127.0.0.1] (unknown [CLIENT_IP_ADDRESS])
      by MAIL_SERVER_FQDN (Postfix) with ESMTP id 7C00B5AE
      for ; Tue, 21 Oct 2008 20:56:44 +0100 (IST)

it appears to be the localhost.

Anyway, it doesn't seem to matter. I also noticed in the SpamAssassin that RDNS_NONE can sometimes be triggered regardless of the actual rDNS status for trusted sources. Tis may be the case.

0
 
LVL 21

Author Closing Comment

by:Julian Matz
ID: 31508557
Thanks!
0

Featured Post

Gigs: Get Your Project Delivered by an Expert

Select from freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Easy CSR creation in Exchange 2007,2010 and 2013
The new Gmail Phishing Scam going around is surprising even the savviest of users with its sophisticated techniques.
Familiarize people with the process of utilizing SQL Server functions from within Microsoft Access. Microsoft Access is a very powerful client/server development tool. One of the SQL Server objects that you can interact with from within Microsoft Ac…
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…

816 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now