Hi, I'm using python-policyd-spf with postfix as a check_policy_service and having some trouble with domains very broadly being whitelisted. My policy is to reject on mailfrom fail. However, we have few domains that need to be whitelisted, like mycuservices.com, because they are sending from an IP not in their SPF record.
Oct 10 07:55:17 mail01 policyd-spf[590801]: 550 5.7.23 Message rejected due to: SPF fail - not authorized. Please see http://www.openspf.net/Why?s=mfrom;id=depositretu...@mycuservices.com;ip=74.203.184.40;r= <UNKNOWN> However, whitelisting it also brings in all of the servers listed in their SPF record, including microsoft/outlook. I realize it's probably okay to whitelist microsoft/outlook anyway, but I'm unsure of the impact this has on spamassassin and its ability to use the SPF rules. Here is the postfix logs for outlook.com, despite only mycuservices.com being in the whitelist. Oct 13 09:05:40 mail01 policyd-spf[2127431]: prepend X-Comment: SPF skipped for whitelisted relay domain - client-ip=12.20.249.10; helo= zixgateway01.midatlanticcorporate.org; envelope-from= payme...@mycuservices.com; receiver=<UNKNOWN> Header data from an email: >From depositretu...@mycuservices.com Tue Oct 10 07:55:25 2023 Return-Path: <depositretu...@mycuservices.com> X-Comment: SPF skipped for whitelisted relay domain - client-ip=12.20.249.10; helo=zixgateway01.midatlanticcorporate.org; envelope-from=payme...@mycuservices.com; receiver=<UNKNOWN> This is a header from a completely unrelated email, showing outlook.com and consequently this other random domain being whitelisted: X-Comment: SPF skipped for whitelisted relay domain - client-ip=40.107.237.65; helo=nam12-bn8-obe.outbound.protection.outlook.com; envelope-from=carl_willi...@nzinganet.net; receiver=<UNKNOWN> Any ideas on how to handle this would be greatly appreciated.
_______________________________________________ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
