Hi,
It appears that entries included in my postscreen_access_list are
being used to also bypass SPF checks by policyd-spf. Is this
intentional? Would someone explain to me how this works?
smtpd_recipient_restrictions =
...
check_policy_service unix:private/policy-spf,
postscreen_access_list =
permit_mynetworks,
cidr:$config_directory/postscreen_access.cidr,
cidr:$config_directory/gmail_whitelist.cidr,
cidr:$config_directory/postscreen_spf_whitelist.cidr,
cidr:$config_directory/bec-ranges.cidr
The gmail_whitelist and postscreen_spf_whitelist are auto-generated by
the stevejenkins postwhite scripts. It is here where the IPs for
domains like salesforce, gmail/google, microsoft and amazonaws are
listed which are being whitelisted.
The problem I'm having is policyd-spf adds an X-Comment header in the
email which I believe is related to how my welcomelist_auth entries
work with spamassassin. Even though the email passes SPF and/or DKIM,
it doesn't pass my welcomelist_auth entries initially.
X-Comment: SPF skipped for whitelisted relay domain -
client-ip=13.110.6.221; helo=smtp14-ph2-sp4.mta.salesforce.com;
[email protected]; receiver=<UNKNOWN>
Somehow policyd-spf is impacting my welcomelist_auth entries and I
don't understand how.
