Re: SPF softfail when mail has been forwarded from another domain
On Sun, August 13, 2006 10:46, Andreas Pettersson wrote: > What can I do to prevent this from happening? generic there is 2 solutions 1: stop using forwarding 2: setup trusted_networks to include ip of the forwarding mta's ip both should help on your problem forwarding realy sooks -- Benny
Re: SPF softfail when mail has been forwarded from another domain
Loren Wilton wrote: I've noticed a problem. We receive a few legit mails that has travelled through a forwarder. That causes some problems for the SPF check. Since the mail claiming to be from hotmail clearly doesn't arrive directly from one of the machines listed in hotmail's spf record, the SPF_SOFTFAIL kicks in another 1.4 points. What can I do to prevent this from happening? What you've described is the basic problem with SPF. It works fine as long as things don't get forwarded, or otherwise come form unauthorized sources - like the salesman closing a deal down at the corner wireless hotspot and sending the deal in directly from his laptop. There are only three things you can do if this is causing you a problem: 1 Disable SPF checks 2 Reduce the score on some or all of the SPF checks 3 Whitelist or otherwise provide a positive adjustment for specific senders. None of those are particularly attractive things to do. However, you might have to do one of them. Now, there is another consideration. The SPF check is only adding 1.4 points. If your limit is the default 5 points, then you need to hit a few other rules before the mail becomes a spam. If you have taken the threshold down to something like 2.0 - well, there's your problem. The SPF rules (and all the rules) were scored for a threshold of 5 points. If you are using a lower threshold you should reduce all of the rule scores proportionally. Since that is a big job, it is simpler to just leave the threshold at 5. Loren Thanks for an excellent answer, Loren. I have kept the limit at 5 points, so there's still a pretty comfortable margin, but as long as users continues to write subjects with caps and exclamationmarks (like "IMPORTANT!!!"), together with some html-only, rfc-ignorants and gif attaches theres also the risk of FP. Looking at the 3rd option, what would be an effective way to whitelist (or subtract some score from) specific relays? Regards, Andreas
Re: SPF softfail when mail has been forwarded from another domain
I've noticed a problem. We receive a few legit mails that has travelled through a forwarder. That causes some problems for the SPF check. Since the mail claiming to be from hotmail clearly doesn't arrive directly from one of the machines listed in hotmail's spf record, the SPF_SOFTFAIL kicks in another 1.4 points. What can I do to prevent this from happening? What you've described is the basic problem with SPF. It works fine as long as things don't get forwarded, or otherwise come form unauthorized sources - like the salesman closing a deal down at the corner wireless hotspot and sending the deal in directly from his laptop. There are only three things you can do if this is causing you a problem: 1 Disable SPF checks 2 Reduce the score on some or all of the SPF checks 3 Whitelist or otherwise provide a positive adjustment for specific senders. None of those are particularly attractive things to do. However, you might have to do one of them. Now, there is another consideration. The SPF check is only adding 1.4 points. If your limit is the default 5 points, then you need to hit a few other rules before the mail becomes a spam. If you have taken the threshold down to something like 2.0 - well, there's your problem. The SPF rules (and all the rules) were scored for a threshold of 5 points. If you are using a lower threshold you should reduce all of the rule scores proportionally. Since that is a big job, it is simpler to just leave the threshold at 5. Loren
SPF softfail when mail has been forwarded from another domain
Hi all. I've noticed a problem. We receive a few legit mails that has travelled through a forwarder. That causes some problems for the SPF check. Since the mail claiming to be from hotmail clearly doesn't arrive directly from one of the machines listed in hotmail's spf record, the SPF_SOFTFAIL kicks in another 1.4 points. What can I do to prevent this from happening? Are there any generic solution, or am I bound to know from which servers I might receive forwarded mails? I'm running SA 3.1.3 on FreeBSD. Below is a snip of a mail that got hit by softfail because of forwarding. Regards, Andreas Received: from mail.forwardingdomain.com by mail.mydomain.com with smtp (envelope-from <[EMAIL PROTECTED]>) for [EMAIL PROTECTED]; Fri, 11 Aug 2006 14:54:13 +0200 Received: (qmail 13341 invoked by uid 729); 11 Aug 2006 12:54:00 - Delivered-To: [EMAIL PROTECTED] Received: (qmail 13326 invoked from network); 11 Aug 2006 12:53:59 - Received: from bay0-omc3-s32.bay0.hotmail.com by mail.forwardingdomain.com with SMTP; 11 Aug 2006 12:53:59 - Received: from hotmail.com by bay0-omc3-s32.bay0.hotmail.com; Fri, 11 Aug 2006 05:53:57 -0700 Received: from mail pickup service by hotmail.com; Fri, 11 Aug 2006 05:53:57 -0700 Received: from 64.4.19.200 by by109fd.bay109.hotmail.msn.com with HTTP; Fri, 11 Aug 2006 12:53:54 GMT X-Originating-IP: [zz.zz.zz.zz] X-Originating-Email: [EMAIL PROTECTED] X-Sender: [EMAIL PROTECTED] From: "User" <[EMAIL PROTECTED]> To: [EMAIL PROTECTED]
