Re: Backup mx relay got rejected due to SPF

2017-11-18 Thread Noel Jones
On 11/18/2017 12:54 PM, Benny Pedersen wrote: > /dev/rob0 skrev den 2017-11-18 18:36: > >> Again, as Noel said twice upthread, it makes more sense to do the >> whitelisting in Postfix rather than in the policy server.  Just a >> simple check_client_access lookup, an example of which was given >> a

Re: Backup mx relay got rejected due to SPF

2017-11-18 Thread Benny Pedersen
/dev/rob0 skrev den 2017-11-18 18:36: Again, as Noel said twice upthread, it makes more sense to do the whitelisting in Postfix rather than in the policy server. Just a simple check_client_access lookup, an example of which was given already. why not help resolve policyd-spf-perl to have whit

Re: Backup mx relay got rejected due to SPF

2017-11-18 Thread /dev/rob0
On Fri, Nov 17, 2017 at 02:56:17PM -0800, Gao wrote: > Is there anything I can configure it to whitelist my backup mx IP? Again, as Noel said twice upthread, it makes more sense to do the whitelisting in Postfix rather than in the policy server. Just a simple check_client_access lookup, an exam

Re: Backup mx relay got rejected due to SPF

2017-11-18 Thread Dominic Raferd
On 18 November 2017 at 14:46, Benny Pedersen wrote: > Dominic Raferd skrev den 2017-11-18 09:55: > > I conclude that, for me, blocking on the basis of spf would have a >> negligible effect on my incoming spam and an unacceptable level of >> false positives. Obviously other people's mileage might

Re: Backup mx relay got rejected due to SPF

2017-11-18 Thread Benny Pedersen
Dominic Raferd skrev den 2017-11-18 09:55: I conclude that, for me, blocking on the basis of spf would have a negligible effect on my incoming spam and an unacceptable level of false positives. Obviously other people's mileage might vary. and opendmarc have spf bugs :/

Re: Backup mx relay got rejected due to SPF

2017-11-18 Thread Dominic Raferd
This thread has prompted me to look at my opendmarc log records - these cover all incoming mails to my mailservers, not only those from senders that use dmarc. Helpfully, the logs show the pure spf test results; these actually come from policyd-spf which I run with 'defaultSeedOnly = 1' so it merel

Re: Backup mx relay got rejected due to SPF

2017-11-17 Thread Benny Pedersen
Gao skrev den 2017-11-17 23:56: Is there anything I can configure it to whitelist my backup mx IP? http://search.cpan.org/dist/Net-CIDR/CIDR.pm

Re: Backup mx relay got rejected due to SPF

2017-11-17 Thread Gao
In the perl script /usr/local/sbin/postfix-policyd-spf-perl, (got from https://launchpad.net/postfix-policyd-spf-perl/) I see these code: # -- #    handler: relay exemption # --

Re: Backup mx relay got rejected due to SPF

2017-11-17 Thread Scott Kitterman
The man page explains how to do it, but it's not the most user friendly package. The Python implementation is much more mature and easier to configure. It can be found in your distribution/OS packaging system, on pypi, or at https://launchpad.net/pypolicyd-spf . Scott K On November 17, 2017

Re: Backup mx relay got rejected due to SPF

2017-11-17 Thread Noel Jones
On 11/17/2017 3:47 PM, Benny Pedersen wrote: > Gao skrev den 2017-11-17 22:26: > >> I couldn't figure out how to whitelist the backup mx on the >> destitution server. > > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=468388 > > i dont know if thats resolved or not > > following this link he

Re: Backup mx relay got rejected due to SPF

2017-11-17 Thread Noel Jones
On 11/17/2017 2:34 PM, Gao wrote: > Hi, > > I just built a postfix mail server(mail.mytestmx.com) with > PostfixAdmin, SPF and DKIM.,etc. It works very well. Now I try to > use the new built server as the backup mail server of another server > (zeta.othermx.com), so I add a backup domain in Postfi

Re: Backup mx relay got rejected due to SPF

2017-11-17 Thread Benny Pedersen
Gao skrev den 2017-11-17 22:26: I couldn't figure out how to whitelist the backup mx on the destitution server. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=468388 i dont know if thats resolved or not following this link here https://answers.launchpad.net/postfix-policyd-spf-perl/+ques

Re: Backup mx relay got rejected due to SPF

2017-11-17 Thread Gao
Thank you all for the help. Well, then how do I whitelist in SPF? I am using openspf (postfix-policyd-spf-perl) on both server. At the end of my master.cf, I have: policy unix  -   n   n   - -   spawn     user=nobody argv=/usr/bin/perl /usr/local/sbin/postfix-policyd-s

Re: Backup mx relay got rejected due to SPF

2017-11-17 Thread Benny Pedersen
Gao skrev den 2017-11-17 21:34: So what is the solution here? Should I add the mail.mytestmx.com to zeta.othermx.com's SPF record and make it trust it? If so are there any risk? yes recipient validation on backup mx mta, eq dont accept mails that cant be delivered the error is that mx dont

RE: Backup mx relay got rejected due to SPF

2017-11-17 Thread Fazzina, Angelo
Hi, to me it looks like email from= to= Came in and was cleaned Nov 17 11:13:00 mail MailScanner[9148]: Content Checks: Detected and have disarmed web bug, phishing tags in HTML message in 9202040121F2.A6CDC from communicati

Re: Backup mx relay got rejected due to SPF

2017-11-17 Thread Scott Kitterman
On Friday, November 17, 2017 12:34:06 PM Gao wrote: > Hi, > > I just built a postfix mail server(mail.mytestmx.com) with PostfixAdmin, > SPF and DKIM.,etc. It works very well. Now I try to use the new built > server as the backup mail server of another server (zeta.othermx.com), > so I add a backu

Backup mx relay got rejected due to SPF

2017-11-17 Thread Gao
Hi, I just built a postfix mail server(mail.mytestmx.com) with PostfixAdmin, SPF and DKIM.,etc. It works very well. Now I try to use the new built server as the backup mail server of another server (zeta.othermx.com), so I add a backup domain in PostfixAdmin and setup DNS accordingly. Later t