Loren Wilton wrote:
I've noticed a problem. We receive a few legit mails that has
travelled through a forwarder. That causes some problems for the SPF
check.
Since the mail claiming to be from hotmail clearly doesn't arrive
directly from one of the machines listed in hotmail's spf record, the
SPF_SOFTFAIL kicks in another 1.4 points.
What can I do to prevent this from happening?
What you've described is the basic problem with SPF. It works fine as
long as things don't get forwarded, or otherwise come form
unauthorized sources - like the salesman closing a deal down at the
corner wireless hotspot and sending the deal in directly from his laptop.
There are only three things you can do if this is causing you a problem:
1 Disable SPF checks
2 Reduce the score on some or all of the SPF checks
3 Whitelist or otherwise provide a positive adjustment for specific
senders.
None of those are particularly attractive things to do. However, you
might have to do one of them.
Now, there is another consideration. The SPF check is only adding 1.4
points. If your limit is the default 5 points, then you need to hit a
few other rules before the mail becomes a spam. If you have taken the
threshold down to something like 2.0 - well, there's your problem.
The SPF rules (and all the rules) were scored for a threshold of 5
points. If you are using a lower threshold you should reduce all of
the rule scores proportionally. Since that is a big job, it is simpler
to just leave the threshold at 5.
Loren
Thanks for an excellent answer, Loren.
I have kept the limit at 5 points, so there's still a pretty comfortable
margin, but as long as users continues to write subjects with caps and
exclamationmarks (like "IMPORTANT!!!"), together with some html-only,
rfc-ignorants and gif attaches theres also the risk of FP.
Looking at the 3rd option, what would be an effective way to whitelist
(or subtract some score from) specific relays?
Regards,
Andreas