Disable SPF for policy bank

Klaus Vink Slott list-s at vink-slott.dk
Mon Oct 5 20:15:58 CEST 2015


Sorry. It might be due to my limited English but I am not sure how to
apply your answer to my situation.

On 04-10-2015 - 20:04 Benny Pedersen wrote:
> On October 4, 2015 6:30:46 PM Klaus Vink Slott <list-s at vink-slott.dk>
> wrote:
> 
>> Is there a way to disable SPF check when a specific policy bank is
>> loaded or am I following the wrong path here?
> 
> add the forwarding host ip to domain spf, if not possible add the
> forwarding ip to spamassassin trusted_networks
If you by "forwarding host" mean my outgoing relay server, then it is
already in my SPF record. I dont think any other server should be in my
SPF record - as this is the only server I want other people to accept
mail (from my domain) from.
This server relays mail from several other servers, some wordpress blogs
and other stuff running in VMs at different locations. IP of these mail
sources are all in trusted_networks.

> i assume here its all your ips and domains,
they are and all mail is send from the original server with the final
domain as sender.

> its important that spf knows all border ips, else it will fail, 
Yes it fails on my *relay host*, and that is why I want to disable SFP
check at that host - but only disabled for mail received from my own
trusted hosts.
I somehow feel that I have an error in my configuration - this is not
very different from a mail server sitting on a company border, relaying
mails from inside users/servers to the world.
I would think that SPF should disabled using some magic setting in the
relevant policy bank - the one loaded for "local"/outgoing mail.

> but to
> make it not possible for spammers to miss use spf, then its better to
> add it to spf then ignore ips in forwarding hosts, main problem with spf
> is that envelope sender changes on the forward host
When the mail is forwarded from my relay host, then the final receiver
will see the mail arriving from the correct ip and not fail SPF.

-- 
Regards
Klaus


More information about the amavis-users mailing list