HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   Server Operation (http://www.howtoforge.com/forums/forumdisplay.php?f=5)
-   -   SPF in Postfix not working (http://www.howtoforge.com/forums/showthread.php?t=61486)

garson 17th April 2013 11:56

SPF in Postfix not working
 
Hi.
I have Ubuntu 11.04 with Postfix+Dovecot (virtual users).
I have implemented SPF in Postfix, according to this How to:
http://www.howtoforge.com/postfix_spf

I've downloaded latest postfix-policyd-spf-perl (2.010), set everything up, and tested it, as in How to.
That worked fine, and I can see postfix/policy-spf entries in syslog.
But when receiving emails, nothing happens, emails are received without SPF check. In syslog there aren't any postfix/policy-spf entries, everything as there is not postfix-policyd-spf-perl.
What could be the problem?

Thanks in advance,
Vlad

markc 17th April 2013 16:56

Have you checked incoming mail from domains that actually contain SPF DNS records? It won't work for all mail unless the senders domain has an SPF record and they do, or not, send out via the authorized mailserver IP. Even so, the "TXT" record (usually TXT, could be SPF) has to end with "-all" to force a hard fail.

garson 17th April 2013 17:04

Well, I've tried to send email as someuser@somedomain.com from smtp server in my company, that somedomain.com has SPF record (checked with online SPF tool), and I receive that email.
When I send email to my gmail account, I get it, but with softfail.

markc 17th April 2013 17:54

That could be the issue, if the end of the SPF record is not "-all" (hardfail) then the email will still (probably) be delivered. A softfail is meant to be picked up in the next layer of mail software after SMTP delivery. It's usually then managed by seive/maildrop filtering or end user client programs.

I could be way off base but it would be worth checking from a domain with SPF hardfail set, and then maybe postfix will drop it at the SMTP level. I could set up a test case if you are desperate.

garson 17th April 2013 22:06

Thanks, markc.
But email received by gmail has Received-SPF: softfail, and one received by my email server does not.
I used same data (sender/receiver etc.) for testing (perl /usr/lib/postfix/policyd-spf-perl ) and for sending real email. When testing there were entries in syslog.
That is why I think that SPF check is not working at all (not triggered).


All times are GMT +2. The time now is 17:33.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.