ISPConfig SPF

Discussion in 'Installation/Configuration' started by guimnk, Jul 19, 2011.

  1. guimnk

    guimnk Member

    Hi all..

    The next versions of ISPConfig will come with SPF filter installed in postfix?

    Thanks
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    Thats not planned as most large providers dropped spf support already. The reason for that is that nearly 100% of all spammer domains have valid spf records while only some "normal" domains have correct SPF records in their DNS. If you want to use spf anyway, you can configure it in postfix directly.
     
  3. guimnk

    guimnk Member

    Ok..

    I received many rejections from several providers asking SPF...
     
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    Then create a spf record in your dns. Thats not related to installing your own spf filter in postfix.
     
  5. guimnk

    guimnk Member

    I can create the DNS zones and not having the filter SPF postifx? It's correct?
    Look this error:

    Code:
    Jul 19 10:47:34 turbo amavis[1960]: (01960-06) Passed CLEAN, [189.2.157.157] [189.2.157.157] <scomercial@msig.com.br> -> <daiane@scavaseg.com.br>, Message-ID: <C0E2E06195054C2494EBB5D1C362266A@msseg.com.br>, mail_id: ssOWOvnhxVO6, Hits: -0.393, size: 21479, queued_as: 0136550C081D, 6123 ms
    Jul 19 11:05:26 turbo postfix/policy-spf[6330]: : Policy action=PREPEND Received-SPF: none (msig.com.br: No applicable sender policy available) receiver=turbo.macromind.com.br; identity=mailfrom; envelope-from="scomercial@msig.com.br"; helo=mail.ms-seg.com.br; client-ip=189.2.157.157
    Jul 19 11:05:27 turbo postfix/policy-spf[6330]: 910CF50C081D: Policy action=PREPEND Received-SPF: none (msig.com.br: No applicable sender policy available) receiver=turbo.macromind.com.br; identity=mailfrom; envelope-from="scomercial@msig.com.br"; helo=mail.ms-seg.com.br; client-ip=189.2.157.157
    
     
  6. falko

    falko Super Moderator ISPConfig Developer

    Yes, you just need to create an SPF record for your domain on your name server.
     
  7. zbuzanic

    zbuzanic Member

    Maybe not a right place for this question, but wonder if this is correct SPF usage in DNS templates:
    TXT|{DOMAIN}.|v=spf1 ip4:1.2.3.4 include:_spf.google.com ~all|3600
     
  8. falko

    falko Super Moderator ISPConfig Developer

    Use this instead:

    Code:
    TXT|{DOMAIN}.|v=spf1 ip4:1.2.3.4 include:_spf.google.com ~all[COLOR="Red"]|0|[/COLOR]3600 
     
  9. george_yohng

    george_yohng New Member

    Just something I'd like to point out -

    As far as I know, ISPConfig doesn't properly escape/scramble SPF in its routing, so if a domain has a 'hard' SPF record - ISPConfig will fail to forward these messages.

    What would be the proper way to configure ISPConfig to escape SPF properly when forwarding or sending a copy to another address?

    So in the following configuration the mail may get lost:

    - Mail sent from hello@example.com (example.com has a hard SPF record)

    - Mail is sent to: foo@ispconfig.host.com

    - ispconfig.host.com forwards it to foo@gmail.com

    - GMAIL rejects ispconfig.host.com, because it doesn't match SPF record in the originating example.com domain of the mail source.

    - E-mail is lost
     
  10. Ovidiu

    Ovidiu Active Member

    Is SRS the (only) solution to this? Does it open another can of worms? Any advice?
    I'd like to follow this howto but am unsure about all the implications: https://www.mind-it.info/2014/02/22/forward-postfix-spf-srs/
     

Share This Page