Postfix allow spam if no SPF is specified

Discussion in 'Tips/Tricks/Mods' started by MaxT, Jul 28, 2017.

  1. MaxT

    MaxT Member HowtoForge Supporter

    with postfix the spam is so easy as don't declare any SPF record, and then postfix always says the message is welcome

    I have received spam with four RBL installed and other restrictions. In the headers of the spammers, I have seen the reason was that no SPF is declared in the other side, and then Postfix always accept it!!!

    Code:
    Received-SPF: None (no SPF record) identity=mailfrom; client-ip=74.6.129.193; helo=sonic309-19.consmr.mail.bf2.yahoo.com; [email protected]; [email protected]
    Received: from sonic309-19.consmr.mail.bf2.yahoo.com (sonic309-19.consmr.mail.bf2.yahoo.com [74.6.129.193])
    
    the only solution is modifying /usr/bin/policyd-spf as this page shows:

    https://serverfault.com/questions/818367/postfix-policyd-spf-reject-none
     
  2. Jesse Norell

    Jesse Norell Well-Known Member

    Rejecting email from domains which do not have SPF records created is a terrible idea for any reasonable mail system - anyone doing so should expect to reject valid mail on a regular basis.
     
  3. MaxT

    MaxT Member HowtoForge Supporter

    why?. I didn't know it.
    I'm looking inside the logs and in these few days I cannot find any legitimate email rejected, only spammers.

    Can you be more specific?. Do you think are many systems without a SPF implementation which are legitimate senders?

    thanks!
     
  4. Jesse Norell

    Jesse Norell Well-Known Member

    Because most domains don't use SPF, so you will block mail from most domains. That doesn't mean you'll block most mail (most any large mail system, the bulk of email for typical sites, does use SPF), just mail from most domains (many of which don't even use email).

    In a quick search, http://spf-all.com/stats.html says 72.7% of domains (of 140 million they've checked) do NOT have an spf policy.
     
    MaxT likes this.
  5. MaxT

    MaxT Member HowtoForge Supporter

    oh...ok. Thanks for the info.
    I will revert the changes
     

Share This Page