SPF misconfiguration (or maybe misunderstanding)

Discussion in 'ISPConfig 3 Priority Support' started by Honza, Jan 6, 2017.

  1. Honza

    Honza Member HowtoForge Supporter

    Hi guys,
    firstly - I have to admit that I didn't do any search because quite honestly I don't know what to look for - no error logs no nothing just spam keeps coming in :/

    What I want - I want to reduce spam as currently I get a lot of awful spams from "myself" ie.
    From: honza@example.com
    To: honza@example.com
    Subject: Re: Salary [$1000 /week]
    (I suppose you get these as well)

    What I did:
    I tried to follow the instructions here: https://www.howtoforge.com/hardening-postfix-for-ispconfig-3
    I added the TXT record to my NS hosting provider (Cloudflare):
    Code:
    v=spf1 ip4:185.X.XX.XX -all
    Where the 185.X.XX.XX is my VPS IP address used for email hosting.

    I followed the part in the article: "SPF Check For Postfix (Debian And Ubuntu)"
    apt-get install postfix-policyd-spf-python + did the edits necessary + /etc/init.d/postfix reload and the awful spams from "myself" are still coming.

    Any Ideas?

    Thanks!
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    Please post the complete mail headers of such a spam email.
     
  3. Honza

    Honza Member HowtoForge Supporter

    here is complete header:

    Code:
    Return-Path:    <my-forwarded-email@example.com>
    Delivered-To:    honza@example.com
    Received:    from localhost (localhost [127.0.0.1]) by myVPS.reversedns.com (Postfix) with ESMTP id 8AA6722682 for <my-forwarded-email@example.com>; Thu, 5 Jan 2017 02:53:57 +0000 (UTC)
    X-Virus-Scanned:    Debian amavisd-new at myVPS.reversedns.com
    Received:    from myVPS.reversedns.com ([127.0.0.1]) by localhost (myVPS.reversedns.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WKwEmRXR19vL for <my-forwarded-email@example.com>; Thu, 5 Jan 2017 02:53:57 +0000 (UTC)
    Received-SPF:    Permerror (SPF Permanent Error: Two or more type TXT spf records found.) identity=mailfrom; client-ip=103.XX.XX.XX; helo=[103.XX.XX.XX]; envelope-from=my-forwarded-email@example.com; receiver=my-forwarded-email@example.com
    Received:    from [103.XX.XX.XX] (unknown [103.XX.XX.XX]) by myVPS.reversedns.com (Postfix) with ESMTP id 79A7921093 for <my-forwarded-email@example.com>; Thu, 5 Jan 2017 02:53:51 +0000 (UTC)
    Message-ID:    <5FEB51E2CEE5587DC973C0ECC77A5FEB@J4XEV1F00MA>
    From:    my-forwarded-email@example.com
    To:    my-forwarded-email@example.com
    Subject:    Re: Salary [$1500 /week]
    Date:    5 Jan 2017 15:34:40 +0600
    MIME-Version:    1.0
    Content-Type:    multipart/alternative; boundary="----=_NextPart_000_0046_01D26739.020E2227"
    X-Priority:    3
    X-MSMail-Priority:    Normal
    X-Mailer:    Microsoft Outlook Express 6.00.2900.5931
    X-MimeOLE:
    Produced By Microsoft MimeOLE V6.00.2900.5994
    
    
    Dear my-forwarded-email,
    
    We are looking for employees working remotely.
    
    My name is Marvin, I am the personnel manager of a large International company.
    Most of the work you can do from home, that is, at a distance.
    Salary is $2900-$5600.
    
    If you are interested in this offer, please visit Our Site
    
    Good day!
    I think the potential issue is this: Received-SPF: Permerror (SPF Permanent Error: Two or more type TXT spf records found.)

    Which is true - I do have 2 SPF records - one for sparkpost.com and one for my own VPS (185.X.XX.XX), is it an issue in general?
     
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    There should be just one spf record for a domain, you can allow multiple IP addresses and hostnames in one spf record.
     

Share This Page