13 Replies

Reply to Thread

echoDreamz Replied

12/21/2017 at 11:25 AM

If you are running SPF checks at the SMTP level, trusted senders does nothing to bypass that. You would have to be running the SPF checks on the "spool" only.

Matt Petty Replied

12/21/2017 at 12:20 PM

Employee Post

If SPF is failing with SPF_SOFTFAIL or SPF_FAIL then the trust put into trusted sender is lost, and thus we don't set the score to 0, and it will get processed just like any other message. This is a security feature.

Matt Petty Senior Software Developer SmarterTools Inc. www.smartertools.com

jktieman Replied

12/21/2017 at 2:09 PM

In the log, it says _SPF (fail). I don't know if that means soft or hard. It's the DoD and I have to let there mail thru. What can I do?

echoDreamz Replied

12/21/2017 at 9:00 PM

_SPF FAIL is equal to the SPF record value "-all" the SOFTFAIL is equal to "~all". This depends on the domain owner's SPF record.

The - mechanism is the domain owner saying the host is NOT allowed to send mail and reject.
The ~ mechanmism is the domain owner saying eh, you may want to flag the email for review, but accept.

echoDreamz Replied

12/21/2017 at 9:01 PM

Your best option is to either whitelist all their IPs, which if their SPF is not fully covering all their IPs, may not be possible. Or simply disable the SPF checks.

echoDreamz Replied

12/21/2017 at 9:04 PM

According to their SPF record...

v=spf1 ip4:214.24.21.65/26 ip4:214.24.22.65/26 ip4:214.24.24.65/26 ip4:214.24.26.65/26 ip4:214.24.27.65/26 ~all

They are using a "softfail". You should not reject on soft fails. For us, we score 20, which is 10 below our 30 reject score. It will be greylisted and asked to try again (assuming they do not fail any other RBL checks).

jktieman Replied

12/22/2017 at 6:39 AM

Under Settings > Anti-spam > Options, I set Content Filter Bouncing from: Require Message Pass SPF if SPF Record Exists to Disabled. It looks like a mail.mil email came thru to a couple of people. What have I exposed myself to by disabling Content Filter Bouncing?
My SMTP Blocking settings are:
Incoming Weight - 10
Graylisting Weight - 20
Outgoing Weight = 20
Are these the only 2 places to set variables related to SPF Pass/Fail?

echoDreamz Replied

12/22/2017 at 6:51 AM

I would not enable content filter bouncing at all. Good way to be blacklisted for backscattering. SPF settings can be changed under anti spam settings. It is certainly possible that they may be sending from ips that are not in their spf. It happens. Do you happen to have the IP address they were sending from when sm failed the message?

jktieman Replied

12/22/2017 at 9:38 AM

Generating server: ukel19pa17.eemsg.mail.mil

rwarner@truenorthhotels.com
[208.112.64.65] #<[208.112.64.65] #5.0.0 smtp; 5.3.0 - Other mail system problem 554-'Sending address not accepted due to spam filter' (delivery attempts: 0)> #SMTP#

Original message headers:

Received: from edge-mech01.mail.mil ([214.21.130.101]) by ukel19pa17.eemsg.mail.mil with ESMTP; 20 Dec 2017 15:12:50 +0000
Received: from UMECHPAOO.easf.csd.disa.mil (214.21.130.42) by edge-mech01.mail.mil (214.21.130.101) with Microsoft SMTP Server (TLS) id 14.3.361.1; Wed, 20 Dec 2017 15:11:50 +0000
Received: from UMECHPA67.easf.csd.disa.mil ([169.254.5.142]) by umechpaoo.easf.csd.disa.mil ([214.21.130.42]) with mapi id 14.03.0361.001; Wed, 20 Dec 2017 15:11:50 +0000