How do I get the DoD's, mail.mil domain to pass a SPF check?
Question asked by jktieman - December 21, 2017 at 5:55 AM
Unanswered
I have added mail.mil to the trusted sender list, but it still fails.  

13 Replies

Reply to Thread
0
echoDreamz Replied
If you are running SPF checks at the SMTP level, trusted senders does nothing to bypass that. You would have to be running the SPF checks on the "spool" only.

Christopher

0
Matt Petty Replied
Employee Post
If SPF is failing with SPF_SOFTFAIL or SPF_FAIL then the trust put into trusted sender is lost, and thus we don't set the score to 0, and it will get processed just like any other message. This is a security feature.
Matt Petty
Software Developer
SmarterTools Inc.
(877) 357-6278
www.smartertools.com
0
jktieman Replied
In the log, it says _SPF (fail). I don't know if that means soft or hard. It's the DoD and I have to let there mail thru. What can I do?
0
echoDreamz Replied
_SPF FAIL is equal to the SPF record value "-all" the SOFTFAIL is equal to "~all". This depends on the domain owner's SPF record.

The - mechanism is the domain owner saying the host is NOT allowed to send mail and reject.
The ~ mechanmism is the domain owner saying eh, you may want to flag the email for review, but accept.

Christopher

0
echoDreamz Replied
Your best option is to either whitelist all their IPs, which if their SPF is not fully covering all their IPs, may not be possible. Or simply disable the SPF checks.

Christopher

0
echoDreamz Replied
According to their SPF record...

v=spf1 ip4:214.24.21.65/26 ip4:214.24.22.65/26 ip4:214.24.24.65/26 ip4:214.24.26.65/26 ip4:214.24.27.65/26 ~all

They are using a "softfail". You should not reject on soft fails. For us, we score 20, which is 10 below our 30 reject score. It will be greylisted and asked to try again (assuming they do not fail any other RBL checks).

Christopher

0
jktieman Replied
Under Settings > Anti-spam > Options, I set Content Filter Bouncing from: Require Message Pass SPF if SPF Record Exists to Disabled. It looks like a mail.mil email came thru to a couple of people. What have I exposed myself to by disabling Content Filter Bouncing?
My SMTP Blocking settings are:
Incoming Weight - 10
Graylisting Weight - 20
Outgoing Weight = 20
Are these the only 2 places to set variables related to SPF Pass/Fail?
0
echoDreamz Replied
I would not enable content filter bouncing at all. Good way to be blacklisted for backscattering. SPF settings can be changed under anti spam settings. It is certainly possible that they may be sending from ips that are not in their spf. It happens. Do you happen to have the IP address they were sending from when sm failed the message?

Christopher

0
jktieman Replied
Generating server: ukel19pa17.eemsg.mail.mil

rwarner@truenorthhotels.com
[208.112.64.65] #<[208.112.64.65] #5.0.0 smtp; 5.3.0 - Other mail system problem 554-'Sending address not accepted due to spam filter' (delivery attempts: 0)> #SMTP#

Original message headers:

Received: from edge-mech01.mail.mil ([214.21.130.101]) by ukel19pa17.eemsg.mail.mil with ESMTP; 20 Dec 2017 15:12:50 +0000
Received: from UMECHPAOO.easf.csd.disa.mil (214.21.130.42) by edge-mech01.mail.mil (214.21.130.101) with Microsoft SMTP Server (TLS) id 14.3.361.1; Wed, 20 Dec 2017 15:11:50 +0000
Received: from UMECHPA67.easf.csd.disa.mil ([169.254.5.142]) by umechpaoo.easf.csd.disa.mil ([214.21.130.42]) with mapi id 14.03.0361.001; Wed, 20 Dec 2017 15:11:50 +0000
0
jktieman Replied
Then in the Smartermail Smtp log is
Sending address not accepted due to spam filter
Mail rejected due to SMTP spam blocking: _SPF (fail)
0
echoDreamz Replied
Is rwarner@truenorthhotels.com the sender?

Christopher

0
jktieman Replied
rwarner is my guy. He is the receiver and truenorthhotels.com is my Smartermail server
0
echoDreamz Replied
Do you have the sender's address?

Christopher

Reply to Thread