Back to Community Threads
3
Does SmarterMaill run SPF check on something more than return-path?
Question asked by William Leaver - 2/5/2021 at 4:28 PM
Unanswered
Consider these first two headers from an incoming email that failed SPF:

Return-Path: <bounces+15088242-88b7-[redacted]@front-mail.found.app>
Received: from o6.front-mail.frontapp.com (o6.front-mail.frontapp.com [168.245.4.42]) by mail.[redacted] with SMTP
    (version=TLS\Tls12
    cipher=Aes256 bits=256);
   Fri, 5 Feb 2021 15:15:45 -0600
Here's the header showing the SPF failure:

X-SmarterMail-Spam: Reverse DNS Lookup [Passed]: 0, Null Sender: 0, Message Sniffer [code:0]: 0, SPF [Fail]: 10, DK [None]: 0, DKIM [Pass]: 0, SpamHaus DBL [count:1]: 20
Here's the SPF record for front-mail.found.app:

v=spf1 include:sendgrid.net ~all

Here's the SPF record for sendgrid.net:

v=spf1 ip4:167.89.0.0/17 ip4:208.117.48.0/20 ip4:50.31.32.0/19 ip4:198.37.144.0/20 ip4:198.21.0.0/21 ip4:192.254.112.0/20 ip4:168.245.0.0/17 ip4:149.72.0.0/16 ~all

The sending IP of this email was 168.245.4.42, which is covered by ip4:168.245.0.0/17 from the sendgrid SPF record, so why did it fail SPF?

Is SmarterMail checking the FROM header as well, and wouldn't that be against the SPF spec?
Secure HostingBusiness EmailLive Streaming

5 Replies

Reply to Thread
0
Douglas Foster Replied
2/7/2021 at 12:39 PM
Your analysis seems correct, so you should open a support ticket.
0
Ron Raley Replied
2/7/2021 at 8:34 PM
The SPF spec indicates a record can have up to 10 DNS lookups.

I don't know how this is counted.  In this example, is SmarterMail performing 1 DNS lookup, or 8?
0
Sébastien Riccio Replied
2/7/2021 at 9:10 PM
Here it should count at most 2 lookups.
The lookup to get the domain SPF and the lookup of the sengrid include.

IIRC it counts a lookup everytime it needs to do a DNS lookup, so that is not needed on IP/ranges values.
Sébastien Riccio
System & Network Admin
0
Steve Norton Replied
2/8/2021 at 3:08 AM
'Antispam/Spam Checks/SPF' does have an option to 'Scan From header instead of Return Path'. This is against the spec and should not be used. Is it enabled in your case?
0
William Leaver Replied
2/15/2021 at 1:32 PM
Steve:

Yep I poked through the AntiSpam settings about a week ago and found that option was checked and causing the problem. Came back today to update in case anyone else ends up in the same nuckleheaded situation lol.
Secure HostingBusiness EmailLive Streaming
Back to Community Threads

Reply to Thread

Related Knowledge Base Articles

Set up Autodiscover for SmarterMailSmarterMail > Installation and Configuration
Messages from Trusted Senders are going to my Junk folderSmarterMail > Troubleshooting
Set up SmarterMail as an IIS Site in IIS 10SmarterMail > Server Configuration and Management
Set Up a MAPI Account in Outlook 2016 or 2019 for WindowsSmarterMail > Desktop and Mobile Synchronization
Deploying Rspamd For Use With SmarterMailSmarterMail > Server Configuration and Management