2
Is there a way to bypass the SPF check for mails coming from a secure gateway?
Question asked by Gabriele Maoret - SERSIS - 5/18/2021 at 7:34 AM
Unanswered
Scenario:
I have a SmarterMail server on premise on my customer site.
My customer domain (call it CUSTOMER.COM) is hosted by a third party company.
This company has an MX server that accept incoming mail for CUSTOMER.COM, do the SPAM filtering and then formward the mails to the on premise SmarterMail server via my customer public IP via SMTP protocol.

The issue is that all these emails where filtered against SPF and DKIM  by the SmarterMail server and many are then classified as SPAM because (obiouvsly) they fail the SPF o DKIM tests...

I don't want to disable the SPF and DKI tests because I have added the public IP of my customers to the MX records of the domain, but even so many mails ure using the external mx records as a gateway to the SmarterMail server...


So, to solve this issue, can I disable SPF and DKIM tests only for the external MX IP address?
If yes, how?

5 Replies

Reply to Thread
1
Matt Petty Replied
Employee Post
You will want to add the Gateway's IP to your IP Bypass list on the main server, this should cause all those checks the skip the IP and use the 2nd "Received By" 's IP to do the DKIM/SPF checks.

This is found in Antispam on System Admin, don't need to check any boxes, just add it to the list.
Matt Petty
Software Developer
SmarterTools Inc.
(877) 357-6278
www.smartertools.com
0
Hi Matt! Are you sure of this? In your online help I find this note that seems to say that SPF and DKIM are not whitelistest/skipped:

2
Matt Petty Replied
Employee Post
Yes IP Bypasses will still be checked for spam as long as the "Bypass Spamchecks" option is not enabled even then SPF/DKIM might still occur. But the important part is just the fact that it's IN the IP Bypass list will cause it to effectively Skip only that specific "Received by" line.
Matt Petty
Software Developer
SmarterTools Inc.
(877) 357-6278
www.smartertools.com
2
Matt Petty Replied
Employee Post
20190522, enable that log in debug log ids found in troubleshooting and run some tests adding it to the IP Bypass list. This debug log deeply details how we figure out which IP to use when performing SPF/DKIM checks. There are many reasons that cause us to skip the top received by line, if it's whitelisted, if its listed as a incoming gateway, or if it's in the IP Bypass list, the log will detail this.

Oops, did not intend to mark this as answered.
Matt Petty
Software Developer
SmarterTools Inc.
(877) 357-6278
www.smartertools.com
1
OK, thanks!
I will try if this solve my issue!

thanks again

Reply to Thread