Back to Community Threads
2
Is there a way to bypass the SPF check for mails coming from a secure gateway?
Question asked by Gabriele Maoret - SERSIS - 5/18/2021 at 7:34 AM
Unanswered
Scenario:
I have a SmarterMail server on premise on my customer site.
My customer domain (call it CUSTOMER.COM) is hosted by a third party company.
This company has an MX server that accept incoming mail for CUSTOMER.COM, do the SPAM filtering and then formward the mails to the on premise SmarterMail server via my customer public IP via SMTP protocol.

The issue is that all these emails where filtered against SPF and DKIM  by the SmarterMail server and many are then classified as SPAM because (obiouvsly) they fail the SPF o DKIM tests...

I don't want to disable the SPF and DKI tests because I have added the public IP of my customers to the MX records of the domain, but even so many mails ure using the external mx records as a gateway to the SmarterMail server...


So, to solve this issue, can I disable SPF and DKIM tests only for the external MX IP address?
If yes, how?
Gabriele Maoret - Head of SysAdmins at SERSIS
Currently manages 6 SmarterMail installations (1 in the cloud for SERSIS which provides services to a few hundred third-party email domains + 5 on-premise for customers who prefer to have their mail server in-house)

5 Replies

Reply to Thread
1
Matt Petty Replied
5/18/2021 at 2:34 PM
Employee Post
You will want to add the Gateway's IP to your IP Bypass list on the main server, this should cause all those checks the skip the IP and use the 2nd "Received By" 's IP to do the DKIM/SPF checks.

This is found in Antispam on System Admin, don't need to check any boxes, just add it to the list.
Matt Petty Senior Software Developer SmarterTools Inc. www.smartertools.com
0
Hi Matt! Are you sure of this? In your online help I find this note that seems to say that SPF and DKIM are not whitelistest/skipped:
Gabriele Maoret - Head of SysAdmins at SERSIS Currently manages 6 SmarterMail installations (1 in the cloud for SERSIS which provides services to a few hundred third-party email domains + 5 on-premise for customers who prefer to have their mail server in-house)
2
Matt Petty Replied
5/19/2021 at 2:49 PM
Employee Post
Yes IP Bypasses will still be checked for spam as long as the "Bypass Spamchecks" option is not enabled even then SPF/DKIM might still occur. But the important part is just the fact that it's IN the IP Bypass list will cause it to effectively Skip only that specific "Received by" line.
Matt Petty Senior Software Developer SmarterTools Inc. www.smartertools.com
2
Matt Petty Replied
5/19/2021 at 2:52 PM
Employee Post
20190522, enable that log in debug log ids found in troubleshooting and run some tests adding it to the IP Bypass list. This debug log deeply details how we figure out which IP to use when performing SPF/DKIM checks. There are many reasons that cause us to skip the top received by line, if it's whitelisted, if its listed as a incoming gateway, or if it's in the IP Bypass list, the log will detail this.

Oops, did not intend to mark this as answered.
Matt Petty Senior Software Developer SmarterTools Inc. www.smartertools.com
1
OK, thanks!
I will try if this solve my issue!

thanks again
Gabriele Maoret - Head of SysAdmins at SERSIS Currently manages 6 SmarterMail installations (1 in the cloud for SERSIS which provides services to a few hundred third-party email domains + 5 on-premise for customers who prefer to have their mail server in-house)
Back to Community Threads

Reply to Thread

Related Knowledge Base Articles

Sender Verification Shield and Incoming GatewaysSmarterMail > Server Configuration and Management
Deploying Rspamd For Use With SmarterMailSmarterMail > Server Configuration and Management
554 Error - MTA Poor Reputation FixesSmarterMail > Troubleshooting
Configure SmarterMail as a Free Gateway ServerSmarterMail > Server Configuration and Management
Recommended SPAM SettingsSmarterMail > Antispam and Antivirus