1 Topic by fsantiago06111979

  • fsantiago06111979
  • Member
  • Offline
  • Registered: 2014-05-04
  • Posts: 229

Topic: SPF check whitelisting

==== Required information ====
- iRedMail version: 0.8.6
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): PGSQL
- Linux/BSD distribution name and version: Centos 6.5, Linux 3.14.1-x86_64-linode39 on x86_64
- Related log if you're reporting an issue: n/a
====

How can I whitelist certain email sender IP's from the SPF checks? For example, to successfully receive relayed email from a backup MX service that stores and forwards email should my server become unavailable.

I whitelisted for greylisting but don't clearly see where to do so for SPF checks. Thanks.

- Fabian S.

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,788

Re: SPF check whitelisting

There're two components perform SPF checking:

1: Cluebringer. iRedMail doesn't configure it for SPF checking, so you can ignore it.
2: SpamAssassin. You can whitelist emails which bypass SPF check in /etc/mail/spamassassin/local.cf. For example:

whitelist_from_spf joe@example.com fred@example.com
whitelist_from_spf *@example.com

Reference: http://spamassassin.apache.org/full/3.2 … n_SPF.html

3 Reply by fsantiago06111979

  • fsantiago06111979
  • Member
  • Offline
  • Registered: 2014-05-04
  • Posts: 229

Re: SPF check whitelisting

Ok, two things:

1.> when I look at cluebringer.conf and i see:
# Modules to load
modules=<<EOT
Core
AccessControl
CheckHelo
CheckSPF
Greylisting
Quotas
EOT

and

# CheckSPF module
[CheckSPF]
enable=1

that doesn't mean it's checking SPF?

2.> in sa > local.cf, if I wanted to whitelist my backup store & forward MX servers, of which there are 2, I can just whitelist their wildcard value (*.domain.com)? remember, i'm NOT looking to whitelist specific sender email addresses but MX servers that may at some point have to relay email to me that was originally intended for me in the 1st place.

Thanks.

4 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,788

Re: SPF check whitelisting

fsantiago06111979 wrote:

that doesn't mean it's checking SPF?

SPF module is enabled, but we don't have any rule in Cluebringer database to ask it to check SPF.

fsantiago06111979 wrote:

2.> in sa > local.cf, if I wanted to whitelist my backup store & forward MX servers, of which there are 2, I can just whitelist their wildcard value (*.domain.com)? remember, i'm NOT looking to whitelist specific sender email addresses but MX servers that may at some point have to relay email to me that was originally intended for me in the 1st place.

Sorry, i don't quite understand what you really want.

5 Reply by fsantiago06111979

  • fsantiago06111979
  • Member
  • Offline
  • Registered: 2014-05-04
  • Posts: 229

Re: SPF check whitelisting

ok,

1.> so i read during the install process on one of the option screens that SPF was enabled by default. so you're saying this only applies to how SA uses it?

2.> i use a service, junkemailfilter.com for example, that i input as 2nd and 3rd priority MX records in my domain's DNS records. they capture email and hold it for me should my mail server become unavailable. when my server comes back online, they forward any stored mail to me, so senders to me never get bounces because my server is down and i don't lose any email. but SPF typically breaks this forwarding process since the email isn't coming from the original sender's domain. i just wanted to bypass spf checks for my forwarding service so i don't inadvertently block / reject any legitimate email from them.

6 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,788

Re: SPF check whitelisting

fsantiago06111979 wrote:

2.> i use a service, junkemailfilter.com for example, that i input as 2nd and 3rd priority MX records in my domain's DNS records. they capture email and hold it for me should my mail server become unavailable. when my server comes back online, they forward any stored mail to me, so senders to me never get bounces because my server is down and i don't lose any email. but SPF typically breaks this forwarding process since the email isn't coming from the original sender's domain. i just wanted to bypass spf checks for my forwarding service so i don't inadvertently block / reject any legitimate email from them.

SPF in SpamAssassin is a after-queue checking, it simply scores the mail, and it doesn't reject/block emails, so it should be fine.

7 Reply by fsantiago06111979

  • fsantiago06111979
  • Member
  • Offline
  • Registered: 2014-05-04
  • Posts: 229

Re: SPF check whitelisting

ok thanks!