Koozali.org: home of the SME Server

SPF problems

Offline Jáder

  • *
  • 1,099
  • +0/-0
    • LinuxFacil
SPF problems
« on: April 14, 2012, 02:37:31 AM »
I have one server (7.5.1) configurated ok to fight spam (and a SPF recordy with just it as authorized to sent email: -all to everyone else!) but I receive messages like this:

 
Code: [Select]
Return-Path: <antinsect@antinsect.com.br>
Delivered-To: gustavo@rinoceronte.antinsect.com.br
Received: (qmail 12282 invoked by alias); 12 Apr 2012 16:12:46 -0000
Delivered-To: alias-localdelivery-gustavo@antinsect.com.br
Received: (qmail 12270 invoked by alias); 12 Apr 2012 16:12:46 -0000
Delivered-To: antinsect@rinoceronte.antinsect.com.br
Received: (qmail 12268 invoked by alias); 12 Apr 2012 16:12:45 -0000 D
elivered-To: alias-localdelivery-antinsect@antinsect.com.br
Received: (qmail 12265 invoked by uid 453); 12 Apr 2012 16:12:45 -0000
X-Virus-Checked: Checked by ClamAV on antinsect.com.br
X-Spam-Level: *
X-Spam-Status: No, hits=0.1 required=4.0 tests=HTML_MESSAGE,MISSING_MID,SPF_HELO_FAIL
X-Spam-Check-By: antinsect.com.br Received: from nmrsupport.jeol.com (HELO mindsetgreen.com) (66.29.217.248) by antinsect.com.br (qpsmtpd/0.83) with ESMTP; Thu, 12 Apr 2012 13:12:39 -0300
Received: from DED3974 (ded3974.maximumasp.local [66.29.217.133]) by sigportal1.net with SMTP; Thu, 12 Apr 2012 12:12:17 -0400 MIME-Version: 1.0 From: antinsect@antinsect.com.br
To: antinsect@antinsect.com.br
Reply-To: antinsect@antinsect.com.br
Date: 12 Apr 2012 12:12:17 -0400
Subject: =?utf-8?B?RXN0YSBjb20gbyBub21lIE5lZ2F0aXZvIC0gcmVjb21tZW5kYXRpb24=?=
Content-Type: multipart/alternative; boundary=--boundary_11838_b9827c28-f8bc-4fcb-8638-ffb5be5d8c5c

Note that SPF tell just our MX is allowed to send e-mail

Code: [Select]
antinsect.com.br        text = "v=spf1 ip4:201.47.255.142 -all"

I found this topic: http://forums.contribs.org/index.php?topic=21631.0
and tried to implement this:
Code: [Select]
mkdir -p /usr/bin/config
chown qpsmtpd:qpsmtpd /usr/bin/config
mkdir -p /etc/e-smith/templates-custom/var/service/qpsmtpd/config/plugins/
echo sender_permitted_from spf_deny 2 > /etc/e-smith/templates-custom/var/service/qpsmtpd/config/plugins/09spf

/sbin/e-smith/expand-template /var/service/qpsmtpd/config/plugins


But all I get was internal e-mail rejection... noone was able to send e-mail!

So I ask: How to FORCE our beloved SME servers to do not accept emails when SPF verification fails?
...

Offline CharlieBrady

  • *
  • 6,918
  • +3/-0
Re: SPF problems
« Reply #1 on: April 14, 2012, 08:57:52 PM »
So I ask: How to FORCE our beloved SME servers to do not accept emails when SPF verification fails?

Isn't that what you've already achieved?

Quote
But all I get was internal e-mail rejection... noone was able to send e-mail!

You need to exempt your internal network and authenticated connections from the SPF checking.

Offline Jáder

  • *
  • 1,099
  • +0/-0
    • LinuxFacil
Re: SPF problems
« Reply #2 on: April 14, 2012, 09:57:03 PM »
Charlie

Thanks by tip... but I have no idea how to do that!
I'll read docs...

EDIT: I read as many doc I could find about this...
Discovered the config/peers/0 and config/peers/local files... so they allow different policies to local networks and other ones... but just do not know how to configure this.

Jáder
« Last Edit: April 15, 2012, 12:12:13 AM by jader »
...