Mailscanner, forwarding and SPF
Daniel Brunt
daniel at brunt.ca
Fri Feb 24 18:47:42 UTC 2017
Hi Don,
Bottom line...the people that use your EFA for filtering cannot, as long as they are using a hosted email service that does SPF checking. Period.
My g/f had similar issue using GoDaddy for her e-mail. I was filtering her e-mail via Barracuda (formerly MailFoundry). I was asked to troubleshoot NDRs. Turns out, GoDaddy had implemented SPF checking and was rejecting emails forwarded from Barracuda where the domain had a SPF record. No way around this since GoDaddy was unwilling to whitelist Barracuda mail servers from the SPF check; and their whitelisting mechanism is post-SPF check. I had to turn off the Barracuda email filtering for her. She was not happy. She started receiving a *lot* more SPAM as a result.
The only solution for you and your clients is for you to host their email behind your EFA appliance.
-Daniel
------------------------------------------------------------------------------
Message: 1
Date: Tue, 21 Feb 2017 13:15:51 +0100
From: Nerk Nerk <donnerk at gmail.com>
To: MailScanner Discussion <mailscanner at lists.mailscanner.info>
Subject: Re: Mailscanner, forwarding and SPF
Message-ID:
<CAMk2VrQhm0RNZ_9j7wyQqOCuRHkF5u9TwN4-pdBYhGd07RAV-g at mail.gmail.com>
Content-Type: text/plain; charset="utf-8"
Thank you for your answers.
The problem is, that the people that use my filters, don't own the server that their email is hosted on. So they can't always decide to turn something off.
2017-02-21 12:56 GMT+01:00 Antony Stone <
Antony.Stone at mailscanner.open.source.it>:
> On Tuesday 21 February 2017 at 12:48:18, Nerk Nerk wrote:
>
> > Dear MailScanner-fanatics,
> >
> > Currently I am facing some issues using MailScanner. Mostly, when
> > the following situation is current:
> >
> > - Some domain using SPF, for example Paypal, sends a mail to a
> > domain
> that
> > I filter for
>
> So, you are the destination of the MX records...
>
> > - The domain is filtered through Mailscanner
> > - The e-mail is forwarded to the destination
>
> How does that happen?
>
> > - The destination server is not under my control. They do SPF
> > checking
> and
> > reject the mail because the sending domain does not list my
> > mailscanner
> IP
> > as a valid sender
> >
> > Ofcourse I have thought of some solutions:
> > 1- They need to whitelist the IP of my mailscanner
>
> That would be good, considering that they've bought (?) a filtering
> service from you, and expect mail to pass through your servers on the
> way to theirs.
>
> > 2- They need to turn off the SPF checks at the destination
>
> Do they receive any direct (ie: not filtered through your servers) email?
>
> > Both solutions however, require actions from a hosting party that I
> > don't know and that is probably not willing.
>
> So, why have they pointed their MX records at your server, if they're
> not wiling to adjust their server to match this?
>
> > A third option:
> > 3- I need to rewrite the sending domain somehow
>
> Yes, like manay mailing lists do.
>
> > Has anyone else come across this problem? How did you solve it?
> >
> > I am really wondering what solution commercial spam filtering
> > services, such as SpamExperts for example, are using.
>
> I can't speak for them.
>
>
> Antony.
>
> --
> Never automate fully anything that does not have a manual override
> capability.
> Never design anything that cannot work under degraded conditions in
> emergency.
>
> Please reply to the
> list;
> please
> *don't* CC me.
>
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20170221/ad453620/attachment-0001.html>
More information about the MailScanner
mailing list