Russ 0 Posted August 16, 2018 Share Posted August 16, 2018 I have a customer with an invalid SPF record, which (as expected) causes they messages to be rejected. As yet I've not been able to get them to fix it, so would like to have their domain white-listed from the check, but so far I've been unsuccessful in getting this configured. I have added their domain to the following white-lists: Approved Senders list Approved domain to IP list Domain to IP white-list (under the greylist/SPF heading) I have also created a transport rule for messages from their domain that fail the SPF check to skip the anti-spam scan, but neither of these things has helped. What should I be doing to ensure this mail is delivered, or is it simply not possible to allow for a bad SPF record? Many thanks! Link to comment Share on other sites More sharing options...
ESET Staff filips 44 Posted August 17, 2018 ESET Staff Share Posted August 17, 2018 (edited) Hi Russ, SPF uses only IP whitelists (or domain to IP). Approved senders list is not used in SPF, it applies only to antispam. The domain to IP lists should work - you could compare resolved IP addresses in GUI with connecting IP (maybe it wasn't resolved?). The rule you created didn't work because if "Automatically reject messages if SPF fails" is enabled, SPF is evaluated right on MAIL FROM command and if it fails, message is rejected right away and no rules/antispam are evaluated. To handle SPF in rules disable setting "Automatically reject messages if SPF fails" and then create a rule. It could look like: Condition 1 - Sender's IP address is not (list of customer's IPs) Condition 2 - SPF result is Failed Action - Reject message (You should test it with "Log to events" action first to see if it works correctly) or a simple version (but this one will not protect against spoofing of their own domain) Condition 1 - Sender's domain is not mydomain.com Condition 2 - SPF result is Failed Action - Reject message Edited August 17, 2018 by filips Link to comment Share on other sites More sharing options...
Recommended Posts