Jump to content

Mails Security 6.4 and SPF rejecting mail from authenticated SMTP user

jadorwin
 Share

Recommended Posts

jadorwin

jadorwin 1

Posted
Posted

Hi,

 

I just upgrade to ESET Email Security for exchange 6.4.

 

I create a rule to delete email with bad SPF result.

 

I have some services sending email by SMTP. These services authenticate themselves with the SMTP service and send emails with a FROM like service@company.com TO user@company.com.

 

These emails are erased with a false result from the SPF check and this is not correct.

FYI I select in the mail transport option that authenticated users are not scanned with the antispam module.

 

In fact, every email send by SMTP (by authenticated users to an internal user) is rejected with a false result from SPF. Is it normal ? Seems strange to me.

 

Br,

Link to comment
Share on other sites
  • ESET Staff
filips

filips 44

Posted
  • ESET Staff
Posted

Hi jadorwin,

this should help:
- edit your rule
- add condition "Internal message: false"

We will investigate the problem you described - SPF check could be skipped when scanning authenticated emails.

Does the domain where authenticated users/services send from have valid SPF records?

Link to comment
Share on other sites
jadorwin

jadorwin 1

Posted
  • Author
Posted

Hi,

 

Adding the condition resolve the problem. Thanks.

 

Yes, our domain name has SPF, DKIM and DMARC records for 2 years. Everything is working (especially Gmail accept our mail and check everything).

 

Another remark : I have strange rejection with DKIM too with mail coming from smtp21.email4-beyond.com, mail1.eventbrite.com and other legitimate domain. I'm quite sure that these emails are good but maybe they misconfigured their server (but it's strange from big services relying on email).

 

Anyway, many many thanks for implementing these SPF, DKIM DMARC checks. I was eagerly waiting for them.

 

Br,

Link to comment
Share on other sites
  • ESET Staff
filips

filips 44

Posted
  • ESET Staff
Posted

Hi,

We managed to find a bug while examining DKIM signatures from mail1.eventbrite.com - this will be fixed in next release of EMSX (6.4.10008)

We weren't able to find any problems related to DKIM signatures from smtp21.email4-beyond.com. Please send us a sample .eml file that gives wrong DKIM result (to support or PM me).

 

thanks

Link to comment
Share on other sites
jadorwin

jadorwin 1

Posted
  • Author
Posted

Hi filips,

 

Great that you find and fixed a bug.

 

I will try to catch some mail from smtp21.email4-beyond.com with the problem but it's a problem that I found in EMSX logs as these mails are not sent to me and I can't ask the user easily to send me the problematic email.

 

I will keep in touch.

 

Br,

Link to comment
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...