How can i disable SPF checks?

Dec 6, 2022
44
15
8
Hello,

our PMG v 7.3-3 is running behind another mail gateway. So we want to disable the SPF checks, because we know they will fail.
(We are doing the spf checks on the gateway befor the PMG).

We disabled the "use SPF" flag under "Configuration -> Mail Proxy -> Options".
But when we look at the SpamScore there is still a "SPF_SOFTFAIL 0.972" showing up.

How can we disable the SPF_SOFTFAIL score ?

best regards
Benedikt
 
you'd need to set custom spamassassin scores (to 0) for all spamassassin tests that you want to disable:
https://pmg.proxmox.com/pmg-docs/pmg-admin-guide.html#pmgconfig_spamdetector (4.8.3)

Else - without explicitly testing this - you can see if enabling xforward in the other gateway (and adapting the postfix configuration for PMG through the templateing system fixes the issue (then PMG should use the original sending IP for the checks)):
https://pmg.proxmox.com/pmg-docs/pmg-admin-guide.html#pmgconfig_template_engine
https://www.postfix.org/XFORWARD_README.html

I hope this helps!
 
  • Like
Reactions: BenediktS
you'd need to set custom spamassassin scores (to 0) for all spamassassin tests that you want to disable:
https://pmg.proxmox.com/pmg-docs/pmg-admin-guide.html#pmgconfig_spamdetector (4.8.3)

Else - without explicitly testing this - you can see if enabling xforward in the other gateway (and adapting the postfix configuration for PMG through the templateing system fixes the issue (then PMG should use the original sending IP for the checks)):
https://pmg.proxmox.com/pmg-docs/pmg-admin-guide.html#pmgconfig_template_engine
https://www.postfix.org/XFORWARD_README.html

I hope this helps!

We have a similar setup, but with two PMGs. One PMG is public and forwards all mails to the internal (customer) PMG.
To do this, we have created a mail filter rule (priority 99) that lets everything through to the recipient domain with an Accept action object.

We have currently deactivated all SPF checks (Mail Proxy and SpamAssassin) on the downstream PMG.

Are you sure that this should works with xforward?
If I understand correctly, we would have to set smtp_send_xforward_command = yes on the public PMG and smtpd_authorized_xforward_hosts = <ip-public-pmg> on the internal PMG?

Does anything else need to be activated on the internal PMG so that the forwarded information is (automatically?) used there for SPF checking?
 
Last edited:

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!