How can i disable SPF checks?

B

BenediktS

Member
Proxmox Subscriber
Dec 6, 2022
55
19
13
Hello,

our PMG v 7.3-3 is running behind another mail gateway. So we want to disable the SPF checks, because we know they will fail.
(We are doing the spf checks on the gateway befor the PMG).

We disabled the "use SPF" flag under "Configuration -> Mail Proxy -> Options".
But when we look at the SpamScore there is still a "SPF_SOFTFAIL 0.972" showing up.

How can we disable the SPF_SOFTFAIL score ?

best regards
Benedikt
 
you'd need to set custom spamassassin scores (to 0) for all spamassassin tests that you want to disable:
https://pmg.proxmox.com/pmg-docs/pmg-admin-guide.html#pmgconfig_spamdetector (4.8.3)

Else - without explicitly testing this - you can see if enabling xforward in the other gateway (and adapting the postfix configuration for PMG through the templateing system fixes the issue (then PMG should use the original sending IP for the checks)):
https://pmg.proxmox.com/pmg-docs/pmg-admin-guide.html#pmgconfig_template_engine
https://www.postfix.org/XFORWARD_README.html

I hope this helps!
 
  • Like
Reactions: BenediktS
Stoiko Ivanov said:
you'd need to set custom spamassassin scores (to 0) for all spamassassin tests that you want to disable:
https://pmg.proxmox.com/pmg-docs/pmg-admin-guide.html#pmgconfig_spamdetector (4.8.3)

Else - without explicitly testing this - you can see if enabling xforward in the other gateway (and adapting the postfix configuration for PMG through the templateing system fixes the issue (then PMG should use the original sending IP for the checks)):
https://pmg.proxmox.com/pmg-docs/pmg-admin-guide.html#pmgconfig_template_engine
https://www.postfix.org/XFORWARD_README.html

I hope this helps!
Click to expand...

We have a similar setup, but with two PMGs. One PMG is public and forwards all mails to the internal (customer) PMG.
To do this, we have created a mail filter rule (priority 99) that lets everything through to the recipient domain with an Accept action object.

We have currently deactivated all SPF checks (Mail Proxy and SpamAssassin) on the downstream PMG.

Are you sure that this should works with xforward?
If I understand correctly, we would have to set smtp_send_xforward_command = yes on the public PMG and smtpd_authorized_xforward_hosts = <ip-public-pmg> on the internal PMG?

Does anything else need to be activated on the internal PMG so that the forwarded information is (automatically?) used there for SPF checking?
 
Last edited:
You must log in or register to reply here.
Top Bottom