How to reject or bounce if emails don't have SPF pass
- Thread starter cuongvttt
- Start date
Not sure if I understand your question completely - but enabling 'Use SPF' in GUI->Configuration->Mail Proxy->Options should do just that
Hello Ivanov,
I did but those emails was still sent out when their score below 5. Please have a look at this log. Thank you so much for your quick help.
pmg-smtp-filter[24989]: 1E3115624C19355C597: SA score=0/5 time=3.598 bayes=undefined autolearn=no autolearn_force=no hits=AWL(0.023),HTML_MESSAGE(0.001),MIME_HTML_ONLY(0.1),SPF_HELO_NONE(0.001),T_KAM_HTML_FONT_INVALID(0.01),T_SCC_BODY_TEXT_LINE(-0.01),T_SPF_PERMERROR(0.01),URIBL_BLOCKED(0.001)
I did but those emails was still sent out when their score below 5. Please have a look at this log. Thank you so much for your quick help.
pmg-smtp-filter[24989]: 1E3115624C19355C597: SA score=0/5 time=3.598 bayes=undefined autolearn=no autolearn_force=no hits=AWL(0.023),HTML_MESSAGE(0.001),MIME_HTML_ONLY(0.1),SPF_HELO_NONE(0.001),T_KAM_HTML_FONT_INVALID(0.01),T_SCC_BODY_TEXT_LINE(-0.01),T_SPF_PERMERROR(0.01),URIBL_BLOCKED(0.001)
does the domain in question here (the sender's domain) have a SPF record at all?
if not do you really want to reject mails from domains without SPF record - this will cause many false positives (quite a lot of domains still don't publish a SPF record)
on another note - does your dns-resolution work?
if not do you really want to reject mails from domains without SPF record - this will cause many false positives (quite a lot of domains still don't publish a SPF record)
on another note - does your dns-resolution work?
Hello Ivanov,
You're right, they dont have any SPF. So if I let them keep going through my PMG, Google will block them as soon as possible.
That's why I want to reject them and make sure they have SPF before sending to Google.
Our system has detected that this message is 550-5.7.1 likely unsolicited mail. To reduce the amount of spam sent to Gmail, 550-5.7.1 this message has been blocked. Please visit 550-5.7.1 https://support.google.com/mail/?p=UnsolicitedMessageError 550 5.7.1 for more information. oo6-20020a17090b1c8600b001bf756ef81csi2055300pjb.139 - gsmtp (in reply to end of DATA command))
You're right, they dont have any SPF. So if I let them keep going through my PMG, Google will block them as soon as possible.
That's why I want to reject them and make sure they have SPF before sending to Google.
Our system has detected that this message is 550-5.7.1 likely unsolicited mail. To reduce the amount of spam sent to Gmail, 550-5.7.1 this message has been blocked. Please visit 550-5.7.1 https://support.google.com/mail/?p=UnsolicitedMessageError 550 5.7.1 for more information. oo6-20020a17090b1c8600b001bf756ef81csi2055300pjb.139 - gsmtp (in reply to end of DATA command))
This is odd - since I assume you do not have added gmail.com in your relay domains - I guess that this mails was sent through the internal port of PMG?
If that's the case and if that mail was spam - then I would suggest to check where it came from and speak with the admin (internal port should mean you know how to contact the admin)
If that's the case and if that mail was spam - then I would suggest to check where it came from and speak with the admin (internal port should mean you know how to contact the admin)
Hello Ivanov,
Yea I've added gmail.com in my Relay Domains and we're email service provider so there are so many emails sent to Gmail. They're our customers. We want to block them instead of Google and we just want to make sure they have SPF before sending email to Gmail.
Yea I've added gmail.com in my Relay Domains and we're email service provider so there are so many emails sent to Gmail. They're our customers. We want to block them instead of Google and we just want to make sure they have SPF before sending email to Gmail.
You should only add domains to your relay domains for which you are the MX (where the world sends the mails) - since I do assume that you're not the MX for gmail - do not add it to your relay domains (with this config the whole world can send spam through your IP to gmail - which will lead to the IP getting blocked by gmail (as can be seen in the logs you shared).
Instead allow your customers IP ranges in 'GUI->Configuration->Mail Proxy->Networks' and have them send the mail on PMG's internal port (defaults to port 26)
see the reference documentation:
https://pmg.proxmox.com/pmg-docs/pmg-admin-guide.html#chapter_deployment
Hello Ivanox,
Let me give you an example so that you can understand my goal.
My PMG's IP address is 192.168.10.10
My customer's domain is example.com
And the SPF would be: "v=spf1 +mx +a +ip4:192.168.10.10 ~all"
So I would like to know if there is any feature that can check this SPF. If it meets this SPF then deliver the email, if not reject or bounce.
Let me give you an example so that you can understand my goal.
My PMG's IP address is 192.168.10.10
My customer's domain is example.com
And the SPF would be: "v=spf1 +mx +a +ip4:192.168.10.10 ~all"
So I would like to know if there is any feature that can check this SPF. If it meets this SPF then deliver the email, if not reject or bounce.