Mail to internal port is being SPF-filtered

[William Edwards]

Hi,

From the admin guide and forums, I gather that email sent to the internal port should not be SPF-filtered. It makes no sense to do so for relayed mail, where PMG is a smarthost.

However, this mail is being filtered: it's rejected because of the KAM_DMARC_REJECT SpamAssassin rule (6 points by default).

What am I doing wrong?

root@pmg0:~# cat /etc/pmg/pmg.conf
section: admin
    advfilter 1
    dailyreport 0
    dkim_selector pmg
    dkim_sign 1
    email engineering@cyberfusion.nl

section: mail
    hide_received 1
    int_port 587
    tls 1
    tlslog 1
    verifyreceivers 550

section: spam
    use_bayes 1

section: spamquar
    lifetime 2

I aso tried changing the internal SMTP port from 587 to its default 26 (in case it's hardcoded somewhere), which didn't help.

 

[Stoiko Ivanov]

However, this mail is being filtered: it's rejected because of the KAM_DMARC_REJECT SpamAssassin rule (6 points by default).

the SPF-checks that are done on the external port and not the internal one are done by pmgpolicy and lead to a SMTP-diaglog-level rejection (in case the SPF policy says so) - they are independent of the SpamAssassin analysis (which in turn does not distinguish between internal and external port)

You could lower the score in general, or generate a custom spamassassin rule and config, that allow-lists your internal networks

I hope this helps!

 

[Elompenta]

I have the same Problem here: https://forum.proxmox.com/threads/disable-outgoing-spf-dkim-checks.152546/

> You could lower the score in general,
Not a solution

> or generate a custom spamassassin rule and config,
> that allow-lists your internal networks
From my understanding, you can whitelist an ip, but this will allow to much. or?

The real solution is to disable SPF and DKIM spamassasin checks for "outgoing mails" over tcp/26