[SOLVED] PMG behind NAT SPF failed

ciprianl

New Member
Apr 16, 2021
5
1
3
49
Hi, is there a way to configure SPF when PMG and email server are behind NAT? PMG is working great but, in order to receive emails, I had to disable SPF check...
Thank you
Ciprian
 
Which problems did you run into?

if PMG is behind a NAT device it should still see the original IP-address of the sending server and thus be able to do the SPF check...
 
If I set SPF check = ON, we can not receive emails , the error is "..recipient address rejected: rejected by spf: 192.168.100.1 is not a designated mailserver for ..."where 192.168.100.1 is my gateway internal IP address
 
for ..."where 192.168.100.1 is my gateway internal IP address
seems your gateway is rewriting the source address as well - either you change your gateway/routers configuration - or you disable the SPF check in PMG - I don't see a way to change the SPF check to not use the source-IP
 
"seems your gateway is rewriting the source address as well"
This is happening always when behind the nat.
 
Very strange, I have another PMG in a similar config (behind NAT) and this one is working perfectly. Sender domain from same address is resolved correctly on this one . I don't know why on the other one is resolved as LAN IP of my gateway...
 
Well, I finally solved it. MAybe somebody will be in same situation as me so I will share it. The problem had nothing to do with PMG but with my router. The issue was related to bad config of masquerade. Thank you Stoiko for your clue: "if PMG is behind a NAT device it should still see the original IP-address of the sending server and thus be able to do the SPF check..." This made me look forward into my router config
 
  • Like
Reactions: Stoiko Ivanov