SPF check for relayed mail

William Edwards

William Edwards

Well-Known Member
Proxmox Subscriber
May 20, 2017
172
18
58
Netherlands
cyberfusion.io
When using PMG as an SMTP relay, I want the SPF check to be skipped for mail offered to the internal SMTP port; only the PMG servers are specified in SPF records, not the internal host using the PMG smarthost.

I can of course add custom SpamAssassin rules for this, but before I do that, I'd like to know what the "Mail Proxy" -> "Options" -> "Use SPF" option does. I couldn't find a description in the documentation.
 
Last edited:
SPF checking in PMG happens on 2 distinct levels:
a) in the Mail Proxy (which is configured by the "Use SPF" checkbox you mentioned)
b) by SpamAssassin, when a mail passes the rule-system

for a) mails don't get passed through the SPF (and greylist) checks if they arrive on the internal port (default 26)
for b) you'd need to either configure your DNS so that it provides a different SPF record to spamassassin, or adapt the scores for the SPF rules from spamassassin

I hope this explains it!
 
Stoiko Ivanov said:
for a) mails don't get passed through the SPF (and greylist) checks if they arrive on the internal port (default 26)
Click to expand...

What do you mean by "checks if they arrive on the internal port (default 26)"? Does it do or not do the SPF check when 'Use SPF' is disabled on the internal port or the external port?

Context: I set "Use SPF" to "No", but am still seeing "Recipient address rejected: Rejected by SPF:" for mail sent to the internal port.
 
Last edited:
William Edwards said:
Context: I set "Use SPF" to "No", but am still seeing "Recipient address rejected: Rejected by SPF:" for mail sent to the internal port.
Click to expand...
* This sounds odd - would you please share an example e-mail-log for such a mail? (AFAIR you should also see messages from pmgpolicy if it is the source of the reject)
* if this is a clustered system - is the cluster in sync?
 
William Edwards said:
Looks like /etc/pmg/pmg.conf is out of sync on one cluster node (which happens to be the one I'm testing on), indeed... Not an issue for this topic.
Click to expand...
I assume that the SPF works as planned once the config is in sync ?
regarding the cluster-sync not being in sync - you could open a new thread (or we can continue here) - unless the source of the problem is clear
 
Glad that worked! :)

Out of curiosity - what caused the cluster to run out of sync? (currently considering a few small improvements in that area)

Thanks!
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back