SPF issues from sender

M

maenda

Member
Jul 10, 2020
30
0
11
49
Hi,

We have a user that has a "sometimes" issue on a senders SPF which gets rejected because the senders domain is not added to the SPF to be allowed to sent with the receivers domain. That's correct because the sender is an external party. Tried everything but didn't get it fixed.

Does someone see the issue here? Hide some details

2024-04-30T13:39:17.573698+02:00 mx-1 postfix/smtpd[890547]: connect from mail-am7eur03on20701.outbound.protection.outlook.com[2a01:111:f403:260e::701]
2024-04-30T13:39:17.601216+02:00 mx-1 postfix/smtpd[890547]: Anonymous TLS connection established from mail-am7eur03on20701.outbound.protection.outlook.com[2a01:111:f403:260e::701]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
2024-04-30T13:39:18.171022+02:00 mx-1 postfix/smtpd[890547]: NOQUEUE: client=mail-am7eur03on20701.outbound.protection.outlook.com[2a01:111:f403:260e::701]
2024-04-30T13:39:18.245963+02:00 mx-1 pmg-smtp-filter[890782]: 121FBF6630D8663879D: new mail message-id=<AM0PR08MB3331A0E2C6FD3174A452E1BAFE1A2@AM0PR08MB3331.eurprd08.prod.outlook.com>#012
2024-04-30T13:39:19.706362+02:00 mx-1 pmg-smtp-filter[890782]: 121FBF6630D8663879D: SA score=0/5 time=0.979 bayes=0.00 autolearn=no autolearn_force=no hits=ARC_SIGNED(0.001),ARC_VALID(0.001),AWL(0.276),BAYES_00(-1.9),DKIM_SIGNED(0.1),DKIM_VALID(-0.1),DKIM_VALID_AU(-0.1),DKIM_VALID_EF(-0.1),DMARC_PASS(-0.1),HTML_MESSAGE(0.001),KAM_NUMSUBJECT(0.5),SPF_HELO_PASS(-0.001),SPF_PASS(-0.001)
2024-04-30T13:39:19.715832+02:00 mx-1 postfix/smtpd[890947]: connect from localhost.localdomain[127.0.0.1]
2024-04-30T13:39:19.717277+02:00 mx-1 postfix/smtpd[890947]: AF0B4101178: client=localhost.localdomain[127.0.0.1], orig_client=mail-am7eur03on20701.outbound.protection.outlook.com[2a01:111:f403:260e::701]
2024-04-30T13:39:19.718428+02:00 mx-1 postfix/cleanup[890940]: AF0B4101178: message-id=<AM0PR08MB3331A0E2C6FD3174A452E1BAFE1A2@AM0PR08MB3331.eurprd08.prod.outlook.com>
2024-04-30T13:39:19.765340+02:00 mx-1 postfix/qmgr[464830]: AF0B4101178: from=<*****@manfree dot nl>, size=86144, nrcpt=1 (queue active)
2024-04-30T13:39:19.765704+02:00 mx-1 pmg-smtp-filter[890782]: 121FBF6630D8663879D: accept mail to <*****@hansfashion dot nl> (AF0B4101178) (rule: Whitelist)
2024-04-30T13:39:19.765862+02:00 mx-1 postfix/smtpd[890947]: disconnect from localhost.localdomain[127.0.0.1] ehlo=1 xforward=1 mail=1 rcpt=1 data=1 commands=5
2024-04-30T13:39:19.768412+02:00 mx-1 pmg-smtp-filter[890782]: 121FBF6630D8663879D: processing time: 1.534 seconds (0.979, 0.473, 0)
2024-04-30T13:39:19.768685+02:00 mx-1 postfix/smtpd[890547]: proxy-accept: END-OF-MESSAGE: 250 2.5.0 OK (121FBF6630D8663879D); from=<*****@manfree dot nl> to=<*****@hansfashion dot nl> proto=ESMTP helo=<EUR03-AM7-obe.outbound.protection.outlook.com>
2024-04-30T13:39:19.804682+02:00 mx-1 postfix/smtpd[890547]: disconnect from mail-am7eur03on20701.outbound.protection.outlook.com[2a01:111:f403:260e::701] ehlo=2 starttls=1 mail=1 rcpt=1 bdat=1 quit=1 commands=7
2024-04-30T13:39:19.887359+02:00 mx-1 postfix/smtp[890941]: Trusted TLS connection established to mail.hansfashion dot nl[178.19.119.**]:25: TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384
2024-04-30T13:39:20.216346+02:00 mx-1 postfix/smtp[890941]: AF0B4101178: to=<****@hansfashion dot nl>, relay=mail.hansfashion.nl[178.19.119.**]:25, delay=0.5, delays=0.05/0/0.17/0.28, dsn=5.0.0, status=bounced (host mail.hansfashion.nl[**.**.**.**] said: 550-SPF: 178.19.119.*** is not allowed to send mail from manfree dot nl: 550 Please see http://www.open-spf.org/Why : Reason: mechanism (in reply to RCPT TO command))
2024-04-30T13:39:20.410222+02:00 mx-1 postfix/smtp[890941]: AF0B4101178: lost connection with mail.hansfashion dot nl[178.19.119.**] while sending DATA command
2024-04-30T13:39:20.415127+02:00 mx-1 postfix/qmgr[464830]: AF0B4101178: removed
 
Is your PMG the inbound mailproxy for hansfashion.nl or the outbound proxy for manfree.nl?

* if the former - add your PMG to the trusted hosts on the server that is the downstream for hansfashion.nl (mail.hansfashion.nl)
* if the latter - add your PMG to the SPF record of the host

if neither of both are true- please explain how this mail is processed by PMG and why
 
It is the inbound mailproxy. And the pmg is already added to the spf record.
 
maenda said:
It is the inbound mailproxy. And the pmg is already added to the spf record.
Click to expand...
if it is inbound for hansfashion.nl then you need to add your PMG as trusted host (or whatever that's called in the MX of hansfashion.nl), that way the host will not treat the delivery as spf-failure...
 
Ok but to be sure. It is complaining about manfree is not added as permitted sender. Is that correct?
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back