SPF Options?

jlar310

Active Member
Jun 27, 2007
35
0
26
We have recently been getting complaints from internal users that legitimate messages to them from outside are being rejected. When we search the proxmox logs, we often find it's an SPF issue on the sender's side.

I like the idea of SPF and if people are going to configure their domain for it, I strongly favor that they get notified when it's wrong. However, it would be nice if we could have an "accept, but notify sender" option for SPF errors on messages that are otherwise not considered spam.

Also, users who receive reject messages with SPF information do not seem to read the reject message which is indicating that the problem is on their end. Can the reject message be made more user friendly? I admit that I don't currently have access to an example rejection, so I'm flying blind on this one.

Since SPF adoption is still pretty low, it would be nice if we could have a little more control over it on the receiving end. If we have to turn it completely off, then it's adoption by senders becomes pointless.

Jeff
 

tom

Proxmox Staff Member
Staff member
Aug 29, 2006
15,520
906
163
We have recently been getting complaints from internal users that legitimate messages to them from outside are being rejected. When we search the proxmox logs, we often find it's an SPF issue on the sender's side.

I like the idea of SPF and if people are going to configure their domain for it, I strongly favor that they get notified when it's wrong. However, it would be nice if we could have an "accept, but notify sender" option for SPF errors on messages that are otherwise not considered spam.

Also, users who receive reject messages with SPF information do not seem to read the reject message which is indicating that the problem is on their end. Can the reject message be made more user friendly? I admit that I don't currently have access to an example rejection, so I'm flying blind on this one.

Since SPF adoption is still pretty low, it would be nice if we could have a little more control over it on the receiving end. If we have to turn it completely off, then it's adoption by senders becomes pointless.

Jeff

Hi Jeff,

Thanks for your report. SPF is quite a good thing, the bad is that a lot of admin creates wrong SPF records or does not maintain their DNS settings and server - and users does not understand the SPF failure messages. SPF is not that easy and you have to be an IT professional to understand.

On the other side: this is what you want by using SPF - reject messages from wrong configured mail server systems.

But I understand your situation, therefore Proxmox offer:

- disable SPF checks on SMTP level
- use SMTP whitelist

If you disable SPF ckecks on SMTP level, no email will be rejected. But if the SPF record is wrong, the spam filter gives a certain score to that email and marks it therefore as spam if the score goes above 5 or whatever you configured. So the end user have access via quarantine.
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get your own in 60 seconds.

Buy now!