SPF Rule not working - spoofed

MiamiJack

MiamiJack

Active Member
Proxmox Subscriber
Sep 17, 2020
315
20
38
Hello All,

I used a 3rd party service to check the gateway, the gateway caught 1 virus and missed a few things including this spoof

Code: 
Oct 23 23:18:01 mgw postfix/smtpd[18697]: 8D4DA808DB: client=relay01.libraesva.com[52.142.218.128]
Oct 23 23:18:01 mgw postfix/cleanup[18799]: 8D4DA808DB: message-id=<6e38a97472c6161d332f4a125c650811@libraesva.com>
Oct 23 23:18:01 mgw postfix/qmgr[15359]: 8D4DA808DB: from=<boss@testuser.com>, size=20834, nrcpt=1 (queue active)
Oct 23 23:18:03 mgw postfix/lmtp[18852]: 8D4DA808DB: to=<joey@testuser.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=2.4, delays=0.31/0.04/0.01/2, dsn=2.5.0, status=sen39CE9D2746))
Oct 23 23:18:03 mgw postfix/qmgr[15359]: 8D4DA808DB: removed
root@mgw:~# grep C77B8808F4 /var/log/maillog
Oct 23 23:18:03 mgw postfix/smtpd[18833]: C77B8808F4: client=localhost.localdomain[127.0.0.1], orig_client=relay01.libraesva.com[52.142.218.128]
Oct 23 23:18:03 mgw postfix/cleanup[18861]: C77B8808F4: message-id=<6e38a97472c6161d332f4a125c650811@libraesva.com>
Oct 23 23:18:03 mgw postfix/qmgr[15359]: C77B8808F4: from=<boss@testuser.com>, size=21631, nrcpt=1 (queue active)
Oct 23 23:18:03 mgw pmg-smtp-filter[18848]: A17AF5F939CE9D2746: accept mail to <joey@testuser.com> (C77B8808F4) (rule: default-accept)
Oct 23 23:18:04 mgw postfix/smtp[18869]: C77B8808F4: to=<joey@testuser.com>, relay=mgw.gateway.com[52.160.161.12]:25, delay=0.54, delays=0.06/0.04/0.3/0.1 (250 OK id=1kWA4C-0004jp-7c)
Oct 23 23:18:04 mgw postfix/qmgr[15359]: C77B8808F4: removed


The receiving domain which is obfuscated has a working and verified SPF record with -all meaning it should have been rejected.

When I use this great spf testing tool, it shows it should fail -> https://vamsoft.com/support/tools/spf-policy-tester

Any suggestions?
 
I have same issue with PMG 6.2-6, smtp proxy is working normally but no SPF vefified has been applied to incomming email. I was check on /var/log/mail.log (no SPF log from pmgpolicy services) and email header (no Authentication-Result).

Is there any additional configuration on PMG for SPF verified working, pls give me some suggestions.

Many Thank!
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom