1

Topic: SPF_FAIL=5 for domain with correct SPF record

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 5.0
- Deployed with iRedMail Easy or the downloadable installer? Downloadable installer
- Linux/BSD distribution name and version:  Debian 10.10.
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): LDAP
- Web server (Apache or Nginx): Nginx
- Manage mail accounts with iRedAdmin-Pro? Yes
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====
Hi,
Can you help me with score SPF_FAIL=5?
I have a log with information :
Oct 11 16:29:12 mail amavis[30379]: (30379-12) Passed CLEAN {RelayedInbound}, [212.122.192.46]:58179 [5.174.23.34] ESMTP/ESMTP <remote_user@wp.pl> -> <local_user@pbs.edu.pl>, (ESMTP://[212.122.192.46]:58179 < ESMTP://212.77.101.8 < SMTP://5.174.23.34), Queue-ID: 4HSh4l6XNyz339l, Message-ID: <33a042dd91da4801a664bab4698b10fd@grupawp.pl>, mail_id: PIdVdhDdNanD, b: noXf9gHev, Hits: 4.803, size: 5536, queued_as: 4HSh4m1g88z33BN, Subject: "Subject123", From: <remoteuser@wp.pl> (dkim:AUTHOR), User-Agent: GWP-Draft, helo=mx10.utp.edu.pl, Tests: [DKIM_SIGNED=0.1,DKIM_VALID=-0.1,DKIM_VALID_AU=-0.1,DKIM_VALID_EF=-0.1,FREEMAIL_FROM=0.001,HTML_MESSAGE=0.001,SPF_FAIL=5,SPF_HELO_NONE=0.001], autolearn=no autolearn_force=no, autolearnscore=4.803, dkim_i=@wp.pl, dkim_sd=1024a:wp.pl, 289 ms
I use a SPAM Gateway which collects e-mail from the Internet and then forwards it to the iredmail server.
I think my SPAM Gateway is the problem when spf records are checked. I'v added the relay IP address to the whitelist but that didn't fix the problem.

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: SPF_FAIL=5 for domain with correct SPF record

How about lower the score of SPF_FAIL in /etc/mail/spamassassin/local.cf?

3

Re: SPF_FAIL=5 for domain with correct SPF record

Hi,

I would like to find a reason, not to do a workaround.
Also I can increase overal SPAM score but it is only workaround like  lower the score of SPF_FAIL in /etc/mail/spamassassin/local.cf.
Any other idea why spamassasin is marking that domain SPF_FAIL?

4 (edited by pitterski 2021-10-12 01:08:03)

Re: SPF_FAIL=5 for domain with correct SPF record

pitterski wrote:

Hi,

I would like to find a reason, not to do a workaround.
Also I can increase overal SPAM score but it is only workaround like  lower the score of SPF_FAIL in /etc/mail/spamassassin/local.cf.
Any other idea why spamassasin is marking that domain SPF_FAIL?

I think that the SPAM Gateway is not the problem, for some domains the SPF_FAIL is active (I'v changed score to 3):
Tests: [DKIM_SIGNED=0.1,DKIM_VALID=-0.1,DKIM_VALID_AU=-0.1,DKIM_VALID_EF=-0.1,FREEMAIL_FORGED_
REPLYTO=2.503,HEADER_FROM_DIFFERENT_DOMAINS=0.249,HTML_MESSAGE=0.001,HTTPS_HTTP_
MISMATCH=0.1,MIME_HTML_ONLY=0.1,SPF_FAIL=3,SPF_HELO_NONE=0.001]

And for other domains there is no SPF_FAIL score:

Tests: [DKIM_INVALID=0.1,DKIM_SIGNED=0.1,HTML_MESSAGE=0.001,SPF_HELO_NONE=0.001,SPF_PASS=-0.001]

Both messages passed through the same SPAM Gateway.

5

Re: SPF_FAIL=5 for domain with correct SPF record

You should check the actual SPF record.
https://www.kitterman.com/spf/validate.html?
and/or
https://mxtoolbox.com/spf.aspx

There may be issues with the SPF record for pbs.edu.pl

6

Re: SPF_FAIL=5 for domain with correct SPF record

SPF from pbs.edu.pl results in a PermError, it is their fault, they need to fix their settings

7

Re: SPF_FAIL=5 for domain with correct SPF record

Hi,
Thank you for the answer.
pbs.edu.pl is my domain, I fixed the spf record, but I think it's not the problem I am asking for.
In my situation, incoming mail comes from wp.pl and many other (not all) domains with a good SPF record are marked with SPF_FAIL = 5.

8

Re: SPF_FAIL=5 for domain with correct SPF record

Did you ever resolve your issue?  I seem to be getting the same problem.  I may just lower spf fail score.  The other header entries state that spf has passed.