1 Topic by rainorigami (edited by rainorigami 2023-11-20 21:18:11)

  • rainorigami
  • Member
  • Offline
  • Registered: 2023-11-20
  • Posts: 2

Topic: Do I misunderstand how SPF is supposed to work?

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 1.6.7 MARIADB
- Deployed with the downloadable installer
- Linux/BSD distribution name and version: Ubuntu 22.04.3 LTS Linux 5.15.0-88-generic x86_64
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL
- Web server (Apache or Nginx): nginx
- No iRedAdmin-Pro
====

Hello

I was under the assumption that SPF checks happen when the `MAIL FROM` command is executed. Configurable, a failure or neutral would decline the mail right then and there. At least, if I could, that's what I would configure it for.

Do I completely misunderstand how SPF is applied in this scenario?

1. Connect mail.codefreak.net 25
2. MAIL FROM: some@spammer.com
3. MAIL TO: rainorigami@codefreak.net
4. Body, subject...
5. 250 2.0.0 Ok: queued

I connected from my home IP, which is in no SPF record in the world. I try to use sender domain "spammer.com" which has no SPF record. In my head, this should not be queued or at the very least it should be put in my spam folder.

But this mail is delivered as if it was legit. Doesn't go to the spam folder. Doesn't get rejected. Same with mails from "microsoft.com" which do have an SPF record, or other domains.

Am I completely misunderstanding how this is supposed to work? Why is this mail allowed to go through without problem?

Using this script I can basically send an infinite amount of spam mails from any domain I wish:

#!/bin/bash
SERVER="mail.codefreak.net"
PORT=25
FROM="some@spammer.com"
TO="rainorigami@codefreak.net"
SUBJECT="Test"
BODY="Test"
swaks --to "$TO" --from "$FROM" --server "$SERVER" --port "$PORT" \
      -h "$SERVER" --tls --header "Subject: $SUBJECT" --body "$BODY"

What is going wrong here? I may not understand exactly how SPF works but I can't be so wrong to assume that above example should never be delivered?

As far as I understand, *my* SPF/DMARC records of codefreak.net do not matter and are not involved. It's the SPF of spammer.com that should be tested and the listed IPs compared to the IP that I connect from. If there's any result other than PASS, it should at least be moved to the spam folder but better yet be rejected. In the current configuration it looks a lot like SPF is not being handled at all in iRedMail or am I completely off the rails?

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by rainorigami

  • rainorigami
  • Member
  • Offline
  • Registered: 2023-11-20
  • Posts: 2

Re: Do I misunderstand how SPF is supposed to work?

Any information would be appreciated.

3 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,792

Re: Do I misunderstand how SPF is supposed to work?

rainorigami wrote:

I was under the assumption that SPF checks happen when the `MAIL FROM` command is executed.

Wrong.
In iRedMail, the SPF check is performed by Amavisd + SpamAssassin, it's after-queue.