1

Topic: Skip SPF checks for email proxy

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 1.5.2
- Deployed with iRedMail Easy or the downloadable installer? installer
- Linux/BSD distribution name and version: Debian 11
- Store mail accounts in which backend (LDAP/MySQL/PGSQL):  MySQL
- Web server (Apache or Nginx): Nginx
- Manage mail accounts with iRedAdmin-Pro? Yes
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

Dear Zhang, dear forum members!


I would like to know how to instruct iRedMail, more specifically amavis, to skip SPF checks if email is coming from an internal host.
Background: We have an email spam filtering proxy in front of iRedMail. All mails from that machine are sourced from the proxies internal IP address which causes SPF to fail:


X-Spam-Status: No, score=3.891 tagged_above=-100 required=6.2
    tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
    DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FORGED_SPF_HELO=1,
    HTML_FONT_LOW_CONTRAST=0.001, HTML_MESSAGE=0.001, SPF_FAIL=5,
    SPF_HELO_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01]
    autolearn=no autolearn_force=no

I already added the internal IP to "mynetworks" of postfix and "MYNETWORKS" of iRedAPD with no success.

What is the best way to curcumvent the SPF verification for email coming from that specific host?

Thanks and best regards,
Bernhard

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: Skip SPF checks for email proxy

Try the spamassassin "trusted_networks" parameter:
https://spamassassin.apache.org/full/3. … _Conf.html

3

Re: Skip SPF checks for email proxy

ZhangHuangbin wrote:

Try the spamassassin "trusted_networks" parameter:
https://spamassassin.apache.org/full/3. … _Conf.html

Thank you, I'll give it a try!