[pfx] Re: spf and Permerror

Thu, 27 Jun 2024 07:09:12 -0700 

On 27.06.24 15:30, natan via Postfix-users wrote:
I have a strange problem with SPF and I honestly don't know what to pay attention to 

What is a Permerror in SPF
In log i get:


Jun 27 15:09:11 MX policyd-spf[57158]: prepend Received-SPF: Permerror 
(mailfrom) identity=mailfrom; client-ip=84.205.190.72; 
helo=h2.3hosting.pl; envelope-from=gp.szkole...@domain.pl; 
receiver=<UNKNOWN>



This means that IP address 84.205.190.72 tried to send mail from 
gp.szkole...@domain.pl, but the domain.pl admins don't allow their mail 
being send from IP 84.205.190.72



Jun 27 15:09:13 MX policyd-spf[1628]: prepend Received-SPF: Permerror 
(mailfrom) identity=mailfrom; client-ip=40.107.222.124; 
helo=ind01-max-obe.outbound.protection.outlook.com; 
envelope-from=et...@domain2.com; receiver=<UNKNOWN>



If you really want to hide original addresses, you should use reserved 
domain names like example.com, example.net, example.org or .example

- don't make random domain names.


HELO_reject = False
Mail_From_reject = Fail

PermError_reject = False




TempError_Defer = False

skip_addresses = 127.0.0.0/8,::ffff:127.0.0.0/104,::1,
...
Permerror:

 False - Treat PermError the same as no SPF record at all. This is 
consistet with the pre-RFC usage (the pre-RFC name for this error was 
"Unknown").



what could be the reason for this? DNS error/no response? Wrong SPF 
record ? What else?


dns error causes temperror, not permerror.
No answer should mean no SPF Record at all.


Permerror means you got the answer and the sender IP is not allowed for a 
domain.



What you propouse to set in PermError_reject ?


if you want to envorce SPF, set it to true.


Note that there are mails that fail SPF but still pass DMARC test, you may 
want those. rejecting at DMARC level looks safer alternative.


--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Support bacteria - they're the only culture some people have.
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org






















					Reply via email to