Hello,
It seems that the SPF check is failing in some conditions. Specifically, I think it fails to validate local mail domains.
Here is the specifics:
I have a domain with a valid SPF record. That SPF record defines the list of IP addresses that can send mail on behalf of the domain and ends with "-all"
POP/IMAP mail is handled (as it should) by an internal mail server while all SMTP traffic is handled by Astaro (with the antispam option enabled).
Today, I got a "bounce" from the Astaro machine. It isn't really a bounce, just a spammer who tried to send a mail to webmaster@mydomain.com with a return address (and sender) of webmaster@mydomain.com.
That message was actually accepted by Astaro and relayed to the internal mail server (which rejected it).
Since the domain has a valid SPF record, since AStaro has SPF validation on and since the sender IP address isn't part of the allowed sender IP per the SPF, how come the bounce was generated at all ?
It seems that the SPF check is failing in some conditions. Specifically, I think it fails to validate local mail domains.
Here is the specifics:
I have a domain with a valid SPF record. That SPF record defines the list of IP addresses that can send mail on behalf of the domain and ends with "-all"
POP/IMAP mail is handled (as it should) by an internal mail server while all SMTP traffic is handled by Astaro (with the antispam option enabled).
Today, I got a "bounce" from the Astaro machine. It isn't really a bounce, just a spammer who tried to send a mail to webmaster@mydomain.com with a return address (and sender) of webmaster@mydomain.com.
That message was actually accepted by Astaro and relayed to the internal mail server (which rejected it).
Since the domain has a valid SPF record, since AStaro has SPF validation on and since the sender IP address isn't part of the allowed sender IP per the SPF, how come the bounce was generated at all ?