InsideDarkWeb.com

postfix-policyd-spf-python - spoof protection - spf checks FAIL but no action taken - why?

I’ve installed postfix-policyd-spf-python and configured the postfix integration according to the docs.

This is my policyd-spf.conf config file:

debugLevel = 1 
TestOnly = 0

HELO_reject = SPF_Not_Pass
Mail_From_reject = Fail

PermError_reject = False
TempError_Defer = False

skip_addresses = 127.0.0.0/8,::ffff:127.0.0.0/104,::1

Incoming emails from foreign mail servers get checked and flagged correctly. But when I check for spoof protection, somehow the emails go through:

$ telnet mail.example.com 25

Connected to mail.example.com.
Escape character is '^]'.
220 mail.example.com ESMTP Postfix
helo asd.somedomain.com
250 mail.example.com
mail from: [email protected]
250 2.1.0 Ok
rcpt to: [email protected]
250 2.1.5 Ok
data
354 End data with <CR><LF>.<CR><LF>
from: "ME" <[email protected]>
to: "test" <[email protected]>
subject: test

asdasd klajsdlaksjd 

thanks!
.

250 2.0.0 Ok: queued as 8C9EC1260E1

In my view, this email should NOT be delivered.

Here’s the debugging output from postfix-policyd-spf-python:

policyd-spf[34414]: Found the end of entry
policyd-spf[34414]: Config: {'debugLevel': 5, 'HELO_reject': 'SPF_Not_Pass', 'Mail_From_reject': 'Fail', 'PermError_reject': 'False', 'TempError_Defer': 'False', 'skip_addresses': '127.0.0.0/8,::ffff:127.0.0.0/104,::1', 'TestOnly': 0, 'SPF_Enhanced_Status_Codes': 'Yes', 'Header_Type': 'SPF', 'Hide_Receiver': 'Yes', 'Authserv_Id': 'mail.example.com', 'Lookup_Time': 20, 'Whitelist_Lookup_Time': 10, 'Void_Limit': 2, 'Reason_Message': 'Message {rejectdefer} due to: {spf}. Please see {url}', 'No_Mail': False, 'Mock': False}
policyd-spf[34414]: Cached data for this instance: []

policyd-spf[34414]: skip_addresses enabled.

policyd-spf[34414]: _get_resultcodes: scope: helo, Reject_Not_Pass_Domains: None, helo_policy: SPF_Not_Pass, mfrom_policy: Fail
policyd-spf[34414]: Scope helo unused results: ['Pass', 'None', 'Temperror', 'Permerror']
policyd-spf[34414]: helo policy true results: actions: {'defer': [], 'reject': ['Fail', 'Softfail', 'Neutral'], 'prepend': ['Pass', 'None', 'Temperror', 'Permerror']} local {'local_helo': False, 'local_mfrom': False}
policyd-spf[34414]: spfcheck: pyspf result: "['None', '', 'helo']"
policyd-spf[34414]: None; identity=no SPF record; client-ip=xx.xx.xx.xx; helo=asd.somedomain.com; [email protected]; receiver=<UNKNOWN> 


policyd-spf[34414]: _get_resultcodes: scope: mfrom, Reject_Not_Pass_Domains: None, helo_policy: SPF_Not_Pass, mfrom_policy: Fail
policyd-spf[34414]: Scope mfrom unused results: ['Pass', 'None', 'Neutral', 'Softfail', 'Temperror', 'Permerror']
policyd-spf[34414]: mfrom policy true results: actions: {'defer': [], 'reject': ['Fail'], 'prepend': ['Pass', 'None', 'Neutral', 'Softfail', 'Temperror', 'Permerror']} local {'local_helo': False, 'local_mfrom': False}
policyd-spf[34414]: spfcheck: pyspf result: "['Fail', 'SPF fail - not authorized', 'mailfrom']"

policyd-spf[34414]: Fail; identity=mailfrom; client-ip=xx.xx.xx.xx; helo=asd.somedomain.com; [email protected]; receiver=<UNKNOWN> 


policyd-spf[34414]: Action: None: Text: None Reject action: 550 5.7.23

As we can see from the log files, the SPF check does return:

spfcheck: pyspf result: "['Fail', 'SPF fail - not authorized', 'mailfrom']"

however, the last line reads:

Action: None: Text: None Reject action: 550 5.7.23

Why is that? Why is the Action: None? In my view, the email should be rejected and not accepted by the server. What am I doing wrong?

Server Fault Asked by memyself on November 22, 2021

2 Answers

2 Answers

TestOnly = 1 setting doesnt stop mails that failed SPF check b/c its for testing purposes. For production mail server disable that option.

Your problem is probably b/c you are telnet-ing and checking from that same host which is allowed b/c of next option: skip_addresses = 127.0.0.0/8,::ffff:127.0.0.0/104,::1

Answered by Nikola Paskov on November 22, 2021

setting

TestOnly = 1

fixes the problem!

Answered by memyself on November 22, 2021

Add your own answers!

Related Questions

Problem with symbolic links in FTP client

4  Asked on November 15, 2020 by falcata

       

Fibre channel multipath

0  Asked on November 11, 2020 by kab00m

   

NGINX Dynamic Port proxy_pass

2  Asked on November 8, 2020 by fyroc

   

Printer not reachable in network

2  Asked on November 4, 2020 by andrea

       

Why are only 3 ip xfrm policies needed for a IPsec tunnel?

2  Asked on October 28, 2020 by dorian

   

Install more_set_headers in nginx 1.15.8

3  Asked on October 28, 2020 by curious-sam

         

Stop and prevent brute force attacks on Ubuntu 14.04

2  Asked on October 27, 2020 by joo-cerqueira

     

Virtual-kubelet install fail, missing file?

0  Asked on October 22, 2020 by l-minh-qun

 

Setup ssl on nginx for a django project

1  Asked on October 16, 2020 by mohammad-mahzoun

       

Nginx: How do I forward an HTTP request to another port?

4  Asked on October 13, 2020 by wooohaaaa

 

Where is IIS Manager for Remote Administration for Windows 10?

0  Asked on October 9, 2020 by soleil-mathieu-prvot

     

Ask a Question

Get help from others!

© 2021 InsideDarkWeb.com. All rights reserved.