Alvaro Marín wrote:
Hello,
I'm having problems using whitelist_from_spf to whitelist a domain.
no, the sender is having problems using spf :-(
orange.es publishes this as their spf records:
host -t txt orange.es
orange.es descriptive text "v=spf1 mx a:spf.orange.es
ip4:213.143.52.0/24 -all"
this email APPEARS to come from ip:
62.36.20.210
which does NOT match the above.
so, spf fails. according to orange.es, that email did not originate
from their approved servers.
spf did what it was programmed to do. prevent 'forgeries'.
Now, you say, wait, that isn't a forgery. yes it it... according to spf
records it is.
you need to check with orange.es, ask if that ip is really one of there
ip's, or check with sender, find out why they are violating the spf
records.
hint: your answer is already in your email:
result: fail, comment: Please see
http://www.openspf.org/Why?s=mfrom;id=xxx%40orange.es;ip=62.36.20.210;r=relay09.dns-servicios.com,
text: Mechanism '-all' matched
So, which is the purpose of this whitelist feature? If the SPF check fails,
it can't do whitelist?
the purpose is to whitelist email addresses that pass spf checks.
Thanks!
Regards,
--
Michael Scheidell, CTO
Phone: 561-999-5000, x 1259
> *| *SECNAP Network Security Corporation
* Certified SNORT Integrator
* 2008-9 Hot Company Award Winner, World Executive Alliance
* Five-Star Partner Program 2009, VARBusiness
* Best Anti-Spam Product 2008, Network Products Guide
* King of Spam Filters, SC Magazine 2008
_________________________________________________________________________
This email has been scanned and certified safe by SpammerTrap(r).
For Information please see http://www.secnap.com/products/spammertrap/
_________________________________________________________________________