Sample Header Ad - 728x90

Postfix / SpamAssassin ignoring SPF entirely

0 votes
1 answer
1033 views
dns postfix spamassassin
I am currently getting a ton of email from "myself" and have been having a ton of difficulty filtering it. I have postfix configured to check SPF and (presumably) reject if it fails, and SpamAssassin has the SPF filter installed. But nothing is working. I can connect to postfix over telnet and plaintext a message from "myself" to myself without authentication and it just arrives in my inbox like it's supposed to be there. 
$ sudo -u spamd -H spamassassin -D --lint 2>&1 | grep SPF
May 24 10:12:04.282  dbg: diag: [...] module installed: Mail::SPF, version v2.008
May 24 10:12:04.289  dbg: plugin: loading Mail::SpamAssassin::Plugin::SPF from @INC
relevant bits of master.cf 
...
smtp      inet  n       -       n       -       -       smtpd -o content_filter=spamassassin
submission inet n       -       n       -       -       smtpd -o content_filter=spamassassin
smtps     inet  n       -       n       -       -       smtpd -o content_filter=spamassassin
policyd-spf unix - n n - - spawn user=nobody argv=/bin/python /usr/libexec/postfix/policyd-spf
spamassassin unix - n n - - pipe flags=R user=spamd argv=/usr/bin/spamc -e /usr/sbin/sendmail -oi -f ${sender} ${recipient}
...
Excerpt main.cf 
smtpd_recipient_restrictions =
    permit_sasl_authenticated,
    permit_mynetworks,
    check_policy_service unix:private/policyd-spf,
    reject_unauth_destination,
    reject_rhsbl_reverse_client dbl.spamhaus.org,
    reject_rhsbl_helo dbl.spamhaus.org,
    reject_rhsbl_sender dbl.spamhaus.org,
    reject_rbl_client zen.spamhaus.org
and I have the SPF defined in the txt records in my DNS (I relay all mail through mailjet due to network restrictions): example.com. 20020 IN TXT "v=spf1 include:spf.mailjet.com ?all" **Edit:** Per suggestion, I have updated my DNS, though the exact behavior still exists: example.com. 86400 IN TXT "v=spf1 include:spf.mailjet.com -all" **Edit 2:** I added a DMARC record to enforce quarantine on 100% of violations, and it's still not working: _DMARC.example.com. 86400 IN TXT "v=DMARC1; p=quarantine; rua=mailto:postmaster@example.com; ruf=mailto:dmarc-failures@example.com; fo=1; pct=100" and I've checked SPF and DMARC with mxtoolbox, and everything looks good. but Postfix just passes the mail right on through, and SA tacks on SPF_NEUTRAL in the header. So......... how do I make this work? How can I prevent this garbage email from coming through? Edit: I don't care if SA or Postfix blocks it, I just don't want it in my inbox. I think I may have mixed up trying to integrate both blocking and that's why it's not working? Or did I misconfigure my DNS? **Edit 3:** According to Method 2 here: https://serverfault.com/questions/905591/receiving-spam-from-my-own-email-address-postfix this should be working? (This question is older and uses the perl module, whereas I'm using the newer python module, but I implemented it the same way.)
Asked by Chris (574 rep)
May 24, 2019, 02:26 PM
Last activity: Feb 6, 2020, 10:29 AM
Sidebar Ad - 300x250
Related Questions

Browse more questions from Unix & Linux Stack Exchange

More questions tagged "dns"
More questions tagged "postfix"
More questions tagged "spamassassin"
Footer Ad - 728x90