7th August 2013
SPF is nice for protecting your mail server from spam, but sometimes there is a need to bypass SPF checking. For example, if you rely on 3rd party servers to do spam protection for you
- MX records point to the spam protection mail servers, which then
- connect to my server and deliver (hopefully spam-free) mail.
Problem: some senders (like last.fm) do have proper, strict SPF records. Tumgreyspf on my server then rejects emails relayed through the spam-protection service.
If these spam protection relay servers are the only which send mail to your server, then it makes sense to fully disable/uninstall tumgreyspf. Putting tumgreyspf into the permanent “learning mode” (set
defaultSeedOnly = 1 in
/etc/tumgreyspf/tumgreyspf.conf) may not fix the SPF problem described above, as SeedOnly seems to only affect greylisting, and not rejecting unauthorized senders.
Solution: whitelist relay server IPs.
- For each of the IPs you want to whitelist, create a directory tree under
/var/lib/tumgreyspf/config/client_address. Here is a copy-pasteable example for MXGuardDog, based on their list of server IPs, valid as of August 2013:
mkdir -p /var/lib/tumgreyspf/config/client_address/108/166/117
mkdir -p /var/lib/tumgreyspf/config/client_address/174/129/28
mkdir -p /var/lib/tumgreyspf/config/client_address/216/58/39
mkdir -p /var/lib/tumgreyspf/config/client_address/222/229/219
mkdir -p /var/lib/tumgreyspf/config/client_address/64/15/147
mkdir -p /var/lib/tumgreyspf/config/client_address/66/85/178
- Into each of these IP range-specific directories, put a config file, which disables checks (or symlink one). First, create
/etc/tumgreyspf/disable.confwith the following lines in it:
SPFSEEDONLY = 0
GREYLISTTIME = 600
It is just like the
default.conf, but has empty
Now, symlink it into each of the IP range directories:
ln -s /etc/tumgreyspf/disable.conf /var/lib/tumgreyspf/config/client_address/108/166/117/__default__
ln -s /etc/tumgreyspf/disable.conf /var/lib/tumgreyspf/config/client_address/174/129/28/__default__
ln -s /etc/tumgreyspf/disable.conf /var/lib/tumgreyspf/config/client_address/216/58/39/__default__
ln -s /etc/tumgreyspf/disable.conf /var/lib/tumgreyspf/config/client_address/222/229/219/__default__
ln -s /etc/tumgreyspf/disable.conf /var/lib/tumgreyspf/config/client_address/64/15/147/__default__
ln -s /etc/tumgreyspf/disable.conf /var/lib/tumgreyspf/config/client_address/66/85/178/__default__
Note the double-underscores to the left and right of