Article ID: 125728, created on Jun 3, 2015, last review on Jun 3, 2015

  • Applies to:
  • Plesk Automation 11.5

Symptoms

  1. The domain example.com has SPF record configured as: TXT example.com. v=spf1 +a +mx -all. The domain has DNS record like:

    example.com A 1.1.1.1
    mail.example.com MX 2.2.2.2
    mail.example.com A 3.3.3.3
    

    When spammer sends email from IP 4.4.4.4 to sender@example.com and spoofs the same address to the From field, the message is accepted by the mail server.

  2. Switch on SPF spam protection option is enabled under Postfix Mail Service node settings, but there are no records about SPF checks in /usr/local/psa/var/log/maillog on mail service node. Here is example of SPF check handler records:

    Feb 23 19:55:37 server spf filter[27099]: Starting spf filter...
    Feb 23 19:55:39 server spf filter[27099]: Error code: (2) Could not find a valid SPF record
    Feb 23 19:55:39 server spf filter[27099]: Failed to query MAIL-FROM: No DNS data for 'example.com'.
    Feb 23 19:55:39 server spf filter[27099]: SPF result: none
    

Cause

The behavior was considered as internal software issue with PPA-2319 "SPF rules not updated on postfix node" and it was fixed in PA 11.5 MU#11.

Resolution

In order to fix the issue please install update 11 as described in the article.

Search Words

SPF check

mail spoofing

TXT record do not stop spoofing

SPF header

prevent spoofing

recieved SPF header missing

33a70544d00d562bbc5b17762c4ed2b3 caea8340e2d186a540518d08602aa065 e0aff7830fa22f92062ee4db78133079

Email subscription for changes to this article
Save as PDF