The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

SPF relayed through an anti-spam service question

Discussion in 'E-mail Discussions' started by Maknet Corp, Jan 6, 2016.

  1. Maknet Corp

    Maknet Corp Member

    Joined:
    Jul 14, 2015
    Messages:
    22
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    Canada
    cPanel Access Level:
    Root Administrator
    Can someone please shed some light on what this means?

    I get the following error in the exim_mainlog:

    2016-01-06 10:59:12 H=s30.spamh.com [66.135.37.10]:55726 I=[1.2.3.4]:25 X=TLSv1.2:DHE-RSA-AES256-GCM-SHA384:256 CV=no F=<sender@sender.com> rejected RCPT <receiver@receiver.com>: SPF: 66.135.37.10 is not allowed to send mail from sender.com

    I'm thinking this means that the SENDER has set a hard-fail for the SPF. And since e-mail is sent from a 3rd party anti-spam filtering service, Cpanel is saying, "spamh.com's IP address isn't on the list so i'm hard-failing".

    Is this correct? In which case, if any of our clients use a 3rd party filtering service, doesn't this mean we have to either WHITELIST their IP address or disable SPF checking?

    It's not very reasonable to tell every potential sender to "change your SPF to a soft-fail". Or am I missing something?

    Thanks,


    Lawrence
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,762
    Likes Received:
    662
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    Typically the person in control of the SPF record will add the host or IP address of the relay server to ensure SPF compliance. You can disable SPF checking on your server if you want to allow email from senders who have not completed that step.

    Thank you.
     
  3. Maknet Corp

    Maknet Corp Member

    Joined:
    Jul 14, 2015
    Messages:
    22
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    Canada
    cPanel Access Level:
    Root Administrator
    Hi Michael,

    Thanks for the messages. After some more digging, I think adding spamh.com's IP addresses to the whitelist will fix the problem.

    Your solution wouldn't be practical. @receiver is the one using the 3rd party anti-spam service.

    So every time @sender1.com or @sender2.com sends an e-mail and it gets bounced, it is impractical for the RECEIVER to contact the SENDER and then tell them to update their SPF to include spamh.com's IP addresses (or A-records).

    Hopefully this helps someone else. I'll post back if there's still issues or wouldn't mind any other suggestions. So far the 3 are:
    1) Disable SPF checks on Cpanel
    2) Add spamh's IP addresses to the whitelists
    3) Tell the sender to update their SPF to include the spamh A-records.

    Thanks.
     
Loading...

Share This Page