SPF relayed through an anti-spam service question

Maknet Corp

Member
Jul 14, 2015
24
2
3
Canada
cPanel Access Level
Root Administrator
Can someone please shed some light on what this means?

I get the following error in the exim_mainlog:

2016-01-06 10:59:12 H=s30.spamh.com [66.135.37.10]:55726 I=[1.2.3.4]:25 X=TLSv1.2:DHE-RSA-AES256-GCM-SHA384:256 CV=no F=<[email protected]> rejected RCPT <[email protected]>: SPF: 66.135.37.10 is not allowed to send mail from sender.com

I'm thinking this means that the SENDER has set a hard-fail for the SPF. And since e-mail is sent from a 3rd party anti-spam filtering service, Cpanel is saying, "spamh.com's IP address isn't on the list so i'm hard-failing".

Is this correct? In which case, if any of our clients use a 3rd party filtering service, doesn't this mean we have to either WHITELIST their IP address or disable SPF checking?

It's not very reasonable to tell every potential sender to "change your SPF to a soft-fail". Or am I missing something?

Thanks,


Lawrence
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,909
2,227
463
Hello :)

Typically the person in control of the SPF record will add the host or IP address of the relay server to ensure SPF compliance. You can disable SPF checking on your server if you want to allow email from senders who have not completed that step.

Thank you.
 

Maknet Corp

Member
Jul 14, 2015
24
2
3
Canada
cPanel Access Level
Root Administrator
Hi Michael,

Thanks for the messages. After some more digging, I think adding spamh.com's IP addresses to the whitelist will fix the problem.

Your solution wouldn't be practical. @receiver is the one using the 3rd party anti-spam service.

So every time @sender1.com or @sender2.com sends an e-mail and it gets bounced, it is impractical for the RECEIVER to contact the SENDER and then tell them to update their SPF to include spamh.com's IP addresses (or A-records).

Hopefully this helps someone else. I'll post back if there's still issues or wouldn't mind any other suggestions. So far the 3 are:
1) Disable SPF checks on Cpanel
2) Add spamh's IP addresses to the whitelists
3) Tell the sender to update their SPF to include the spamh A-records.

Thanks.