Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

SPF Softfail From Client Ip

Discussion in 'E-mail Discussions' started by shortguymark, Jan 21, 2017.

Tags:
  1. shortguymark

    shortguymark Registered

    Joined:
    Jan 21, 2017
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Canada
    cPanel Access Level:
    Root Administrator
    I'm getting an spf softfail from google.

    spf=softfail (google.com: domain of transitioning me@domain.com does not designate 1.2.3.4 as permitted sender)

    Now, I fully understand that I can add 1.2.3.4 to the spf record and it should all work.

    The part I'm having trouble with is that 1.2.3.4 is my home isp IP address. If I take my laptop to a coffee shop, or office, etc - that IP changes.

    My cpanel server (and mail server) address is 10.11.12.13

    10.11.12.13 is currently in the spf record as valid sender:
    v=spf1 +a +mx +ip4:10.11.12.13 ~all

    Shouldn't the mail be coming from 10.11.12.13?

    My mail program is set to use my SMTP server for 10.11.12.13 - it's NOT using my ISP's mail server or anything. (using imap with smtp) I've added the account to both thunderbird and emMail in case I was configuring something wrong.

    I don't want to add all the internet IP's that i'm connecting with to the spf as I move around. I work a lot of different places.

    Is there a setting I'm missing somewhere, or a common configuration error on the server? I've spent a few hours researching, and I'm stumped.
     
  2. shortguymark

    shortguymark Registered

    Joined:
    Jan 21, 2017
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Canada
    cPanel Access Level:
    Root Administrator
    Just an update - I sent an email last night and it worked fine with gmail. The headers had the proper IP - then another email this morning and it wasn't working again. Nothing has changed. I really don't get it.

    I tested SPF with SPF test mail services and they all come up fine, showing the right IP and passing.

    Is this just something with Google? Is it just reading the sender IP instead of the server IP? rI can't be the only one seeing this?
     
  3. shortguymark

    shortguymark Registered

    Joined:
    Jan 21, 2017
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Canada
    cPanel Access Level:
    Root Administrator
    Another update:

    When sending directly to a gmail address it's fine. Passes the spf check.

    When sending to another email address on the server - which has a pop account in gmail to download for that account, it fails. So I'm thinking this may not be a big issue if just a localized problem.

    Here's the layout

    email "A" - an imap account i use from my desktop (email address created on my server)

    email "B" - a pop account that is set up to retrieve in gmail. (email address created on my server)

    email "C" - A regular gmail account. (gmail address)

    Sending from A to C works fine. It passes. Google is happy. No question mark.

    Sending from A to B (B is downloaded to gmail) fails. Google is confused. Question mark.

    I wonder if it doesn't send all the required headers or something because it's going from an email address in the server to another email address in the server? Or if the server has to pass SPF before sending to google or something?

    Any ideas?
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,658
    Likes Received:
    1,425
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    I believe the following option under the "Mail" tab in "WHM >> Exim Configuration Manager >> Basic Editor" should address this problem:

    Enable Sender Rewriting Scheme (SRS) Support

    This option rewrites sender addresses so that the email appears to come from the forwarding mail server. This allows forwarded email to pass an SPF check on the receiving server.

    Thank you.
     
    linux4me2 and EneTar like this.
  5. EneTar

    EneTar Well-Known Member

    Joined:
    Dec 19, 2015
    Messages:
    71
    Likes Received:
    2
    Trophy Points:
    8
    Location:
    Greece
    cPanel Access Level:
    Root Administrator
    I have exactly the same problem and I enabled Sender Rewriting Scheme (SRS) Support

    When someone from user1@mydomain.com sends to user2@mydomain.com while user1 uses desktop email client and user2 has setup a POP3 at gmail to receive his email then gmail outputs a softfail and the message goes to spam.

    Code:
    spf=softfail (google.com: domain of transitioning user1@mydomain.com does not designate 22.22.22.22 as permitted sender) smtp.mailfrom=user1@mydomain.com
    
    22.22.22.22 is the (changed by me) client address
    I can also provide detailed email headers of what I see if that helps and my settings of EXIM. Please let me know what is needed.

    Also in my EXIM configuration manager I have this (Not sure if it affects the above)
    Code:
    Send mail from account’s dedicated IP address  Off
    Reference /etc/mailhelo for outgoing SMTP HELO Off
    Reference /etc/mailips for outgoing SMTP connections Off
    The SPF record of mydomain.com is
    Code:
    "v=spf1 +a +mx +ip4:xx.xx.xx.xx +ip4:xy.xy.xy.xy ~all"
    Where xx... and xy are my server ips.
     
  6. EneTar

    EneTar Well-Known Member

    Joined:
    Dec 19, 2015
    Messages:
    71
    Likes Received:
    2
    Trophy Points:
    8
    Location:
    Greece
    cPanel Access Level:
    Root Administrator
    In the previous example the ip 22.22.22.22 is the IP of the user and it's not the same as xx.xx.xx.xx xy.xy.xy.xy.

    Should I switch Reference /etc/mailips for outgoing SMTP connections to on? Is there anything I should consider before doing so?
     
  7. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,658
    Likes Received:
    1,425
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    Could you open a support ticket using the link in my signature so we can take a closer look? You can post the ticket number here so we can update this thread with the outcome.

    Thank you.
     
  8. EneTar

    EneTar Well-Known Member

    Joined:
    Dec 19, 2015
    Messages:
    71
    Likes Received:
    2
    Trophy Points:
    8
    Location:
    Greece
    cPanel Access Level:
    Root Administrator
  9. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,658
    Likes Received:
    1,425
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    It's normal for the IP address of the individual sender to be included in the message header by the email client you are using to send the email. Gmail detecting this IP address and failing the SPF due to it's detection is discussed on the URL you referenced:

    Failed SPF for email imported to Gmail because of client IP instead of server's in message when sent through SMTP from one local box to another

    Setting up a custom "add_header" Exim rule is not tested, and unsupported. However, should you want to try using the value, you can browse to "WHM >> Exim Configuration Manager >> Advanced Editor" to make custom changes.

    Thank you.
     
Loading...

Share This Page