Powered by Blogger.

Zimbra Tips : How To Enable SPF Checking for Incoming Connection

Usually, i am configure spf to my server for outgoing purpose. The spf records are defined in public dns use txt records. But, how to enable spf checking if there connection to my server?
The following is step by step how to enable spf checking for incoming connection.
You need to enable cbpolicyd as in the following guides : https://imanudin.net/2014/09/08/how-to-install-policyd-on-zimbra-8-5/. After enable policyd, please open policyd webui (http://IPZIMBRA:7780/webui/index.php) and create some groups, policy and spf.
# Create Groups
Select Policies | Groups. Select action and add groups. given name list_domain. On comment, you can empty or filled with comment. Select a group that has been made. On action, select members and fill with your domain. See the following example. make sure disabled status is no at groups or members groups

# Create Policy
Select Policies | Main. Add new policy and give name or information like the following picture. Then submit query

select new policy has been made and select members on action. Add member and fill on source/destination with group that has been made. See the following example
Above configuration only check spf if email connection come from external domain (Gmail, Yahoo and etc) to my internal domain. If email connection come from internal domain to internal domain, or internal domain to external domain, spf checking will be ignore/skip. make sure disabled status is no
# Create SPF Check
Select SPF Checks | Configure. Select Add on Action and configure like follow. Then Submit

Make sure disabled status is no. Enable policyd checkspf and restart policyd service
1.su - zimbra
2.zmprov ms `zmhostname` zimbraCBPolicydCheckSPFEnabled TRUE
3.zmcbpolicydctl restart
SPF checking for incoming connection has been enabled and configured. Please see zimbra.log if getting spf fail.
The following is example when getting spf fail
Mar 10 18:45:43 smtp postfix/smtpd[28068]: NOQUEUE: reject: RCPT from c117-167.nanaonet.jp[]: 554 5.7.1 <shaftssg@onet.pl>: Sender address rejected: Failed SPF check; Please see http://www.openspf.org/Why?s=mfrom;id=shaftssg%40onet.pl;ip=;r=smtp.imanudin.net; onet.pl, Sender is not authorized by default to use 'shaftssg@onet.pl' in 'mfrom' identity (mechanism '-all' matched); from=<shaftssg@onet.pl> to=<xxxx@imanudin.net> proto=ESMTP helo=<[]>
Good luck and hopefully useful 😀


Bản ghi SPF là gì?

Bản ghi SPF đảm bảo rằng các máy chủ mail từ xa sẽ chấp nhận email từ tên miền của bạn chỉ từ máy chủ của bạn. Điều này là rất quan trọng trong việc chống spam và giả mạo email.
Nó đặc biệt hữu ích để tạo ra một bản ghi SPF cho tên miền của bạn trong trường hợp bạn có vấn đề với những email hỏng  không thể gửi đi.
Bản ghi SPF trong DNS được thể hiện bằng loại giá trị TXT.
    Blogger Comment
    Facebook Comment