OT, testing spf for incoming mail

Gregory Nowak greg at romuald.net.eu.org
Wed Mar 16 03:51:59 EDT 2011

Hash: SHA1

Hi folks,

I've installed postfix-policyd-spf-python, and want to test incoming
mail from a domain using spf, from a unauthorized machine. Everything
I've been able to find on the web tells you how to do the opposite
(test your DNS records). While I'll be getting to that, I want to make
sure the incoming mail part works first before I move on. So, I was
hoping someone could tell me how to test incoming mail first.

When I connected to my machine from a remote box, I tried:

helo www.example.com
mail From:<someone at gmail.com>
rcpt To:<greg at romuald.net.eu.org>

and my server accepts the message. The spf check tags it as
neutral. From what I understand, it should fail, since www.example.com
isn't authorized to send mail for gmail, and I wasn't connecting to my
server from gmail's outbound mail servers (no, I didn't spoof the ip
address). Am I correct on this point, or is my knowledge of spf
seriously messed up?

I've seen a pass result in my mail.log for a domain with spf records,
but I have yet to see a rejected message that wasn't sent where it
should be sent from. In case my config is the problem, I'm pasting my
policyd-spf.conf file below

- --- cut here ---

#  For a fully commented sample config file see

debugLevel = 1
defaultSeedOnly = 1

HELO_reject = SPF_Not_Pass
Mail_From_reject = Fail

PermError_reject = False
TempError_Defer = True

skip_addresses =,::ffff:,::1//128
- --- cut here ---

Thanks in advance for any help.


- -- 
web site: http://www.romuald.net.eu.org
gpg public key: http://www.romuald.net.eu.org/pubkey.asc
skype: gregn1
(authorization required, add me to your contacts list first)

- --
Free domains: http://www.eu.org/ or mail dns-manager at EU.org
Version: GnuPG v1.4.10 (GNU/Linux)


More information about the Speakup mailing list