Support Center > Search Results > SecureKnowledge Details
MTA Issues with SPF (Sender Policy Framework) Technical Level
Symptoms
  • Scenario A: [Anti-Spam is enabled & SPF is enabled] - Only in a cluster environment.
    Scenario B: [Anti-Spam is disabled & SPF is enabled] - In ALL environments;.
    In both scenarios, the mail is detected as SPAM even though the mail is not SPAM. See these screenshots:
  • Activating SPF when MTA is enabled affects the behavior of the Threat Prevention blades as follows:
    *) Threat Emulation blade:
    MTA produces a "Detect" action instead of a "Prevent" action in case of scanning a malicious file.
    **) Threat Extraction:
    Not Triggered at all.
Cause
Scenario A: Anti Spam is enabled and SPF is enabled - Only in cluster environment;

In a Cluster environment, the Sender IP that is sent to the Postfix is “127.0.0.1”. Because SPF depends on the Sender IP address & Domains, the SPF considers this email as “Suspected SPAM”, and creates a “Detect” log. In some cases, it blocks the email (depending on the configuration of the SPF in MX record).

The loopback address “127.0.0.1” behavior is related to the infrastructure of cluster environment with Anti Spam.
Solution
Note: To view this solution you need to Sign In .