One of our clients is getting mail rejected from one of his customers. The sender's SPF record is:
v=spf1 +a +mx +ip4:12.34.56.78 ?all
The mail is not originating from 12.34.56.78, but AFAIU the '?all' means my mail server (postfix) should accept it. Is that correct?
Can I change my '/etc/postfix-policyd-spf-python/policyd-spf.conf' to make it accept these emails, and if so how?
Should I do this?
FWIW the message in py error log is:
Message rejected due to: access neither permitted nor denied.
Thanks in advance.
UPDATE:
My SPF policy was:
HELO_reject = SPF_Not_Pass
Mail_From_reject = Fail
The mail was being rejected at the HELO stage, which I've changed now to 'Fail'.
Best Answer
Yes, but not should, just intended
From here, you can see that
Neutral
meansThe SPF record specifies explicitly that nothing can be said about validity
But the default SPF policy from postfix is that:
means the postfix will reject HELO if SPF check not pass ( i.e Fail, Softfail, Hardfail...)
You can change postfix SPF policy to accept email even SPF check fail.