Views:

Below are the actions on SPF test results:

  • Bypass - Postfix will not reject the email. It will add the header Received-SPF: PermError, TempError, Softfail, Pass…
  • Tempblock - Postfix rejects the email with 4xx error code. The 4xx error code is designed to instruct the sending server to try again at a later time to deliver its email.
  • Block - Postfix rejects the email with 5xx error. The 5xx SMTP errors indicate that an email could not be delivered due to a permanent problem. You should not retry sending email flagged with a 5xx error.

To resolve the issue, create a policy for "temperror" and "permerror". Below is the procedure how to create a policy to quarantine or tag SPF checking failed emails.

  1. Open the file /opt/trend/imss/postfix/etc/postfix/SPFPolicyd/config.ini.

    vi config.ini

  2. Change the action for temperror/permerror to bypass:

    [globals]
    temperror=bypass
    permerror=bypass

     
    When the action is set to bypass, Postfix will not reject the mail and instead, it will insert SPF checking result in the mail header. Therefore, we can create a policy to catch the failed mail.
  3. On the IMSVA console, create a policy.
    1. Create a policy on Policy > Policy List.

    2. On Scanning Conditions, tick the Header keyword expression checkbox.

    3. Create TempError keyword.

    4. Create PermError keyword.

    5. Follow the policy creation wizard and set the preferred action (e.g. Tag subject or Quarantine).
  4. Configure the smtpd_policy_service_timeout to "600".
    1. Open the main.cf file.

      vi main.cf

    2. Add the value of smtpd_policy_service_timeout at the bottom of the file.

      smtpd_policy_service_timeout=600s

    3. Reload the Postfix.

      service postfix reload

Keywords: temperror, permerror, imsva blocks email