Username:
TITLE
SPF_FAIL for internally forwarded emails
PRODUCT, VERSION, OPERATING SYSTEM, ARCHITECTURE
Plesk Obsidian 18.0.46 Update #1
CentOS Linux 7.9.2009
x86-64
PROBLEM DESCRIPTION
When we switch on mail forwarding for an email address in Plesk and forward to another address on the same server, we always get an SPF_FAIL in SpamAssassin. Plesk correctly rewrites the envelope sender for forwarded emails (SRS) and the domain of the rewritten sender is correctly authorised to send email via that same server (SPF). So this shouldn't happen. Emails forwarded to addresses on an external server don't exhibit that problem.
So we think this is a problem related to the way Plesk forwards emails to internal addresses. SPF should work correctly even for internally forwarded emails. The bug leads to false SPF_FAILs which subsequently increase the probability of false positives for spam detection.
STEPS TO REPRODUCE
Switch on mail forwarding for an arbitrary email address A on a Plesk server. Enter a destination email address B that is on the same server, but has a different domain. Make sure the domain of the destination address B has SPF enabled and the server is authorised to send email for that domain. Now send an email C from a different server to A. That email is then forwarded to B by Plesk.
ACTUAL RESULT
Plesk correctly rewrites the envelope sender of C to an address in the domain of A (SRS) and forwards that email to B. But unfortunately that email erroneously fails the SPF check (SpamAssassin X-Spam-Status includes SPF_FAIL in the mail headers), although the server is authorised to send emails for the domain of A (SPF).
EXPECTED RESULT
The mail which is finally delivered to the mailbox of B should pass the SPF check because the server is authorised to send mails for the domain of A (which is the envelope sender after SRS).
ANY ADDITIONAL INFORMATION
The bug leads to false SPF_FAILs for internally forwarded emails which subsequently increase the probability of false positives for spam detection. So this should definitely be fixed.
Mail server is Postfix with Dovecot.
YOUR EXPECTATIONS FROM PLESK SERVICE TEAM
Confirm bug
TITLE
SPF_FAIL for internally forwarded emails
PRODUCT, VERSION, OPERATING SYSTEM, ARCHITECTURE
Plesk Obsidian 18.0.46 Update #1
CentOS Linux 7.9.2009
x86-64
PROBLEM DESCRIPTION
When we switch on mail forwarding for an email address in Plesk and forward to another address on the same server, we always get an SPF_FAIL in SpamAssassin. Plesk correctly rewrites the envelope sender for forwarded emails (SRS) and the domain of the rewritten sender is correctly authorised to send email via that same server (SPF). So this shouldn't happen. Emails forwarded to addresses on an external server don't exhibit that problem.
So we think this is a problem related to the way Plesk forwards emails to internal addresses. SPF should work correctly even for internally forwarded emails. The bug leads to false SPF_FAILs which subsequently increase the probability of false positives for spam detection.
STEPS TO REPRODUCE
Switch on mail forwarding for an arbitrary email address A on a Plesk server. Enter a destination email address B that is on the same server, but has a different domain. Make sure the domain of the destination address B has SPF enabled and the server is authorised to send email for that domain. Now send an email C from a different server to A. That email is then forwarded to B by Plesk.
ACTUAL RESULT
Plesk correctly rewrites the envelope sender of C to an address in the domain of A (SRS) and forwards that email to B. But unfortunately that email erroneously fails the SPF check (SpamAssassin X-Spam-Status includes SPF_FAIL in the mail headers), although the server is authorised to send emails for the domain of A (SPF).
EXPECTED RESULT
The mail which is finally delivered to the mailbox of B should pass the SPF check because the server is authorised to send mails for the domain of A (which is the envelope sender after SRS).
ANY ADDITIONAL INFORMATION
The bug leads to false SPF_FAILs for internally forwarded emails which subsequently increase the probability of false positives for spam detection. So this should definitely be fixed.
Mail server is Postfix with Dovecot.
YOUR EXPECTATIONS FROM PLESK SERVICE TEAM
Confirm bug