Hey there,
we found an issue with the SPF-Check feature in OUR UTM version: 9.705-3.
The spf-Record for our domain is set correctly.
If I sent a message from a spoofed sender to one receiver in our organisation,
the mail is correctly rejected: Abgelehnt: SPF (SPF check failed).
But if I sent the same mail to two or more receivers (with the same domain) in our organisation,
only the mail to the first receiver is rejected and the second one gets delivered!
If I sent a message from a spoofed sender to two receivers (with different domains) in our organisation,
both mails gets delivered!
If I sent a message from a spoofed sender to multiple receivers (with different domains) in our organisation,
only the first mail per domain gets rejected and the rest gets delivered!
In short: Only the mail to the first receiver per domain gets SPF-checked and rejected.
For me this seems like a bug. Can anyone confim this behavior?
Chris
This thread was automatically locked due to age.
