SPF false positives when sending domain does not have a SPF record

  • 7024338
  • 12-Dec-2019
  • 12-Dec-2019


GWAVA (Secure Messaging Gateway) 7
Running on SLES 15 appliance


SPF is firing on domains that do not have a SPF record. When the SPF look up is done, it is detecting the SPF record for the domain that is set up on SMG. This causes the message to be blocked, since it is not from that server.


If SPF is firing on domains that do not have a SPF record and the smg-scanner log (located in /vastorage/smg/services/logs/smg-scanner<ID>) indicates that it detected the company's SPF record (that owns SMG), then do the following:

1) From a server prompt edit /etc/sysconfig/network/config by typing: vi /etc/sysconfig/network/config

2) Hit the insert key to edit it.

3) Scroll down the line that includes: NETCONFIG_DNS_STATIC_SEARCHLIST="exampledomain.com"

4) Remove the domain, so it looks like this: NETCONFIG_DNS_STATIC_SEARCHLIST=""

5) Hit the escape key and type: :wq

6) Type: netconfig update

Messages from domains without a SPF record should no longer fire on the domain's (that owns SMG and was removed above) SPF record.