I have a mail server with Zimbra community and a few domains. I use cbpolicy for SPF control, quota and stuff. SPF controls are working successfully. However, when I disabled the SPF check for one of my domains, it worked correctly for emails from external domains, but failed to work correctly for internal email addresses. For example, when www.example1.com with SPF check turned off tries to send mail to www.example2.com with spf check on, '554 5.7.1 test@example: Sender address rejected: Failed SPF check; it returns error.
Can someone help me with getting this done correctly?
The webmail interface works as expected for both open and closed domains with SPF control. For e-mails coming from internal e-mail addresses and external e-mail addresses, SPF control works correctly as programmed, on or off. The above behavior only occurs when using POP or IMAP.
I was able to do it this way:
First, I created the uncheck-spf rule and set the priority to 1000. Then I wrote source as members and %internal_domain as destination. I created a group called internal_domain from the groups. I've added all my internal domains to this list. Then I added a new rule (uncheck-spf ) for spf checks. I connected this to the uncheck-spf rule I created before, usespf = yes and registered it as reject failed spf = no. When I tried it later, the rule worked as it should within a few minutes. The policyd-web-ui was very helpful while doing all this.
Maybe it will save other people's time.