Unable to set Exception to SPF Check

Support General Configuration
1

Hello All,
first of all I apologize in advance in case I’m asking something already discussed or documented, I couldn’t find the answer I need tough I’ve looked for that.
I’m having difficulties to create an exception to the SPF check.
I need to allow Local Delivery for email received from a know IP address which cannot be added to the SPF record.
I have created a Rule in “Advanced Acceptance / Routing Rules > Advanced Settings” matching the source IP and setting multiple actions, but none of them works.
I have tried:
Set SPF Result: Pass
SMTP Action: Accept
Local Delivery: Allow Delivery for Local Users
Authenticate Mail From: Disabled
Nevertheless I keep getting inbound emails from that IP rejected for SPF failure.
550 SPF check failed for with result : <>
Set mail state to REMOVED
QUIT
The rule seems matching as I can see related actions added to log however I don’t know how to set it correctly to achieve this.
Set SPF result to pass
Set smtp action to ACCEPT
Set smtp explanation to [Known-IP Rule]
AuthMatchFrom is disabled
Set local delivery to all

I would appreciate any help you can provide.

Many thanks in advance.
Kind regards.

SMTP-In Log showing the above (client/server names and IP address have been anonymized)

2021-12-29 10:14:08 +0100 08 server SMTP-IN:0002D668: [xxx.xxx.xxx.xxx:25] connection accepted from [yyy.yyy.yyy.yyy:55368]
2021-12-29 10:14:08 +0100 08 server SMTP-IN:0002D668: Set smtp greeting to [server.1stld.tld ESMTP listening]
2021-12-29 10:14:08 +0100 16 server SMTP-IN:0002D668: >> 220 server.1stld.tld ESMTP listening
2021-12-29 10:14:08 +0100 16 server SMTP-IN:0002D668: << HELO sendinghost
2021-12-29 10:14:08 +0100 08 server SMTP-IN:0002D668: Set SPF result to pass
2021-12-29 10:14:08 +0100 08 server SMTP-IN:0002D668: Set smtp action to ACCEPT
2021-12-29 10:14:08 +0100 08 server SMTP-IN:0002D668: Set smtp explanation to [Known-IP Rule]
2021-12-29 10:14:08 +0100 08 server SMTP-IN:0002D668: AuthMatchFrom is disabled
2021-12-29 10:14:08 +0100 08 server SMTP-IN:0002D668: Set local delivery to all
2021-12-29 10:14:08 +0100 08 server SMTP-IN:0002D668: Greylist enabled
2021-12-29 10:14:08 +0100 08 server SMTP-IN:0002D668: Set max data size to 2097151 KB
2021-12-29 10:14:08 +0100 08 server SMTP-IN:0002D668: Set max received headers to 30
2021-12-29 10:14:08 +0100 08 server SMTP-IN:0002D668: Maximum recipient count set to 1000
2021-12-29 10:14:08 +0100 08 server SMTP-IN:0002D668: Wait for processing response at least 10 seconds
2021-12-29 10:14:08 +0100 08 server SMTP-IN:0002D668: STARTTLS extension allowed
2021-12-29 10:14:08 +0100 08 server SMTP-IN:0002D668: 8BIT MIME accepted
2021-12-29 10:14:08 +0100 08 server SMTP-IN:0002D668: BINARY DATA extension allowed
2021-12-29 10:14:08 +0100 08 server SMTP-IN:0002D668: PIPELINING extension allowed
2021-12-29 10:14:08 +0100 08 server SMTP-IN:0002D668: DSN extension denied
2021-12-29 10:14:08 +0100 08 server SMTP-IN:0002D668: Set local delivery to all
2021-12-29 10:14:08 +0100 16 server SMTP-IN:0002D668: >> 250 server Axigen ESMTP hello
2021-12-29 10:14:08 +0100 16 server SMTP-IN:0002D668: << MAIL FROM:<address@domain.tld>
2021-12-29 10:14:08 +0100 08 server SMTP-IN:0002D668: Created new queue item with id 0035671A
2021-12-29 10:14:08 +0100 08 server SMTP-IN:0002D668: SPF result for MAIL FROM <address@domain.tld@domain.tld> issued from EHLO domain <sendinghost> connected from <yyy.yyy.yyy.yyy>: Fail (spfHeader = 'fail (domain.tld: domain of address@domain.tld does not designate yyy.yyy.yyy.yyy as permitted sender) client-ip=yyy.yyy.yyy.yyy; envelope-from=address@domain.tld; mechanism=default; identity=mailfrom; receiver=server;'; spfExplanation = 'null')
2021-12-29 10:14:08 +0100 08 server SMTP-IN:0002D668: Set smtp action to REJECT
2021-12-29 10:14:08 +0100 08 server SMTP-IN:0002D668: Set smtp explanation to [SPF check failed for <sendinghost> with result <Fail>: <>]
2021-12-29 10:14:08 +0100 16 server SMTP-IN:0002D668: >> 550 SPF check failed for <sendinghost> with result <Fail>: <>
2021-12-29 10:14:08 +0100 08 server SMTP-IN:0002D668: Set mail state to REMOVED
2021-12-29 10:14:09 +0100 16 server SMTP-IN:0002D668: << QUIT
2021-12-29 10:14:09 +0100 16 server SMTP-IN:0002D668: >> 221-server Axigen ESMTP is closing connection
2021-12-29 10:14:09 +0100 16 server SMTP-IN:0002D668: >> 221 Good bye
2021-12-29 10:14:09 +0100 08 server SMTP-IN:0002D668: closing session from [yyy.yyy.yyy.yyy:55368]
2

Hi All,
I’m still looking for a solution to this problem.
Does someone have any idea about how to set this up properly ?

Many thanks,
Kind regards.

3

Hello,

It is simple: SPF is evaluated at onMailFrom event so you should configure this type of exception taking care to set it accordingly.

Thus the rule should be like the following one below (replace domain.tld with the domain for which SPF could not be configured with the desired IP address - marked below with 1.2.3.4):

image
image2336×1973 306 KB

Please let us know if this setup works for you.

HTH,
Ioan