Dan Herbon wrote:
Hello,
I currently have a qmail toaster server setup internally that I’m going
to migrate our company mail to. The domain setup on the new server is
newdomain.com. Our existing email server is an external Cpanel server at
webhost company. That domain is olddomain.com. I currently have a few
users that are setup internally on the new qmail server. Those users are
having all there mail forwarded from the external email server
([EMAIL PROTECTED]) to the new internal qmail server (newdomain.com).
Most emails are being properly forwarded but some important client mail
is bouncing when the mail is forwarded from the old email server to the
new email server. The following message is what the users are seeing
when the mail is bounced back:
------------------------------------
A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:
[EMAIL PROTECTED]
(ultimately generated from [EMAIL PROTECTED])
SMTP error from remote mail server after RCPT
TO:<[EMAIL PROTECTED]>:
host newmail.newdomain.com [72.*.*.*]: 550 See
_http://spf.pobox.com/why.html?sender=mnutter%40netbank.com&ip=66.111.111.111&receiver=newmail.newdomain.com
<http://spf.pobox.com/why.html?sender=mnutter%40netbank.com&ip=66.111.111.111&receiver=newmail.newdomain.com>_
(#5.7.1)
-------------------------------------
That webpage states at the top:
--------------------
*newmail.newdomain.com rejected a message claiming to be from
[EMAIL PROTECTED]
newmail.newdomain.com saw a message coming from the IP address
|66.111.111.111| which is |web10.******.com|; the sender claimed to be
|[EMAIL PROTECTED]|.
However, |bob.com| has announced using SPF <http://www.openspf.org> that
it does not send mail out through |66.111.111.111|. That is why the mail
was rejected.
--------------------
I don’t understand why this is happening for a select few domains. Any
help is appreciated. If you need anymore information please let me know.
I am trying to learn more about SPF as I go.
Thanks
This scenario happened to me too as I migrated my domain.
It was really tough to track down, as there's no log message generated
for these rejections (and I couldn't get the message returned to the
forwarding server).
The rejection only happens on email sent with SPF authentication. If the
message has no SPF authentication, it comes through. That's why it's
intermittent.
As an intermediate fix (can be removed once forwarding is done),
I added a line to /etc/tcprules.d/tcp.smtp for the forwarding
mailserver, specifying SPFBEHAVIOR="1", like such:
???.???.???.???:allow,BADMIMETYPE="",BADLOADERTYPE="M",CHKUSER_RCPTLIMIT="50",CHKUSER_WRONGRCPTLIMIT="10",QMAILQUEUE="/var/qmail/bin/simscan",SPFBEHAVIOR="1"
Then regenerate your cdb file with
# qmailctl cdb
That should get you going!
--
-Eric 'shubes'
---------------------------------------------------------------------
QmailToaster hosted by: VR Hosted <http://www.vr.org>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]