Re: [PLUG] postfix spf rejection
On Sun, Jul 24, 2016 at 11:51:39AM -0700, wes wrote: > On Sun, Jul 24, 2016 at 9:52 AM, Michael Rasmussen > wrote: > > > > [snipped] > > > [blah blah blah...] > > > > In short, postfix's SPF checker is the only entity that associates > > 167.88.112.146 with cave.michaelsnet.us > > > > What is, or may be, causing this? > > > I don't have a solid answer for you, but I can add that I've seen a few > similar failures elsewhere recently. Your actual SPF record is as follows: > > $ host -t txt michaelrpdx.com > michaelrpdx.com TXT "v=spf1 mx a" > > Which instructs postfix to look up the mx record for michaelrpdx.com and > automatically authorize that host to send emails for that domain. This > relies on the second DNS lookup (the first being for the SPF record) to > succeed, which may not always be the case. I would advise adding the IP > address of the server to your SPF record. This has worked well for me in > the past in similar situations. And the a at the end asserts anything that matches A or records is acceptable too. Note: host -t mx michaelrpdx.com michaelrpdx.com mail is handled by 10 cave.michaelrpdx.com. I'll add the specific address records, but considering it's already valid I'm not hopeful. -- Michael Rasmussen, Portland Oregon Be Appropriate && Follow Your Curiosity A prohibitionist is the sort of man one wouldn't care to drink with - even if he drank. ~ H. L. Mencken ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] postfix spf rejection
On Sun, Jul 24, 2016 at 9:52 AM, Michael Rasmussen wrote: > Investigating an instance of SPF rejection by postfix. > > The postfix SPF module receiving mail for @michaelsnet.us is rejecting > email from @michaelrpdx.com > > Relevant log message: > Jul 24 09:36:58 rumpus postfix/smtpd[3844]: NOQUEUE: reject: RCPT from > cave.michaelrpdx.com[167.88.112.146]: 550 5.7.1 : > Recipient address rejected: Message > rejected due to: SPF fail - not authorized. Please see > http://www.openspf.net/Why?s=mfrom;id=mich...@michaelrpdx.com;ip=167.88.112.146;r=mich...@michaelsnet.us > ; > from= to= proto=ESMTP > helo= > Jul 24 09:36:59 rumpus postfix/smtpd[3844]: disconnect from > cave.michaelrpdx.com[167.88.112.146] > > [blah blah blah...] > In short, postfix's SPF checker is the only entity that associates > 167.88.112.146 with cave.michaelsnet.us > > Having beat my head against the wall attempting to resolve this I'm pretty > sure I'm missing something simple. > > What is, or may be, causing this? > > I don't have a solid answer for you, but I can add that I've seen a few similar failures elsewhere recently. Your actual SPF record is as follows: $ host -t txt michaelrpdx.com michaelrpdx.com TXT "v=spf1 mx a" Which instructs postfix to look up the mx record for michaelrpdx.com and automatically authorize that host to send emails for that domain. This relies on the second DNS lookup (the first being for the SPF record) to succeed, which may not always be the case. I would advise adding the IP address of the server to your SPF record. This has worked well for me in the past in similar situations. Hopefully someone else has better ideas. I'll be looking for them also. -wes ___ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug