Re: Postfix error 450 4.7.1 Sender address rejected: Access denied
Can anyone clue me in on what configuration issue might be causing
this and whose configuration it is, mine or theirs?
postfix-p25/smtpd[18149]: NOQUEUE: reject: RCPT from
smout-245174.nsmailserv.com[202.162.245.174]: 450 4.7.1
: Sender address rejected: Access denied;
from= to=
proto=ESMTP helo=
# postconf -n
alias_maps = hash:/etc/aliases
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
ddd $daemon_directory/$process_name $process_id & sleep 5
delay_warning_time = 30m
disable_vrfy_command = yes
header_checks = regexp:/etc/postfix/header_checks.regexp
home_mailbox = Maildir/
html_directory = no
ignore_mx_lookup_error = no
inet_interfaces = localhost, inet08.hamilton.harte-lyne.ca
inet_protocols = all
local_transport = smtp
mail_spool_directory = /var/spool/mail
mailman_destination_recipient_limit = 1
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
message_size_limit = 2048
milter_default_action = accept
milter_protocol = 2
mydestination =
mynetworks = 216.185.71.0/26, 127.0.0.0/8
newaliases_path = /usr/bin/newaliases.postfix
non_smtpd_milters = $smtpd_milters
policyd-spf_time_limit = 3600
queue_minfree = 4096
rbl_reply_maps = hash:/etc/postfix/rbl_reply
readme_directory = /usr/share/doc/postfix-2.11.1/README_FILES
recipient_delimiter = +
relay_clientcerts = hash:/etc/postfix/relay_clientcerts
relay_domains = hash:/etc/postfix/relay_domains
sample_directory = /usr/share/doc/postfix-2.11.1/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtp_dns_support_level = dnssec
smtp_host_lookup = dns
smtp_tls_CAfile = /etc/pki/tls/certs/ca-bundle.crt
smtp_tls_cert_file = /etc/pki/tls/certs/ca.harte-lyne.smtp.crt
smtp_tls_ciphers = medium
smtp_tls_exclude_ciphers = MD5, aDSS, SRP, PSK, aECDH, aDH, SEED,
IDEA, RC2, RC5
smtp_tls_key_file = /etc/pki/tls/private/ca.harte-lyne.smtp.key
smtp_tls_protocols = !SSLv2, !SSLv3
smtp_tls_security_level = dane
smtp_tls_session_cache_database = btree:/var/lib/postfix/smtp_scache
smtp_tls_session_cache_timeout = 3600s
smtpd_client_restrictions = permit
smtpd_data_restrictions = permit_mynetworks,
reject_multi_recipient_bounce, reject_unauth_pipelining, permit
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks, check_helo_access
pcre:/etc/postfix/helo_checks.pcre, reject_non_fqdn_helo_hostname,
reject_unknown_helo_hostname, permit
smtpd_milters = inet:127.0.0.1:8891
smtpd_proxy_timeout = 300s
smtpd_recipient_restrictions = reject_non_fqdn_recipient,
reject_unknown_recipient_domain, permit_mynetworks,
permit_sasl_authenticated, reject_unauth_destination,
reject_unauth_pipelining, check_policy_service
unix:/var/spool/postfix/postgrey/socket, check_policy_service
unix:private/policyd-spf, permit
smtpd_relay_restrictions = permit_mynetworks,
permit_sasl_authenticated, defer_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = smtpd
smtpd_sender_restrictions = permit_mynetworks, check_sender_access
hash:/etc/postfix/sender_access, check_sender_mx_access
hash:/etc/postfix/sender_mx_access, check_sender_ns_access
hash:/etc/postfix/sender_ns_access, permit_sasl_authenticated,
reject_non_fqdn_sender, reject_unknown_sender_domain, permit
smtpd_starttls_timeout = ${stress?10}${stress:120}s
smtpd_timeout = ${stress?10}${stress:120}s
smtpd_tls_CAfile = /etc/pki/tls/certs/ca-bundle.crt
smtpd_tls_ask_ccert = yes
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/pki/tls/certs/ca.harte-lyne.smtpd.crt
smtpd_tls_ciphers = medium
smtpd_tls_dh1024_param_file = ${config_directory}/dh2048.pem
smtpd_tls_fingerprint_digest = sha1
smtpd_tls_key_file = /etc/pki/tls/private/ca.harte-lyne.smtpd.key
smtpd_tls_protocols = !SSLv2, !SSLv3
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_scache
smtpd_tls_session_cache_timeout = 3600s
soft_bounce = no
strict_rfc821_envelopes = yes
tls_random_source = dev:/dev/urandom
transport_maps = hash:/etc/postfix/transport
unknown_local_recipient_reject_code = 550
virtual_alias_maps = hash:/etc/postfix/virtual,
regexp:/etc/postfix/virtual.regexp
--
*** e-Mail is NOT a SECURE channel ***
Do NOT transmit sensitive data via e-Mail
Do NOT open attachments nor follow links sent by e-Mail
James B. Byrnemailto:byrn...@harte-lyne.ca
Harte & Lyne Limited http://www.harte-lyne.ca
9 Brockley Drive vox: +1 905 561 1241
Hamilton, Ontario fax: +1 905 561 0757
Canada L8E 3C3
Re: Postfix error 450 4.7.1 Sender address rejected: Access denied
On Thu, May 5, 2016 11:34, James B. Byrne wrote: > Can anyone clue me in on what configuration issue might be causing > this and whose configuration it is, mine or theirs? > > postfix-p25/smtpd[18149]: NOQUEUE: reject: RCPT from > smout-245174.nsmailserv.com[202.162.245.174]: 450 4.7.1 > : Sender address rejected: Access denied; > from= to= > proto=ESMTP helo= > > I discovered this issue in their DNS with respect to SPF: ;; ANSWER SECTION: lymanworldwide.com. 1800IN TXT "v=spf1 include:netcore.co.in -all" lymanworldwide.com. 1800IN TXT "v=spf1 include:spf.protection.outlook.com -all" But it does not appear to me that the connection is getting to the point where SPF is considered. -- *** e-Mail is NOT a SECURE channel *** Do NOT transmit sensitive data via e-Mail Do NOT open attachments nor follow links sent by e-Mail James B. Byrnemailto:byrn...@harte-lyne.ca Harte & Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3
Re: Postfix error 450 4.7.1 Sender address rejected: Access denied
On Thu, May 5, 2016 12:01, Gao wrote: > try use "~all" instead of "-all" in your SPF txt record. > We are not the sender. We are the recipient. Our SPF record does not bear on this issue insofar as I can see. In any case, our SPF TXT RR already includes ~all, not -all. -- *** e-Mail is NOT a SECURE channel *** Do NOT transmit sensitive data via e-Mail Do NOT open attachments nor follow links sent by e-Mail James B. Byrnemailto:byrn...@harte-lyne.ca Harte & Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3
Re: Postfix error 450 4.7.1 Sender address rejected: Access denied
try use "~all" instead of "-all" in your SPF txt record. On 16-05-05 08:57 AM, James B. Byrne wrote: On Thu, May 5, 2016 11:34, James B. Byrne wrote: Can anyone clue me in on what configuration issue might be causing this and whose configuration it is, mine or theirs? postfix-p25/smtpd[18149]: NOQUEUE: reject: RCPT from smout-245174.nsmailserv.com[202.162.245.174]: 450 4.7.1 : Sender address rejected: Access denied; from= to= proto=ESMTP helo= I discovered this issue in their DNS with respect to SPF: ;; ANSWER SECTION: lymanworldwide.com. 1800IN TXT "v=spf1 include:netcore.co.in -all" lymanworldwide.com. 1800IN TXT "v=spf1 include:spf.protection.outlook.com -all" But it does not appear to me that the connection is getting to the point where SPF is considered.
Re: Postfix error 450 4.7.1 Sender address rejected: Access denied
Am 5. Mai 2016 17:34:36 MESZ, schrieb "James B. Byrne" :
>Can anyone clue me in on what configuration issue might be causing
>this and whose configuration it is, mine or theirs?
>
>postfix-p25/smtpd[18149]: NOQUEUE: reject: RCPT from
>smout-245174.nsmailserv.com[202.162.245.174]: 450 4.7.1
>: Sender address rejected: Access denied;
>from= to=
>proto=ESMTP helo=
>
>
># postconf -n
>alias_maps = hash:/etc/aliases
>broken_sasl_auth_clients = yes
>command_directory = /usr/sbin
>config_directory = /etc/postfix
>content_filter = smtp-amavis:[127.0.0.1]:10024
>daemon_directory = /usr/libexec/postfix
>data_directory = /var/lib/postfix
>debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
>ddd $daemon_directory/$process_name $process_id & sleep 5
>delay_warning_time = 30m
>disable_vrfy_command = yes
>header_checks = regexp:/etc/postfix/header_checks.regexp
>home_mailbox = Maildir/
>html_directory = no
>ignore_mx_lookup_error = no
>inet_interfaces = localhost, inet08.hamilton.harte-lyne.ca
>inet_protocols = all
>local_transport = smtp
>mail_spool_directory = /var/spool/mail
>mailman_destination_recipient_limit = 1
>mailq_path = /usr/bin/mailq.postfix
>manpage_directory = /usr/share/man
>message_size_limit = 2048
>milter_default_action = accept
>milter_protocol = 2
>mydestination =
>mynetworks = 216.185.71.0/26, 127.0.0.0/8
>newaliases_path = /usr/bin/newaliases.postfix
>non_smtpd_milters = $smtpd_milters
>policyd-spf_time_limit = 3600
>queue_minfree = 4096
>rbl_reply_maps = hash:/etc/postfix/rbl_reply
>readme_directory = /usr/share/doc/postfix-2.11.1/README_FILES
>recipient_delimiter = +
>relay_clientcerts = hash:/etc/postfix/relay_clientcerts
>relay_domains = hash:/etc/postfix/relay_domains
>sample_directory = /usr/share/doc/postfix-2.11.1/samples
>sendmail_path = /usr/sbin/sendmail.postfix
>setgid_group = postdrop
>smtp_dns_support_level = dnssec
>smtp_host_lookup = dns
>smtp_tls_CAfile = /etc/pki/tls/certs/ca-bundle.crt
>smtp_tls_cert_file = /etc/pki/tls/certs/ca.harte-lyne.smtp.crt
>smtp_tls_ciphers = medium
>smtp_tls_exclude_ciphers = MD5, aDSS, SRP, PSK, aECDH, aDH, SEED,
>IDEA, RC2, RC5
>smtp_tls_key_file = /etc/pki/tls/private/ca.harte-lyne.smtp.key
>smtp_tls_protocols = !SSLv2, !SSLv3
>smtp_tls_security_level = dane
>smtp_tls_session_cache_database = btree:/var/lib/postfix/smtp_scache
>smtp_tls_session_cache_timeout = 3600s
>smtpd_client_restrictions = permit
>smtpd_data_restrictions = permit_mynetworks,
>reject_multi_recipient_bounce, reject_unauth_pipelining, permit
>smtpd_helo_required = yes
>smtpd_helo_restrictions = permit_mynetworks, check_helo_access
>pcre:/etc/postfix/helo_checks.pcre, reject_non_fqdn_helo_hostname,
>reject_unknown_helo_hostname, permit
>smtpd_milters = inet:127.0.0.1:8891
>smtpd_proxy_timeout = 300s
>smtpd_recipient_restrictions = reject_non_fqdn_recipient,
>reject_unknown_recipient_domain, permit_mynetworks,
>permit_sasl_authenticated, reject_unauth_destination,
>reject_unauth_pipelining, check_policy_service
>unix:/var/spool/postfix/postgrey/socket, check_policy_service
>unix:private/policyd-spf, permit
>smtpd_relay_restrictions = permit_mynetworks,
>permit_sasl_authenticated, defer_unauth_destination
>smtpd_sasl_auth_enable = yes
>smtpd_sasl_path = smtpd
>smtpd_sender_restrictions = permit_mynetworks, check_sender_access
>hash:/etc/postfix/sender_access, check_sender_mx_access
>hash:/etc/postfix/sender_mx_access, check_sender_ns_access
>hash:/etc/postfix/sender_ns_access, permit_sasl_authenticated,
>reject_non_fqdn_sender, reject_unknown_sender_domain, permit
Whats in these files?
>smtpd_starttls_timeout = ${stress?10}${stress:120}s
>smtpd_timeout = ${stress?10}${stress:120}s
>smtpd_tls_CAfile = /etc/pki/tls/certs/ca-bundle.crt
>smtpd_tls_ask_ccert = yes
>smtpd_tls_auth_only = yes
>smtpd_tls_cert_file = /etc/pki/tls/certs/ca.harte-lyne.smtpd.crt
>smtpd_tls_ciphers = medium
>smtpd_tls_dh1024_param_file = ${config_directory}/dh2048.pem
>smtpd_tls_fingerprint_digest = sha1
>smtpd_tls_key_file = /etc/pki/tls/private/ca.harte-lyne.smtpd.key
>smtpd_tls_protocols = !SSLv2, !SSLv3
>smtpd_tls_received_header = yes
>smtpd_tls_security_level = may
>smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_scache
>smtpd_tls_session_cache_timeout = 3600s
>soft_bounce = no
>strict_rfc821_envelopes = yes
>tls_random_source = dev:/dev/urandom
>transport_maps = hash:/etc/postfix/transport
>unknown_local_recipient_reject_code = 550
>virtual_alias_maps = hash:/etc/postfix/virtual,
>regexp:/etc/postfix/virtual.regexp
Re: Postfix error 450 4.7.1 Sender address rejected: Access denied
On 5/5/2016 10:34 AM, James B. Byrne wrote: > Can anyone clue me in on what configuration issue might be causing > this and whose configuration it is, mine or theirs? > > postfix-p25/smtpd[18149]: NOQUEUE: reject: RCPT from > smout-245174.nsmailserv.com[202.162.245.174]: 450 4.7.1 > : Sender address rejected: Access denied; > from= to= > proto=ESMTP helo= > "Sender address rejected: Access denied;" is caused by one of your check_sender_access maps. > smtpd_sender_restrictions = permit_mynetworks, check_sender_access > hash:/etc/postfix/sender_access, check_sender_mx_access > hash:/etc/postfix/sender_mx_access, check_sender_ns_access > hash:/etc/postfix/sender_ns_access, permit_sasl_authenticated, One of these. -- Noel Jones
Re: Postfix error 450 4.7.1 Sender address rejected: Access denied
On Thu, May 5, 2016 12:11, Christian Kivalo wrote: > > > Am 5. Mai 2016 17:34:36 MESZ, schrieb "James B. Byrne" > : >>Can anyone clue me in on what configuration issue might be causing >>this and whose configuration it is, mine or theirs? >> >>postfix-p25/smtpd[18149]: NOQUEUE: reject: RCPT from >>smout-245174.nsmailserv.com[202.162.245.174]: 450 4.7.1 >>: Sender address rejected: Access denied; >>from= to= >>proto=ESMTP helo= >> >> >># postconf -n . . . >>smtpd_sender_restrictions = permit_mynetworks, check_sender_access >>hash:/etc/postfix/sender_access, check_sender_mx_access >>hash:/etc/postfix/sender_mx_access, check_sender_ns_access >>hash:/etc/postfix/sender_ns_access, permit_sasl_authenticated, >>reject_non_fqdn_sender, reject_unknown_sender_domain, permit > > Whats in these files? > # cat /etc/postfix/sender_access . . . # ACCESS(5) ::1 OK 127.0.0.1 OK 216.185.71.9 OK 216.185.71.10 OK 216.185.71.11 OK 216.185.71.12 OK 216.185.71.13 OK 216.185.71.14 OK 216.185.71.15 OK 216.185.71.16 OK 216.185.71.17 OK 216.185.71.18 OK 216.185.71.19 OK 216.185.71.20 OK 216.185.71.21 OK 216.185.71.22 OK 216.185.71.23 OK 216.185.71.24 OK 216.185.71.25 OK 216.185.71.26 OK 216.185.71.27 OK 216.185.71.28 OK 216.185.71.29 OK forex.cont...@harte-lyne.ca OK mailman.halisp.netOK upsdocs.com OK .upsdocs.com OK verticalresponse.com REJECT # cat /etc/postfix/sender_mx_access . . . # Cannot use OK result in this map, use DUNNO instead. # cat /etc/postfix/sender_ns_access . . . # Cannot use OK result in this map, use DUNNO instead. # colocrossings.com DEFER name-services.com DEFER name-services.net DEFER leaseweb.be DEFER leaseweb.ca DEFER leaseweb.ch DEFER leaseweb.comDEFER leaseweb.de DEFER leaseweb.fr DEFER leaseweb.netDEFER leaseweb.nl DEFER leaseweb.orgDEFER leaseweb.us DEFER -- *** e-Mail is NOT a SECURE channel *** Do NOT transmit sensitive data via e-Mail Do NOT open attachments nor follow links sent by e-Mail James B. Byrnemailto:byrn...@harte-lyne.ca Harte & Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3
Re: Postfix error 450 4.7.1 Sender address rejected: Access denied
Am 5. Mai 2016 18:30:40 MESZ, schrieb "James B. Byrne" : > >On Thu, May 5, 2016 12:11, Christian Kivalo wrote: >> >> >> Am 5. Mai 2016 17:34:36 MESZ, schrieb "James B. Byrne" >> : >>>Can anyone clue me in on what configuration issue might be causing >>>this and whose configuration it is, mine or theirs? >>> >>>postfix-p25/smtpd[18149]: NOQUEUE: reject: RCPT from >>>smout-245174.nsmailserv.com[202.162.245.174]: 450 4.7.1 >>>: Sender address rejected: Access denied; >>>from= to= >>>proto=ESMTP helo= >>> >>> >>># postconf -n >. . . >>>smtpd_sender_restrictions = permit_mynetworks, check_sender_access >>>hash:/etc/postfix/sender_access, check_sender_mx_access >>>hash:/etc/postfix/sender_mx_access, check_sender_ns_access >>>hash:/etc/postfix/sender_ns_access, permit_sasl_authenticated, >>>reject_non_fqdn_sender, reject_unknown_sender_domain, permit >> >> Whats in these files? ... ># cat /etc/postfix/sender_ns_access >. . . ># Cannot use OK result in this map, use DUNNO instead. ># >colocrossings.com DEFER >name-services.com DEFER >name-services.net DEFER There it is: lymanworldwide.com uses nameservices provided by name-services.com valo@karl:~ $ dig ns lymanworldwide.com ; <<>> DiG 9.9.5-9+deb8u6-Debian <<>> ns lymanworldwide.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51294 ;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;lymanworldwide.com.IN NS ;; ANSWER SECTION: lymanworldwide.com. 3600IN NS dns5.name-services.com. lymanworldwide.com. 3600IN NS dns3.name-services.com. lymanworldwide.com. 3600IN NS dns4.name-services.com. lymanworldwide.com. 3600IN NS dns1.name-services.com. lymanworldwide.com. 3600IN NS dns2.name-services.com. ;; Query time: 179 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Thu May 05 18:33:14 CEST 2016 ;; MSG SIZE rcvd: 156 -- Christian Kivalo
Re: Postfix error 450 4.7.1 Sender address rejected: Access denied
On Thu, May 5, 2016 12:37, Christian Kivalo wrote: > > There it is: lymanworldwide.com uses nameservices provided by > name-services.com > Thanks, that is it. I suppose we will just have to explicitly permit them in. Not that I approve of their choice of registrars (enom). Thanks for the help. -- *** e-Mail is NOT a SECURE channel *** Do NOT transmit sensitive data via e-Mail Do NOT open attachments nor follow links sent by e-Mail James B. Byrnemailto:byrn...@harte-lyne.ca Harte & Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3
Re: Postfix error 450 4.7.1 Sender address rejected: Access denied
On 5 May 2016, at 11:57, James B. Byrne wrote: On Thu, May 5, 2016 11:34, James B. Byrne wrote: Can anyone clue me in on what configuration issue might be causing this and whose configuration it is, mine or theirs? postfix-p25/smtpd[18149]: NOQUEUE: reject: RCPT from smout-245174.nsmailserv.com[202.162.245.174]: 450 4.7.1 : Sender address rejected: Access denied; from= to= proto=ESMTP helo= I discovered this issue in their DNS with respect to SPF: ;; ANSWER SECTION: lymanworldwide.com. 1800IN TXT "v=spf1 include:netcore.co.in -all" lymanworldwide.com. 1800IN TXT "v=spf1 include:spf.protection.outlook.com -all" Yes, that's almost certainly the cause of the problem. Having 2 SPF TXT records is fundamentally broken in addition to being formally incorrect. There's no defined way to merge records and any of the obvious mechanisms with those 2 records would be indeterminate because they are explicitly contradictory and there is no way to prioritize one over the other. The rejection is "soft" (450 instead of 550) because presumably your SPF checking is configured to do that when SPF records are formally improper. But it does not appear to me that the connection is getting to the point where SPF is considered. Sure it is. The usual order of SMTP commands is (EHLO|HELO) MAIL RCPT (maybe multiple times) DATA QUIT Your config includes: smtpd_recipient_restrictions = reject_non_fqdn_recipient, reject_unknown_recipient_domain, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_unauth_pipelining, check_policy_service unix:/var/spool/postfix/postgrey/socket, check_policy_service unix:private/policyd-spf, permit Assuming that "policyd-spf" is where you check and enforce SPF, this config entry means that it is checked for each recipient, i.e. each SMTP "RCPT" command. The quoted log entry records that smtpd got a command from 202.162.245.174 that was probably exactly like this: RCPT TO: and replied with something much like: 450 4.7.1 : Sender address rejected: Access denied (the reply at least started with '450 4.7.1'; I'm not sure exactly what smtpd says in the following text part but it really doesn't matter) Postfix smtpd waits to make that check until RCPT because you told it to do so explicitly by putting it in smtpd_recipient_restrictions and would do so in any case (unless you put it in smtpd_data_restrictions, which would be perverse) because smtpd_delay_reject=yes is a default setting.
Re: Postfix error 450 4.7.1 Sender address rejected: Access denied
On Thu, May 05, 2016 at 10:24:49PM -0400, Bill Cole wrote: > >I discovered this issue in their DNS with respect to SPF: > > > >;; ANSWER SECTION: > >lymanworldwide.com. 1800IN TXT "v=spf1 > >include:netcore.co.in -all" > >lymanworldwide.com. 1800IN TXT "v=spf1 > >include:spf.protection.outlook.com -all" > > Yes, that's almost certainly the cause of the problem. Except that the logs clearly indicate it isn't. The rejection is a sender access(5) check. -- Viktor.
Re: Postfix error 450 4.7.1 Sender address rejected: Access denied
On 5 May 2016, at 22:24, Bill Cole wrote: [ blah blah blah ] OR: I was entirely wrong about the broken SPF records being the cause of that rejection. Noel & Christian were right in pointing you at the access maps. You MIGHT also run into the SPF issue after exempting that sender from the shunning of their DNS provider, depending on how you do it, but that is dependent on how your policyd-spf responds in the case of bad records.
