Re: Mails rejected due to SPF?
Am 01.06.2016 um 13:41 schrieb Wietse Venema: Admin Beckspaced: i had a similar issue a while back ago when switching to new servers. the new servers supported the IPv6 protocol and as far as i remember IPv6 is always preferred before IPv4. my problem was a missing IP reverse DNS entry for the IPv6 address of my server. i had an IPv4 reverse DNS setup but this wasn't enough as IPv6 is always preferred. FYI, The SMTP client IP address preference is configurable. With Postfix 2.9 and later the default is "any" (it chooses IPv4 and IPv6 randomly with equal probability, so that an outage with one protocol won't prevent mail from going through)). Wietse smtp_address_preference (default: any) The address type ("ipv6", "ipv4" or "any") that the Postfix SMTP client will try first, when a destination has IPv6 and IPv4 addresses with equal MX preference. This feature has no effect unless the inet_proto- cols setting enables both IPv4 and IPv6. Postfix SMTP client address preference has evolved. With Postfix 2.8 the default is "ipv6"; earlier implementations are hard-coded to prefer IPv6 over IPv4. thanks, wietse, for clarification on that topic i'm always impressed by the support you provide on the mailing list! thanks & keep up the good work you're doing ;) becki
Re: Mails rejected due to SPF?
Admin Beckspaced: > i had a similar issue a while back ago when switching to new servers. > the new servers supported the IPv6 protocol and as far as i remember > IPv6 is always preferred before IPv4. > my problem was a missing IP reverse DNS entry for the IPv6 address of my > server. i had an IPv4 reverse DNS setup but this wasn't enough as IPv6 > is always preferred. FYI, The SMTP client IP address preference is configurable. With Postfix 2.9 and later the default is "any" (it chooses IPv4 and IPv6 randomly with equal probability, so that an outage with one protocol won't prevent mail from going through)). Wietse smtp_address_preference (default: any) The address type ("ipv6", "ipv4" or "any") that the Postfix SMTP client will try first, when a destination has IPv6 and IPv4 addresses with equal MX preference. This feature has no effect unless the inet_proto- cols setting enables both IPv4 and IPv6. Postfix SMTP client address preference has evolved. With Postfix 2.8 the default is "ipv6"; earlier implementations are hard-coded to prefer IPv6 over IPv4.
Re: Mails rejected due to SPF?
Am 31.05.2016 um 21:03 schrieb A. Schulze: Am 31.05.2016 um 19:09 schrieb Johannes Bauer: Hello list, I know this is a bit off-topic, but I'm not sure if I misconfigured Postfix to result in this: Just today, an email of mine was rejected due to SPF reasons: host mx-ha03.web.de[212.227.15.17] said: 550-Requested action not taken: mailbox unavailable 550-Reject due to SPF policy. 550-The originating IP of the message is not permitted by the domain owner. 550 For explanation visit http://postmaster.web.de/error-messages?ip=64.98.36.17=spf (in reply to MAIL FROM command) I have multiple domains, let's call them foobar.de and joebauer.de. "foobar.de" is the primary host name (and there's an A record for foobar.de and *.foobar.de). The reverse DNS of the IP points to foobar.de as well. For my other domain, joebauer.de, also the A records for joebauer.de and *.joebauer.de point to that same IP address of my server. The MX is set to mail.joebauer.de and the TXT is set to "v=spf1 mx -all". According to the tests at http://www.kitterman.com/spf/validate.html a mail originating from my server's IP with a FROM of j...@joebauer.de should have no problems passing the SPF test. However the remote MTA complains and rejects delivery. I do not know what HELO Postfix issued, but tried all of foo.foobar.de, foobar.de and joebauer.de in the kitterman test -- all of which passed SPF. Can anyone help shed light on what I have misconfigured here? 1&1 changed the policy some time/days/weeks ago. They now reject messages that could not be authenticated by spf if the senderdomain request it ( end with "-all" ) Andreas i had a similar issue a while back ago when switching to new servers. the new servers supported the IPv6 protocol and as far as i remember IPv6 is always preferred before IPv4. my problem was a missing IP reverse DNS entry for the IPv6 address of my server. i had an IPv4 reverse DNS setup but this wasn't enough as IPv6 is always preferred. hope this helps ;) becki
Re: Mails rejected due to SPF?
Am 31.05.2016 um 19:09 schrieb Johannes Bauer: Hello list, I know this is a bit off-topic, but I'm not sure if I misconfigured Postfix to result in this: Just today, an email of mine was rejected due to SPF reasons: host mx-ha03.web.de[212.227.15.17] said: 550-Requested action not taken: mailbox unavailable 550-Reject due to SPF policy. 550-The originating IP of the message is not permitted by the domain owner. 550 For explanation visit http://postmaster.web.de/error-messages?ip=64.98.36.17=spf (in reply to MAIL FROM command) I have multiple domains, let's call them foobar.de and joebauer.de. "foobar.de" is the primary host name (and there's an A record for foobar.de and *.foobar.de). The reverse DNS of the IP points to foobar.de as well. For my other domain, joebauer.de, also the A records for joebauer.de and *.joebauer.de point to that same IP address of my server. The MX is set to mail.joebauer.de and the TXT is set to "v=spf1 mx -all". According to the tests at http://www.kitterman.com/spf/validate.html a mail originating from my server's IP with a FROM of j...@joebauer.de should have no problems passing the SPF test. However the remote MTA complains and rejects delivery. I do not know what HELO Postfix issued, but tried all of foo.foobar.de, foobar.de and joebauer.de in the kitterman test -- all of which passed SPF. Can anyone help shed light on what I have misconfigured here? 1&1 changed the policy some time/days/weeks ago. They now reject messages that could not be authenticated by spf if the senderdomain request it ( end with "-all" ) Andreas
Re: Mails rejected due to SPF?
I too face this problem, though all rejected mail comes back from gmail accounts. Something to do with spf and ipv6, I'm still trying to track down the problem. Robert - From my iPhone. > On 31 May 2016, at 6:09 pm, Johannes Bauerwrote: > > Hello list, > > I know this is a bit off-topic, but I'm not sure if I misconfigured > Postfix to result in this: Just today, an email of mine was rejected due > to SPF reasons: > > host mx-ha03.web.de[212.227.15.17] said: > 550-Requested action not taken: mailbox unavailable > 550-Reject due to SPF policy. > 550-The originating IP of the message is not permitted by the domain owner. > 550 For explanation visit > http://postmaster.web.de/error-messages?ip=64.98.36.17=spf (in reply > to MAIL FROM command) > > I have multiple domains, let's call them foobar.de and joebauer.de. > "foobar.de" is the primary host name (and there's an A record for > foobar.de and *.foobar.de). The reverse DNS of the IP points to > foobar.de as well. > > For my other domain, joebauer.de, also the A records for joebauer.de and > *.joebauer.de point to that same IP address of my server. The MX is set > to mail.joebauer.de and the TXT is set to "v=spf1 mx -all". > > According to the tests at http://www.kitterman.com/spf/validate.html a > mail originating from my server's IP with a FROM of j...@joebauer.de > should have no problems passing the SPF test. However the remote MTA > complains and rejects delivery. I do not know what HELO Postfix issued, > but tried all of foo.foobar.de, foobar.de and joebauer.de in the > kitterman test -- all of which passed SPF. > > Can anyone help shed light on what I have misconfigured here? > > Thanks, > Johannes