Re: Mails rejected due to SPF?

2016-06-01 Thread Admin Beckspaced 

Am 01.06.2016 um 13:41 schrieb Wietse Venema:

Admin Beckspaced:

i had a similar issue a while back ago when switching to new servers.
the new servers supported the IPv6 protocol and as far as i remember
IPv6 is always preferred before IPv4.
my problem was a missing IP reverse DNS entry for the IPv6 address of my
server. i had an IPv4 reverse DNS setup but this wasn't enough as IPv6
is always preferred.

FYI, The SMTP client IP address preference is configurable.  With
Postfix 2.9 and later the default is "any" (it chooses IPv4 and
IPv6 randomly with equal probability, so that an outage with one
protocol won't prevent mail from going through)).

Wietse

smtp_address_preference (default: any)
The address type ("ipv6", "ipv4" or "any") that the Postfix SMTP client
will try first, when a destination has IPv6  and  IPv4  addresses  with
equal  MX preference. This feature has no effect unless the inet_proto-
cols setting enables both IPv4 and IPv6.

Postfix SMTP client address preference has evolved.  With  Postfix  2.8
the default is "ipv6"; earlier implementations are hard-coded to prefer
IPv6 over IPv4.



thanks, wietse, for clarification on that topic

i'm always impressed by the support you provide on the mailing list!
thanks & keep up the good work you're doing ;)

becki

Re: Mails rejected due to SPF?

2016-06-01 Thread Wietse Venema 
Admin Beckspaced:
> i had a similar issue a while back ago when switching to new servers. 
> the new servers supported the IPv6 protocol and as far as i remember 
> IPv6 is always preferred before IPv4.
> my problem was a missing IP reverse DNS entry for the IPv6 address of my 
> server. i had an IPv4 reverse DNS setup but this wasn't enough as IPv6 
> is always preferred.

FYI, The SMTP client IP address preference is configurable.  With
Postfix 2.9 and later the default is "any" (it chooses IPv4 and
IPv6 randomly with equal probability, so that an outage with one
protocol won't prevent mail from going through)).

Wietse

smtp_address_preference (default: any)
   The address type ("ipv6", "ipv4" or "any") that the Postfix SMTP client
   will try first, when a destination has IPv6  and  IPv4  addresses  with
   equal  MX preference. This feature has no effect unless the inet_proto-
   cols setting enables both IPv4 and IPv6.

   Postfix SMTP client address preference has evolved.  With  Postfix  2.8
   the default is "ipv6"; earlier implementations are hard-coded to prefer
   IPv6 over IPv4.

Re: Mails rejected due to SPF?

2016-05-31 Thread Admin Beckspaced 



Am 31.05.2016 um 21:03 schrieb A. Schulze:



Am 31.05.2016 um 19:09 schrieb Johannes Bauer:

Hello list,

I know this is a bit off-topic, but I'm not sure if I misconfigured
Postfix to result in this: Just today, an email of mine was rejected due
to SPF reasons:

 host mx-ha03.web.de[212.227.15.17] said:
550-Requested action not taken: mailbox unavailable
550-Reject due to SPF policy.
550-The originating IP of the message is not permitted by the domain 
owner.

550 For explanation visit
http://postmaster.web.de/error-messages?ip=64.98.36.17=spf (in reply
to MAIL FROM command)

I have multiple domains, let's call them foobar.de and joebauer.de.
"foobar.de" is the primary host name (and there's an A record for
foobar.de and *.foobar.de). The reverse DNS of the IP points to
foobar.de as well.

For my other domain, joebauer.de, also the A records for joebauer.de and
*.joebauer.de point to that same IP address of my server. The MX is set
to mail.joebauer.de and the TXT is set to "v=spf1 mx -all".

According to the tests at http://www.kitterman.com/spf/validate.html a
mail originating from my server's IP with a FROM of j...@joebauer.de
should have no problems passing the SPF test. However the remote MTA
complains and rejects delivery. I do not know what HELO Postfix issued,
but tried all of foo.foobar.de, foobar.de and joebauer.de in the
kitterman test -- all of which passed SPF.

Can anyone help shed light on what I have misconfigured here?


1&1 changed the policy some time/days/weeks ago. They now reject 
messages that could not be authenticated

by spf if the senderdomain request it ( end with "-all" )

Andreas


i had a similar issue a while back ago when switching to new servers. 
the new servers supported the IPv6 protocol and as far as i remember 
IPv6 is always preferred before IPv4.
my problem was a missing IP reverse DNS entry for the IPv6 address of my 
server. i had an IPv4 reverse DNS setup but this wasn't enough as IPv6 
is always preferred.


hope this helps ;)
becki

Re: Mails rejected due to SPF?

2016-05-31 Thread A. Schulze 



Am 31.05.2016 um 19:09 schrieb Johannes Bauer:

Hello list,

I know this is a bit off-topic, but I'm not sure if I misconfigured
Postfix to result in this: Just today, an email of mine was rejected due
to SPF reasons:

 host mx-ha03.web.de[212.227.15.17] said:
550-Requested action not taken: mailbox unavailable
550-Reject due to SPF policy.
550-The originating IP of the message is not permitted by the domain owner.
550 For explanation visit
http://postmaster.web.de/error-messages?ip=64.98.36.17=spf (in reply
to MAIL FROM command)

I have multiple domains, let's call them foobar.de and joebauer.de.
"foobar.de" is the primary host name (and there's an A record for
foobar.de and *.foobar.de). The reverse DNS of the IP points to
foobar.de as well.

For my other domain, joebauer.de, also the A records for joebauer.de and
*.joebauer.de point to that same IP address of my server. The MX is set
to mail.joebauer.de and the TXT is set to "v=spf1 mx -all".

According to the tests at http://www.kitterman.com/spf/validate.html a
mail originating from my server's IP with a FROM of j...@joebauer.de
should have no problems passing the SPF test. However the remote MTA
complains and rejects delivery. I do not know what HELO Postfix issued,
but tried all of foo.foobar.de, foobar.de and joebauer.de in the
kitterman test -- all of which passed SPF.

Can anyone help shed light on what I have misconfigured here?


1&1 changed the policy some time/days/weeks ago. They now reject messages that 
could not be authenticated
by spf if the senderdomain request it ( end with "-all" )

Andreas

Re: Mails rejected due to SPF?

2016-05-31 Thread Chalmers 
I too face this problem, though all rejected mail comes back from gmail 
accounts. Something to do with spf and ipv6, I'm still trying to track down the 
problem.
Robert


-
From my iPhone.


> On 31 May 2016, at 6:09 pm, Johannes Bauer  wrote:
> 
> Hello list,
> 
> I know this is a bit off-topic, but I'm not sure if I misconfigured
> Postfix to result in this: Just today, an email of mine was rejected due
> to SPF reasons:
> 
> host mx-ha03.web.de[212.227.15.17] said:
> 550-Requested action not taken: mailbox unavailable
> 550-Reject due to SPF policy.
> 550-The originating IP of the message is not permitted by the domain owner.
> 550 For explanation visit
> http://postmaster.web.de/error-messages?ip=64.98.36.17=spf (in reply
> to MAIL FROM command)
> 
> I have multiple domains, let's call them foobar.de and joebauer.de.
> "foobar.de" is the primary host name (and there's an A record for
> foobar.de and *.foobar.de). The reverse DNS of the IP points to
> foobar.de as well.
> 
> For my other domain, joebauer.de, also the A records for joebauer.de and
> *.joebauer.de point to that same IP address of my server. The MX is set
> to mail.joebauer.de and the TXT is set to "v=spf1 mx -all".
> 
> According to the tests at http://www.kitterman.com/spf/validate.html a
> mail originating from my server's IP with a FROM of j...@joebauer.de
> should have no problems passing the SPF test. However the remote MTA
> complains and rejects delivery. I do not know what HELO Postfix issued,
> but tried all of foo.foobar.de, foobar.de and joebauer.de in the
> kitterman test -- all of which passed SPF.
> 
> Can anyone help shed light on what I have misconfigured here?
> 
> Thanks,
> Johannes