On Sun, Jul 24, 2016 at 9:52 AM, Michael Rasmussen <[email protected]> wrote:
> Investigating an instance of SPF rejection by postfix. > > The postfix SPF module receiving mail for @michaelsnet.us is rejecting > email from @michaelrpdx.com > > Relevant log message: > Jul 24 09:36:58 rumpus postfix/smtpd[3844]: NOQUEUE: reject: RCPT from > cave.michaelrpdx.com[167.88.112.146]: 550 5.7.1 <[email protected]>: > Recipient address rejected: Message > rejected due to: SPF fail - not authorized. Please see > http://www.openspf.net/Why?s=mfrom;[email protected];ip=167.88.112.146;[email protected] > ; > from=<[email protected]> to=<[email protected]> proto=ESMTP > helo=<cave.michaelrpdx.com> > Jul 24 09:36:59 rumpus postfix/smtpd[3844]: disconnect from > cave.michaelrpdx.com[167.88.112.146] > > [blah blah blah...] > In short, postfix's SPF checker is the only entity that associates > 167.88.112.146 with cave.michaelsnet.us > > Having beat my head against the wall attempting to resolve this I'm pretty > sure I'm missing something simple. > > What is, or may be, causing this? > > I don't have a solid answer for you, but I can add that I've seen a few similar failures elsewhere recently. Your actual SPF record is as follows: $ host -t txt michaelrpdx.com michaelrpdx.com TXT "v=spf1 mx a" Which instructs postfix to look up the mx record for michaelrpdx.com and automatically authorize that host to send emails for that domain. This relies on the second DNS lookup (the first being for the SPF record) to succeed, which may not always be the case. I would advise adding the IP address of the server to your SPF record. This has worked well for me in the past in similar situations. Hopefully someone else has better ideas. I'll be looking for them also. -wes _______________________________________________ PLUG mailing list [email protected] http://lists.pdxlinux.org/mailman/listinfo/plug
