On Saturday, February 5, 2022 11:36:40 AM EST Fourhundred Thecat wrote: > > On 2022-02-05 16:00, Scott Kitterman wrote: > > On Saturday, February 5, 2022 8:48:22 AM EST Fourhundred Thecat wrote: > >> policyd-spf: prepend Received-SPF: Temperror (mailfrom) > >> > >> identity=mailfrom; client-ip=77.75.76.210; helo=mxd2.seznam.cz; > > > > The policy server itself has the ability to produce more verbose logs that > > would likely make it clearer what is happening. > > I have increased verbosity level, and now one of the debug lines says: > > spfcheck: pyspf result: "['Temperror', 'SPF Temporary Error: DNS > Error: exceeded max query lookup time', 'mailfrom']" > > full log here: https://ctxt.io/2/AABg47FDFg > > > If this was a one time > > > > problem, it may be that there was a temporary DNS issue when resolved > > itself. > it is not one time problem. It has been not working for several hours > already, and the sending server tries again and again to deliver the > mail unsuccessfully. > > > Also it would be useful to know which version of python3-spf and the > > policy > > server you are using as will as if you are using py3dns (DNS module) or > > dnspython (dns module). > > I am using python3-spf 2.0.12t-3 installed from package on Debian 10. > I am not using py3dns > > > Relative to the other suggestion of changing the Lookup_Time value, if 20 > > seconds isn't enough you probably have other issues that should be > > investigated. That would be a last resort kind of thing in my opinion. > > as i wrote before, the DNS lookup works fine when I execute it manually > on the mailserver: > > # host -t txt seznam.cz > seznam.cz descriptive text "v=spf1 mx ip4:77.75.78.0/23 > ip4:77.75.76.0/23 ip6:2a02:598::/32 ?all" > > so it does not look like DNS problem, as far as I can tell.
Here's how you would do essentially the same query as mentioned in the log directly with pyspf: python3 /usr/lib/python3/dist-packages/spf.py 77.75.76.210 seznam.cz t...@seznam.cz All one line. When I do that (on a Debian 10 system) I get: result: ('pass', 250, 'sender SPF authorized') ip4:77.75.76.0/23 If you don't have python3-dns installed, that would perhaps explain the problem. The python3-spf package depends on it, so I'm not sure how you managed it, but if you did, what you're seeing might be the result. Scott K