On Saturday, February 5, 2022 11:36:40 AM EST Fourhundred Thecat wrote:
> > On 2022-02-05 16:00, Scott Kitterman wrote:
> > On Saturday, February 5, 2022 8:48:22 AM EST Fourhundred Thecat wrote:
> >> policyd-spf: prepend Received-SPF: Temperror (mailfrom)
> >>
> >> identity=mailfrom; client-ip=77.75.76.210; helo=mxd2.seznam.cz;
> >
> > The policy server itself has the ability to produce more verbose logs that
> > would likely make it clearer what is happening.
>
> I have increased verbosity level, and now one of the debug lines says:
>
> spfcheck: pyspf result: "['Temperror', 'SPF Temporary Error: DNS
> Error: exceeded max query lookup time', 'mailfrom']"
>
> full log here: https://ctxt.io/2/AABg47FDFg
>
> > If this was a one time
> >
> > problem, it may be that there was a temporary DNS issue when resolved
> > itself.
> it is not one time problem. It has been not working for several hours
> already, and the sending server tries again and again to deliver the
> mail unsuccessfully.
>
> > Also it would be useful to know which version of python3-spf and the
> > policy
> > server you are using as will as if you are using py3dns (DNS module) or
> > dnspython (dns module).
>
> I am using python3-spf 2.0.12t-3 installed from package on Debian 10.
> I am not using py3dns
>
> > Relative to the other suggestion of changing the Lookup_Time value, if 20
> > seconds isn't enough you probably have other issues that should be
> > investigated. That would be a last resort kind of thing in my opinion.
>
> as i wrote before, the DNS lookup works fine when I execute it manually
> on the mailserver:
>
> # host -t txt seznam.cz
> seznam.cz descriptive text "v=spf1 mx ip4:77.75.78.0/23
> ip4:77.75.76.0/23 ip6:2a02:598::/32 ?all"
>
> so it does not look like DNS problem, as far as I can tell.
Here's how you would do essentially the same query as mentioned in the log
directly with pyspf:
python3 /usr/lib/python3/dist-packages/spf.py 77.75.76.210 seznam.cz
t...@seznam.cz
All one line. When I do that (on a Debian 10 system) I get:
result: ('pass', 250, 'sender SPF authorized') ip4:77.75.76.0/23
If you don't have python3-dns installed, that would perhaps explain the
problem. The python3-spf package depends on it, so I'm not sure how you
managed it, but if you did, what you're seeing might be the result.
Scott K
