On 3/10/12, Noel Butler <noel.but...@ausics.net> wrote: > On Sat, 2012-03-10 at 11:08 +1000, Nick Edwards wrote: > >> On 3/10/12, Reindl Harald <h.rei...@thelounge.net> wrote: > >> > what type of entries are you using in your SPF record? >> > i found out that a/mx entries sometimes making troubles and since >> > we changed our backend to use only ip and let the backend >> > translate servernames automatically whle generating the >> > zone-files i never saw a single spf-error the last 2 years >> > > > Good advice on not using A (for many reasons), though I've never seen a > problem with MX myself. > > >> SPF is setup correctly, I've been setting up SPF for a great many >> years , even back in the old qmail days, I know our SPF records are > > > > When did you add these extra IP's? Recently? > What is the actual connecting IP type to the master, IPv4, or IPv6? > Does your primary mail server query a server that uses DNS views? > Are you perchance using another DNS server in your tests that your > primary mail server is not? > > You've been asked by others to supply actual details, if you don't want > to make them public, try sending offlist, we can sit here for the next 6 > months playing guessing games, if someone other than you has factual > live information, they can perhaps run live tests using their DNS etc, > kinda like a look at it with fresh eyes. > > > >> Given what Wietse has said, I am tending more towards spfpolicy.pl on >> master, but I'm too tired and it's late, so I'll investigate more >> after some sleep. >> > > > poppy, unless you have modified it (read as totally fscked it up) > >
Thanks! You have pointed me in the direction of my error, it was an internal DNS server view that only had the original IP in it, not the newer one. My testing of spf rules was on our normal caching server which of course showed it was fine. Sorry Wietse, you were right as usual, it was my configuration problem and not postfix!
