On May 8, 2012, at 14:34, Ralf Hildebrandt wrote: > * James Seymour <jseym...@linxnet.com>: >> Hi All, >> >> I'm using the SPF policy daemon. Works great (or appears to, anyway), >> save one thing: The rejects claim "Recipient address rejected," when, >> in reality, it's the sender's address that's being rejected. This leads >> to confusion. >> >> Short of reworking my rules so I can place the SPF check under >> smtpd_sender_restrictions (I have everything under recipient >> restrictions), which I'm guessing would fix the problem, is there any >> way to persuade SPF policy daemon rejects to say the right thing? > > Actually it's postfix reporting this, so your approach of putting it > into smtpd_sender_restrictions is looking better
Part of it is the default reply from Postfix, which depends on where you put the restriction. The rest is the reply from your SPF policy daemon, which Postfix appends to its default reply. For example, this is from ours, from earlier today; ==== Transcript of session follows. Out: 220 nenya.dtnx.net ESMTP In: EHLO relay3-d.mail.gandi.net Out: 250-nenya.dtnx.net Out: 250-PIPELINING Out: 250-SIZE 31457280 Out: 250-ENHANCEDSTATUSCODES Out: 250 8BITMIME In: MAIL FROM:<retu...@c.ss43.shsend.com> SIZE=25982 BODY=7BIT Out: 250 2.1.0 Ok In: RCPT TO:<xxxxxxx.xxxxxxxxx...@xxxxxxxxx.com> Out: 550 5.7.1 <xxxxxxx.xxxxxxxxx...@xxxxxxxxx.com>: Recipient address rejected: will not accept 'retu...@c.ss43.shsend.com' from '217.70.183.195'; SPF fail - not authorized In: DATA Out: 554 5.5.1 Error: no valid recipients In: RSET Out: 250 2.0.0 Ok In: QUIT Out: 221 2.0.0 Bye ==== The '550 ... rejected:' is Postfix, the rest is the reply Postfix got from the SPF policy daemon. Customizing that reply may be another option to clarify what is happening. Cya, Jona
