Re: postfix-policyd-spf-perl and troubles with Amazon?

Wed, 06 May 2015 06:59:58 -0700 

On Wed, May 6, 2015 09:45, Tobi wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Hi list
>
> I know it's technically not a postfix issue :-) But maybe someone else
> here on this list has the same problem.
> I'm using Postfix with postfix-policyd-spf-perl About 4 or 5 days ago
> I started to get error messages from postfix for mails from Amazon.
> The log shows
>
> <<
> May  6 15:33:12 mail1 postfix/policy-spf[10692]: Policy
> action=DEFER_IF_PERMIT SPF-Result=marketplace.amazon.de ...
> spf1.amazon.com: Unknown error on DNS 'TXT' lookup of
> 'spf1.amazon.com'
> May  6 15:33:12 mail1 postfix/smtpd[10069]: NOQUEUE: reject: RCPT from
> a0-3.smtp-out.eu-west-1.amazonses.com[54.240.0.3]: 450 4.7.1
> <tobs...@brain-force.ch>: Recipient address rejected:
> SPF-Result=marketplace.amazon.de ... spf1.amazon.com: Unknown error on
> DNS 'TXT' lookup of 'spf1.amazon.com';
> from=<comm-bounces+bbc-message-a370530b4pb...@marketplace.amazon.de>
> to=<tobs...@brain-force.ch> proto=ESMTP
> helo=<a0-3.smtp-out.eu-west-1.amazonses.com>
> May  6 15:33:37 mail1 postfix/smtpd[10069]: disconnect from
> a0-3.smtp-out.eu-west-1.amazonses.com[54.240.0.3]
>>>
>
> I did not change anything on the server side. I tried to verify the
> SPF records from Amazon with
> http://www.kitterman.com/spf/validate.html but the tests were always
> successfull.
> Does anyone have this problem too with Amazon? Or does anyone have an
> idea how to solve it?
>
> Thanks
>
dig spf1.amazon.com TXT

;; ANSWER SECTION:
spf1.amazon.com.        900     IN      TXT     "spf2.0/pra ip4:207.171.160.0/19
ip4:87.238.80.0/21 ip4:72.21.192.0/19 ip4:194.154.193.192/27
ip4:194.7.41.152/28 ip4:212.123.28.40/32 ip4:203.81.17.0/24
ip4:72.21.212.0/25 ip4:178.236.10.128/26 -all"
spf1.amazon.com.        900     IN      TXT     "v=spf1 ip4:207.171.160.0/19
ip4:87.238.80.0/21 ip4:72.21.192.0/19 ip4:194.154.193.192/27
ip4:194.7.41.152/28 ip4:212.123.28.40/32 ip4:203.81.17.0/24
ip4:72.21.212.0/25 ip4:178.236.10.128/26 -all"

Amazon has screwed up their spf records.  A DNS host can have only ONE
spf TXT RR and that must not contain or recursively resolve to more
than TEN tags.

You will have to contact the DNS maintainer for the amazon.com zone

;; AUTHORITY SECTION:
amazon.com.             60      IN      SOA     dns-external-master.amazon.com.
root.amazon.com. 2010112764 180 60 3024000 60

Who evidently is reached via r...@amazon.com.  Good luck with that.


-- 
***          e-Mail is NOT a SECURE channel          ***
        Do NOT transmit sensitive data via e-Mail
James B. Byrne                mailto:byrn...@harte-lyne.ca
Harte & Lyne Limited          http://www.harte-lyne.ca
9 Brockley Drive              vox: +1 905 561 1241
Hamilton, Ontario             fax: +1 905 561 0757
Canada  L8E 3C3

Reply via email to