Hello, My SPF record appears to be in order, using the SPF query tool at kitterman dot com.
Also, I do not appear to have any problems receiving or sending emails, outside of this minor temperror message. However, the header kind of irks me, since it always returns the following header. Received-SPF: Temperror(mailfrom) But, I would like to receive this Received-SPF: Pass (sender SPF authorized) my domain is little-beak at com I have included all my files below, also in case anyone is in the mood to help a brother out. =) I am still learning, and want as solid as a system as possible. I have setup dkim and dmarc, and they seem to be working as expected, generally passing, the former, or reporting, the latter. Thanks to any and everyone that could offer a helping hand. ------------- Here is my dns SPF record: record type: TXT host set as @ v=spf1 mx a ip4:85.183.140.219 ~all ------------- I have a MXE (simple mail) record with my dns setup for mail.little-beak.com which points to my IP. ------------- I have an A record for mail which also points to me IP ------------- Here is my policyd-SPF.conf debugLevel = 4 TestOnly = 1 #changed Fail to False on the following two values, drexl. HELO_reject = False Mail_From_reject = False PermError_reject = False TempError_Defer = False Hide_Receiver = No skip_addresses = 127.0.0.0/8,::ffff:127.0.0.0/104,::1 ------------------ Here is my postfix/master.cf file # See /usr/share/postfix/main.cf.dist for a commented, more complete version # Debian specific: Specifying a file name will cause the first # line of that file to be used as the name. The Debian default # is /etc/mailname. #myorigin = /etc/mailname smtpd_banner = $myhostname ESMTP $mail_name biff = no # appending .domain is the MUA's job. append_dot_mydomain = no # Uncomment the next line to generate "delayed mail" warnings delay_warning_time = 4h readme_directory = no # See http://www.postfix.org/COMPATIBILITY_README.html -- default to 2 on # fresh installs. compatibility_level = 2 # TLS parameters smtpd_tls_cert_file=/etc/letsencrypt/live/little-beak.com/cert.pem smtpd_tls_key_file=/etc/letsencrypt/live/little-beak.com/privkey.pem smtpd_use_tls=yes smtpd_tls_auth_only = yes smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for # information on enabling SSL in the smtp client. smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination myhostname = mail.little-beak.com mydomain = little-beak.com #alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases myorigin = /etc/mailname mydestination = mail.little-beak.com, localhost.little-beak.com, localhost relayhost = mynetworks = 127.0.0.0/8, 192.168.1.0/24 mailbox_command = procmail -a "$EXTENSION" mailbox_size_limit = 0 recipient_delimiter = + inet_interfaces = all inet_protocols = ipv4 smtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination,c heck_policy_service unix:private/policyd- spf,reject_invalid_hostname,reject_non_fqdn_helo_hostname,reject_non_fq dn_sender,reject_non_fqdn_recipient #smtpd_sender_restrictions = reject_unknown_sender_domain, # reject_sender_login_mismatch #smtpd_sender_login_maps = $virtual_mailbox_maps ## Dealing with rejection: use permanent 550 errors to stop retries unknown_address_reject_code = 550 unknown_hostname_reject_code = 550 unknown_client_reject_code = 550 ## customized TLS parameters #blocked all these out, for now. #smtpd_tls_ask_ccert = yes #smtpd_tls_cert_file = /etc/ssl/private/ssl-chain-mail-yourdomain.pem #smtpd_tls_key_file = /etc/ssl/private/ssl-key-decrypted-mail- yourdomain.key #smtpd_tls_CAfile = /etc/ssl/certs/ca-certificates.crt #smtpd_tls_ciphers = high #smtpd_tls_loglevel = 1 #smtpd_tls_security_level = may #smtpd_tls_session_cache_timeout = 3600 ## Customized Dovecot and virtual user-specific settings #Getting error messages related to canonical maps - disabling for now. #canonical_maps = hash:/etc/postfix/canonical home_mailbox = Maildir/ message_size_limit = 20480000 #blocked out by drexl #virtual_alias_maps = mysql:/etc/postfix/virtual virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_aliases.cf virtual_mailbox_domains = little-beak.com virtual_mailbox_base = /var/mail/vmail virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf virtual_gid_maps = static:5000 virtual_uid_maps = static:5000 virtual_minimum_uid = 5000 smtpd_sasl_auth_enable = yes smtpd_sasl_type = dovecot smtpd_sasl_path = private/auth virtual_transport = lmtp:unix:private/dovecot-lmtp ## This setting will generate an error if you restart Postfix before ## adding the appropriate service definition in master.cf, so make ## sure to get that taken care of! #NOT SURE, but blocked this, because kept getting message that it was an unused variable. #dovecot_destination_recipient_limit = 1 ## Customized milter settings #milter_default_action = accept #milter_connect_macros = j {daemon_name} v {if_name} _ #non_smtpd_milters = $smtpd_milters #smtpd_milters = unix:/spamass/spamass.sock unix:/clamav/clamav- milter.ctl # unix:/opendkim/opendkim.sock #added by drexl for opendkim implementation # Milter configuration # OpenDKIM milter_default_action = accept # Postfix ≥ 2.6 milter_protocol = 6, Postfix ≤ 2.5 milter_protocol = 2 milter_protocol = 6 smtpd_milters = local:opendkim/opendkim.sock non_smtpd_milters = local:opendkim/opendkim.sock #added by drexl policyd-spf_time_limit = 3600 ## Other customized mail server settings default_destination_concurrency_limit = 5 disable_vrfy_command = yes relay_destination_concurrency_limit = 1 smtp_tls_note_starttls_offer = yes smtp_tls_security_level = may #smtpd_milters = unix:/spamass/spamass.sock #milter_connect_macros = i j {daemon_name} v {if_name} _ #Virusscanner content_filter = scan:127.0.0.1:10026 receive_override_options = no_address_mappings alias_maps = hash:/etc/aliases smtp_host_lookup = dns, native ------------------ Here is my postfix/master.cf file # # Postfix master process configuration file. For details on the format # of the file, see the master(5) manual page (command: "man 5 master" or # on-line: http://www.postfix.org/master.5.html). # # Do not forget to execute "postfix reload" after editing this file. # # ======================================================================= === # service type private unpriv chroot wakeup maxproc command + args # (yes) (yes) (no) (never) (100) # ======================================================================= === smtp inet n - - - - smtpd -o content_filter=spamassassin #smtp inet n - y - 1 postscreen #smtpd pass - - y - - smtpd #dnsblog unix - - y - 0 dnsblog #tlsproxy unix - - y - 0 tlsproxy submission inet n - y - - smtpd -o syslog_name=postfix/submission -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes # -o smtpd_reject_unlisted_recipient=no -o smtpd_client_restrictions=permit_sasl_authenticated,reject # -o smtpd_helo_restrictions=$mua_helo_restrictions # -o smtpd_sender_restrictions=$mua_sender_restrictions # -o smtpd_recipient_restrictions= -o smtpd_relay_restrictions=permit_sasl_authenticated,reject # -o milter_macro_daemon_name=ORIGINATING smtps inet n - - - - smtpd -o syslog_name=postfix/smtps -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes # -o smtpd_reject_unlisted_recipient=no # -o smtpd_client_restrictions=$mua_client_restrictions # -o smtpd_helo_restrictions=$mua_helo_restrictions # -o smtpd_sender_restrictions=$mua_sender_restrictions # -o smtpd_recipient_restrictions= # -o smtpd_relay_restrictions=permit_sasl_authenticated,reject # -o milter_macro_daemon_name=ORIGINATING #628 inet n - y - - qmqpd pickup unix n - - 60 1 pickup cleanup unix n - - - 0 cleanup qmgr unix n - n 300 1 qmgr #qmgr unix n - n 300 1 oqmgr tlsmgr unix - - - 1000? 1 tlsmgr rewrite unix - - - - - trivial- rewrite bounce unix - - - - 0 bounce defer unix - - - - 0 bounce trace unix - - - - 0 bounce verify unix - - - - 1 verify flush unix n - - 1000? 0 flush proxymap unix - - n - - proxymap proxywrite unix - - n - 1 proxymap smtp unix - - - - - smtp relay unix - - - - - smtp # -o smtp_helo_timeout=5 -o smtp_connect_timeout=5 showq unix n - - - - showq error unix - - - - - error retry unix - - - - - error discard unix - - - - - discard local unix - n n - - local virtual unix - n n - - virtual lmtp unix - - - - - lmtp anvil unix - - - - 1 anvil scache unix - - - - 1 scache #not sure if this the right place for this clamav line, el_Guapo scan unix - - n - 16 smtp -o smtp_send_xforward_command=yes # # ==================================================================== # Interfaces to non-Postfix software. Be sure to examine the manual # pages of the non-Postfix software to find out what options it wants. # # Many of the following services use the Postfix pipe(8) delivery # agent. See the pipe(8) man page for information about ${recipient} # and other message envelope options. # ==================================================================== # # maildrop. See the Postfix MAILDROP_README file for details. # Also specify in main.cf: maildrop_destination_recipient_limit=1 # maildrop unix - n n - - pipe flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient} # # ==================================================================== # # Recent Cyrus versions can use the existing "lmtp" master.cf entry. # # Specify in cyrus.conf: # lmtp cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4 # # Specify in main.cf one or more of the following: # mailbox_transport = lmtp:inet:localhost # virtual_transport = lmtp:inet:localhost # # ==================================================================== # # Cyrus 2.1.5 (Amos Gouaux) # Also specify in main.cf: cyrus_destination_recipient_limit=1 # #cyrus unix - n n - - pipe # user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user} # # ==================================================================== # Old example of delivery via Cyrus. # #old-cyrus unix - n n - - pipe # flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user} # # ==================================================================== # # See the Postfix UUCP_README file for configuration details. # uucp unix - n n - - pipe flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient) # # Other external delivery methods. # ifmail unix - n n - - pipe flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient) bsmtp unix - n n - - pipe flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient scalemail-backend unix - n n - 2 pipe flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension} mailman unix - n n - - pipe flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py ${nexthop} ${user} spamassassin unix - n n - - pipe user=spamd argv=/usr/bin/spamc -f -e /usr/sbin/sendmail -oi -f ${sender} ${recipient} # For injecting mail back into postfix from the filter 127.0.0.1:10025 inet n - n - 16 smtpd -o content_filter= -o receive_override_options=no_unknown_recipient_checks,no_header_body_che cks -o smtpd_helo_restrictions= -o smtpd_client_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o mynetworks_style=host -o smtpd_authorized_xforward_hosts=127.0.0.0/8 policyd-spf unix - n n - 0 spawn user=policyd-spf argv=/usr/bin/policyd-spf
