On Sun, Jul 14, 2019 at 05:41:14PM -0400, David Mehler wrote:
> I've got a postfix virtual domain setup in a freebsd jail. A separate
> jail holds the webmail server. This is version 3.4.5 of Postfix. I've
> got spf, and am trying to send out a test email. This is what I'm
> getting:
>
> Jul 14 17:28:04 mail postfix/submission/smtpd[6855]: connect from
> webserver.example.local[172.16.21.1]
> Jul 14 17:28:05 mail postfix/policy-spf[9379]: Policy action=550
> Please see
> http://www.openspf.net/Why?s=mfrom;id=user%40example.com;ip=172.16.21.1;r=mail.example.local
> Jul 14 17:28:05 mail postfix/submission/smtpd[6855]: NOQUEUE: reject:
> RCPT from webserver.example.local[172.16.21.1]: 550 5.7.1
> <us...@gmail.com>: Recipient address rejected: Please see
> http://www.openspf.net/Why?s=mfrom;id=user%40example.com;ip=172.16.21.1;r=mail.example.local;
> from=<u...@example.com> to=<us...@gmail.com> proto=ESMTP
> helo=<webmail.example.com>
> Jul 14 17:28:05 mail postfix/submission/smtpd[6855]: disconnect from
> webserver.example.local[172.16.21.1] ehlo=2 starttls=1 auth=1 mail=1
> rcpt=0/1 rset=1 quit=1 commands=7/8
DO NOT apply SPF checks to authenticated submission. Your master.cf
entry for submission should override all the standard restriction
lists with alternatives appropriate for submission (basically just
"permit_sasl_authenticated, reject").
--
Viktor.
