Re: postfix error in spf

Sun, 14 Jul 2019 16:25:59 -0700 

Hello Viktor,

Thanks for your reply. Is my configuration overdoing it?

Here's my submission snipet:
submission inet n       -       n       -       -       smtpd
 -o syslog_name=postfix/submission
 -o smtpd_tls_security_level=encrypt
    -o smtpd_sasl_auth_enable=yes
    -o smtpd_sasl_type=dovecot
    -o smtpd_sasl_path=private/auth
    -o smtpd_sasl_security_options=noanonymous
    -o smtpd_client_restrictions=$mua_client_restrictions
    -o smtpd_sender_restrictions=$mua_sender_restrictions
    -o smtpd_relay_restrictions=$mua_relay_restrictions
    -o milter_macro_daemon_name=ORIGINATING
 -o tls_preempt_cipherlist=yes
    -o 
smtpd_sender_login_maps=mysql:/usr/local/etc/postfix/db/sender-login-maps.cf

and a main.cf snipet:
mua_relay_restrictions =
reject_non_fqdn_recipient,reject_unknown_recipient_domain,permit_mynetworks,permit_sasl_authenticated,reject
mua_sender_restrictions =
permit_mynetworks,reject_non_fqdn_sender,reject_sender_login_mismatch,permit_sasl_authenticated,reject
mua_client_restrictions = permit_mynetworks,permit_sasl_authenticated,reject

Thanks.
Dave.


On 7/14/19, Viktor Dukhovni <postfix-us...@dukhovni.org> wrote:
> On Sun, Jul 14, 2019 at 05:41:14PM -0400, David Mehler wrote:
>
>> I've got a postfix virtual domain setup in a freebsd jail. A separate
>> jail holds the webmail server. This is version 3.4.5 of Postfix. I've
>> got spf, and am trying to send out a test email. This is what I'm
>> getting:
>>
>> Jul 14 17:28:04 mail postfix/submission/smtpd[6855]: connect from
>> webserver.example.local[172.16.21.1]
>> Jul 14 17:28:05 mail postfix/policy-spf[9379]: Policy action=550
>> Please see
>> http://www.openspf.net/Why?s=mfrom;id=user%40example.com;ip=172.16.21.1;r=mail.example.local
>> Jul 14 17:28:05 mail postfix/submission/smtpd[6855]: NOQUEUE: reject:
>> RCPT from webserver.example.local[172.16.21.1]: 550 5.7.1
>> <us...@gmail.com>: Recipient address rejected: Please see
>> http://www.openspf.net/Why?s=mfrom;id=user%40example.com;ip=172.16.21.1;r=mail.example.local;
>> from=<u...@example.com> to=<us...@gmail.com> proto=ESMTP
>> helo=<webmail.example.com>
>> Jul 14 17:28:05 mail postfix/submission/smtpd[6855]: disconnect from
>> webserver.example.local[172.16.21.1] ehlo=2 starttls=1 auth=1 mail=1
>> rcpt=0/1 rset=1 quit=1 commands=7/8
>
> DO NOT apply SPF checks to authenticated submission.  Your master.cf
> entry for submission should override all the standard restriction
> lists with alternatives appropriate for submission (basically just
> "permit_sasl_authenticated, reject").
>
> --
>       Viktor.
>

Reply via email to