I have mail from one specific domain (handled by Google) being rejected
by pypolicyd-spf because of an apparent DNS lookup problem — 'SPF
Permanent Error: Too many DNS lookups' — but it is not obvious to me
what the problem is, unless it's something to do with having five MX
forwarders to look up. Only this one domain seems to be affected. I
can SEND mail to them, but not RECEIVE mail from them. I have added
forevermetalroofs.com to pypolicyd's domain whitelist, and it didn't help.
Their SPF record is:
forevermetalroof.com descriptive text "v=spf1 a mx
include:websitewelcome.com +include:sendgrid.net ~all"
And here's the log of the last failure:
Jul 15 13:48:59 minbar postfix/postscreen[24844]: CONNECT from
[209.85.160.176]:37644 to [10.24.32.15]:25
Jul 15 13:49:05 minbar postfix/postscreen[24844]: PASS NEW
[209.85.160.176]:37644
Jul 15 13:49:05 minbar postfix/smtpd[25113]: connect from
mail-qt1-f176.google.com[209.85.160.176]
Jul 15 13:49:05 minbar postfix/smtpd[25113]: warning: connect to Milter
service inet:localhost:8891: Connection refused
Jul 15 13:49:05 minbar postfix/smtpd[25113]: Anonymous TLS connection
established from mail-qt1-f176.google.com[209.85.160.176]: TLSv1.2 with
cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)
Jul 15 13:49:05 minbar postfix/smtpd[25113]: NOQUEUE: permit: RCPT from
mail-qt1-f176.google.com[209.85.160.176]: action=permit for Helo
command=mail-qt1-f176.google.com ; from=<d...@forevermetalroof.com>
to=<roof...@caerllewys.net> proto=ESMTP helo=<mail-qt1-f176.google.com>
Jul 15 13:49:11 minbar policyd-spf[25139]: Starting
Jul 15 13:49:11 minbar policyd-spf[25139]: Config: {'debugLevel': 3,
'HELO_reject': 'SPF_Not_Pass', 'Mail_From_reject': 'SPF_Not_Pass',
'PermError_reject': 'True', 'TempError_Defer': 'True', 'skip_addresses':
'127.0.0.0/8,::ffff:127.0.0.0/104,::1', 'TestOnly': 1,
'SPF_Enhanced_Status_Codes': 'Yes', 'Header_Type': 'SPF',
'Hide_Receiver': 'Yes', 'Authserv_Id': 'minbar', 'Lookup_Time': 20,
'Whitelist_Lookup_Time': 10, 'Void_Limit': 2, 'Reason_Message': 'Message
{rejectdefer} due to: {spf}. Please see {url}', 'No_Mail': False,
'Mock': False, 'Whitelist': '10.24.32.0/20', 'Domain_Whitelist':
'thisistrue.com, forum.thisistrue.com, beefruityandnutty.com,
kimmel.com, novylen.net, pluspora.com, forevermetalroofs.com',
'HELO_Whitelist': 'hades.listmoms.net, panini.novylen.net,
fritter.limelight.ca'}
Jul 15 13:49:11 minbar policyd-spf[25139]: spfcheck: pyspf result:
"['None', '', 'helo']"
Jul 15 13:49:11 minbar policyd-spf[25139]: None; identity=no SPF record;
client-ip=209.85.160.176; helo=mail-qt1-f176.google.com;
envelope-from=d...@forevermetalroof.com; receiver=<UNKNOWN>
Jul 15 13:49:11 minbar policyd-spf[25139]: spfcheck: pyspf result:
"['Permerror', 'SPF Permanent Error: Too many DNS lookups', 'mailfrom']"
Jul 15 13:49:11 minbar policyd-spf[25139]: Permerror; identity=mailfrom;
client-ip=209.85.160.176; helo=mail-qt1-f176.google.com;
envelope-from=d...@forevermetalroof.com; receiver=<UNKNOWN>
Jul 15 13:49:11 minbar policyd-spf[25139]: Action: reject: Text: Message
rejected due to: SPF Permanent Error: Too many DNS lookups. Please see
http://www.openspf.net/Why?s=mfrom;id=d...@forevermetalroof.com;ip=209.85.160.176;r=<UNKNOWN>
Reject action: 550 5.7.24
Jul 15 13:49:11 minbar policyd-spf[25139]: 550 5.7.24 Message rejected
due to: SPF Permanent Error: Too many DNS lookups. Please see
http://www.openspf.net/Why?s=mfrom;id=d...@forevermetalroof.com;ip=209.85.160.176;r=<UNKNOWN>
Jul 15 13:49:11 minbar postfix/smtpd[25113]: NOQUEUE: reject: RCPT from
mail-qt1-f176.google.com[209.85.160.176]: 550 5.7.24
<roof...@caerllewys.net>: Recipient address rejected: Message rejected
due to: SPF Permanent Error: Too many DNS lookups. Please see
http://www.openspf.net/Why?s=mfrom;id=d...@forevermetalroof.com;ip=209.85.160.176;r=<UNKNOWN>;
from=<d...@forevermetalroof.com> to=<roof...@caerllewys.net> proto=ESMTP
helo=<mail-qt1-f176.google.com>
Jul 15 13:49:11 minbar postfix/smtpd[25113]: disconnect from
mail-qt1-f176.google.com[209.85.160.176] ehlo=2 starttls=1 mail=1
rcpt=0/1 bdat=0/1 quit=1 commands=5/7
Jul 15 13:50:51 minbar policyd-spf[25139]: Normal exit
It's not clear to me what the problem is here. Can anyone advise or
point out anything I've missed?
--
Phil Stracchino
Babylon Communications
ph...@caerllewys.net
p...@co.ordinate.org
Landline: +1.603.293.8485
Mobile: +1.603.998.6958
