On 7/15/2019 2:44 PM, Phil Stracchino wrote:
On 7/15/19 3:29 PM, Bill Cole wrote:
On 15 Jul 2019, at 14:02, Phil Stracchino wrote:
And here's the log of the last failure:
[...]
Jul 15 13:49:11 minbar policyd-spf[25139]: Starting
Jul 15 13:49:11 minbar policyd-spf[25139]: Config: {'debugLevel': 3,
'HELO_reject': 'SPF_Not_Pass', 'Mail_From_reject': 'SPF_Not_Pass',
AHA! Config!
'PermError_reject': 'True',
I would guess that means that you have *explicitly chosen* to reject
mail when hitting a "PermError."
Don't do that.
The question that comes to mind here is, if one should not reject mail
based on SPF failures, then what is even the point of checking SPF?
Please distinguish between "SPF check failed because this is not an
authorized IP" and "SPF could not be checked because of a malformed
record or infrastructure failure". This is the latter, and the
reasonable action is to ignore the SPF record.
-- Noel Jones
