Re: Issue with postfix-policyd-spf-perl

Wed, 12 May 2021 12:11:46 -0700 

Hello,

Thanks. Here's my master.cf submission entry:

submission inet n       -       n       -       -       smtpd
 -o syslog_name=postfix/submission
 -o smtpd_tls_security_level=encrypt
    -o smtpd_sasl_auth_enable=yes
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
    -o milter_macro_daemon_name=ORIGINATING
 -o tls_preempt_cipherlist=yes
    -o 
smtpd_sender_login_maps=mysql:/usr/local/etc/postfix/db/sender-login-maps.cf

What do I need to add?

With openspf.net being down what do you recommend for an spf service upgrade?

Thanks.
Dave.


On 5/12/21, Noel Jones <njo...@megan.vbhcs.org> wrote:
>
> On 5/12/2021 12:26 PM, David Mehler wrote:
>> Hello,
>>
>> I'm running Postfix 3.6, I just upgraded. I do not know if this issue
>> occurred because of the upgrade or prior to it as I hadn't sent any
>> mail through this account lately.
>>
>> I'm having an issue with spf, error log below, if I comment out check
>> policy for spf under recipient_restrictions things work fine, turn it
>> back on and this is the log that I get, addresses obfuscated.
>>
>> May 12 12:26:40 mail postfix/submission/smtpd[90536]: connect from
>> xxx-xxx-xxx-xxx.xxx.xxx.xxx.xxx[xxx.xxx.xxx]
>
>> May 12 12:26:43 mail postfix/submission/smtpd[90536]: NOQUEUE: reject:
>> RCPT from xxx-xxx-xxx-xxx.xxx.xxx.xxx.xxx[xxx.xxx.xxx.xxx]: 550 5.7.1
>> <xxx....@xxx.xxx>: Recipient address rejected: Please see
>> http://www.openspf.net/Why?s=mfrom;id=xxx%40xxx.xxx;ip=xxx.xxx.xxx.xxx;r=xxx.xxx.xxx;
>> from=<x...@xxx.xxx> to=<xxx....@xxx.xxx> proto=ESMTP
>> helo=<[192.168.15.8]>
>
>>
>> Here's my postconf -n output any suggestions as to why this is
>> happening appreciated, I went to the web site indicated in the error
>> log, but was told that site didn't exist.
>>
>
> Don't use SPF on the submission interface. The local IP submitting
> the mail is very unlikely to be listed in the SPF allowed list.
>
> This is unrelated to your postfix upgrade.
>
> To fix this, use overrides in the master.cf submission entry to
> disable all but the required entries. There should be a basic
> example included in the default master.cf
>
>
> I don't think the openspf.net website is active anymore. While that
> won't break your SPF check, it does make the error response
> confusing. Maybe time to update your SPF service too.
>
>
>
>    -- Noel Jones
>

Reply via email to