[pfx] Re: spf

On 08.07.24 11:42, natan via Postfix-users wrote: What you propose use ? Maybe instead of not accepting such mail will better is change score in SA ? W dniu 15.07.2024 o 12:06, Matus UHLAR - fantomas via Postfix-users pisze: This is a policy issue. You can choose your policy to be rejecting

[pfx] Re: spf

W dniu 15.07.2024 o 12:06, Matus UHLAR - fantomas via Postfix-users pisze: On 08.07.24 11:42, natan via Postfix-users wrote: What you propose use ? Maybe instead of not accepting such mail will better is change score in SA ? This is a policy issue. You can choose your policy to be rejecting

[pfx] Re: spf

On 08.07.24 11:42, natan via Postfix-users wrote: What you propose use ? Maybe instead of not accepting such mail will better is change score in SA ? This is a policy issue. You can choose your policy to be rejecting mail with spf=fail, both spf=fail and spf=softfail, or reject any mail whe

[pfx] Re: spf and Permerror

Did you read the error message: No valid SPF record for included domain: _spf.cyberfolks.pl: include:_spf.cyberfolks.pl. In fact, _spf.cyberfolks.pl does not have an SPF record. Either it needs to have one published or you need to remove the include. Scott K On July 8, 2024 2:47:54 PM UTC, n

[pfx] Re: spf and Permerror

Hi I try onother Permerror but I dont known why Jul  8 14:28:29 MX postfix/smtpd[48372]: NOQUEUE: reject: RCPT from s10b.cyber-folks.pl[193.17.184.42]: 550 5.7.24 : Recipient address rejected: Message rejected due to: SPF Permanent Error: No valid SPF record for included domain: _spf.cyberfol

[pfx] Re: spf

Hi What you propose use ? Maybe instead of not accepting such mail will better is change score in SA ? W dniu 8.07.2024 o 11:36, natan via Postfix-users pisze: Hi What value do you use in postfix-policyd-spf in PermError_reject ? HELO_reject = Fail Mail_From_reject = Fail #update 20240706 #P

[pfx] Re: spf

I am using the default value: PermError_reject = True But it totally depends by you. On 2024-07-08 17:36, natan via Postfix-users wrote: Hi What value do you use in postfix-policyd-spf in PermError_reject ? HELO_reject = Fail Mail_From_reject = Fail #update 20240706 #PermError_reject = False

[pfx] Re: spf and Permerror

natan via Postfix-users escribió el 27/06/2024 a las 15:48: W dniu 27.06.2024 o 15:39, Scott Kitterman via Postfix-users pisze: Hi Scott Jun 27 15:39:06 MX policyd-spf[3729]: prepend Received-SPF: Permerror (mailfrom) identity=mailfrom; client-ip=200.28.23.150; helo=200-28-23-150.baf.movistar.cl

[pfx] Re: spf and Permerror

On 27.06.24 15:30, natan via Postfix-users wrote: I have a strange problem with SPF and I honestly don't know what to pay attention to What is a Permerror in SPF In log i get: Jun 27 15:09:11 MX policyd-spf[57158]: prepend Received-SPF: Permerror (mailfrom) identity=mailfrom; client-ip=84.205

[pfx] Re: spf and Permerror

W dniu 27.06.2024 o 15:48, natan via Postfix-users pisze: W dniu 27.06.2024 o 15:39, Scott Kitterman via Postfix-users pisze: On June 27, 2024 1:30:37 PM UTC, natan via Postfix-users wrote: Hi I have a strange problem with SPF and I honestly don't know what to pay attention to What is a Per

[pfx] Re: spf and Permerror

W dniu 27.06.2024 o 15:39, Scott Kitterman via Postfix-users pisze: On June 27, 2024 1:30:37 PM UTC, natan via Postfix-users wrote: Hi I have a strange problem with SPF and I honestly don't know what to pay attention to What is a Permerror in SPF In log i get: Jun 27 15:09:11 MX policyd-sp

[pfx] Re: spf and Permerror

On June 27, 2024 1:30:37 PM UTC, natan via Postfix-users wrote: >Hi >I have a strange problem with SPF and I honestly don't know what to pay >attention to > >What is a Permerror in SPF >In log i get: > >Jun 27 15:09:11 MX policyd-spf[57158]: prepend Received-SPF: Permerror >(mailfrom) identit

[pfx] Re: SPF hostname and domainname

Peter via Postfix-users: > On 21/06/24 07:13, Wietse Venema via Postfix-users wrote: > > Bounces are sent with the null envelope.from address which has no > > domain. Therefore, SPF applies policy to a surrogate: the hostname > > in the SMTP client's HELO/EHLO command (as if the envelope.from > > a

[pfx] Re: SPF hostname and domainname

On 21/06/24 23:10, Matus UHLAR - fantomas via Postfix-users wrote: Peter via Postfix-users skrev den 2024-06-21 08:45: SPF/DKIM/DMARC Checklist for (IMO) the best chance of getting your mail to be accepted: 1.  HELO banner should pass SPF. 2.  Envelope Sender should pass SPF. 3.  Envelope Se

[pfx] Re: SPF hostname and domainname

On 21/06/24 21:49, Jaroslaw Rafa via Postfix-users wrote: Dnia 21.06.2024 o godz. 18:45:15 Peter via Postfix-users pisze: SPF/DKIM/DMARC Checklist for (IMO) the best chance of getting your mail to be accepted: 1. HELO banner should pass SPF. 2. Envelope Sender should pass SPF. 3. Envelope

[pfx] Re: SPF hostname and domainname

Peter via Postfix-users skrev den 2024-06-21 08:45: SPF/DKIM/DMARC Checklist for (IMO) the best chance of getting your mail to be accepted: 1. HELO banner should pass SPF. 2. Envelope Sender should pass SPF. 3. Envelope Sender domain should align with the From: header domain. 4. Message

[pfx] Re: SPF hostname and domainname

Dnia 21.06.2024 o godz. 18:45:15 Peter via Postfix-users pisze: > SPF/DKIM/DMARC Checklist for (IMO) the best chance of getting your > mail to be accepted: > > 1. HELO banner should pass SPF. > > 2. Envelope Sender should pass SPF. > > 3. Envelope Sender domain should align with the From: hea

[pfx] Re: SPF hostname and domainname

Peter via Postfix-users skrev den 2024-06-21 08:45: On 21/06/24 07:13, Wietse Venema via Postfix-users wrote: SPF/DKIM/DMARC Checklist for (IMO) the best chance of getting your mail to be accepted: 1. HELO banner should pass SPF. 2. Envelope Sender should pass SPF. 3. Envelope Sender do

[pfx] Re: SPF hostname and domainname

On 21/06/24 07:13, Wietse Venema via Postfix-users wrote: Bounces are sent with the null envelope.from address which has no domain. Therefore, SPF applies policy to a surrogate: the hostname in the SMTP client's HELO/EHLO command (as if the envelope.from address was postmaster@helo-argument). Th

[pfx] Re: SPF hostname and domainname

Le 21/06/2024 à 00:13, John Levine a écrit : It appears that Emmanuel Fusté via Postfix-users said: In the general case (not null sender), HELO SPF validation does not interfere with DMARC as DMARC only use the MAIL FROM identity. There was historically a bug in some DMARC implementation witch

[pfx] Re: SPF hostname and domainname

It appears that Emmanuel Fusté via Postfix-users said: >In the general case (not null sender), HELO SPF validation does not >interfere with DMARC as DMARC only use the MAIL FROM identity. >There was historically a bug in some DMARC implementation witch evaluate >whatever SPF identity check that

[pfx] Re: SPF hostname and domainname

Le 20/06/2024 à 21:13, Wietse Venema via Postfix-users a écrit : Bounces are sent with the null envelope.from address which has no domain. Therefore, SPF applies policy to a surrogate: the hostname in the SMTP client's HELO/EHLO command (as if the envelope.from address was postmaster@helo-argumen

[pfx] Re: SPF hostname and domainname

Bounces are sent with the null envelope.from address which has no domain. Therefore, SPF applies policy to a surrogate: the hostname in the SMTP client's HELO/EHLO command (as if the envelope.from address was postmaster@helo-argument). This helo-argument is by default the value of the Postfix myho

[pfx] Re: SPF hostname and domainname

So there's a confusion between the hostname of the mailer and the doamin to be used for the SPF check. Is anybody else seeing this ? Yes, I had to recently add an "a:" record to an SPF (for the sending hostname) as I was seeing some of these I think. Im confused by the language being used.

[pfx] Re: SPF hostname and domainname

On Thu, 20 Jun 2024, 2:01 pm Emmanuel Seyman via Postfix-users, < postfix-users@postfix.org> wrote: > > So there's a confusion between the hostname of the mailer and the > doamin to be used for the SPF check. Is anybody else seeing this ? > Yes, I had to recently add an "a:" record to an SPF (for

[pfx] Re: SPF hostname and domainname

On 2024-06-20 at 09:00:35 UTC-0400 (Thu, 20 Jun 2024 15:00:35 +0200) Emmanuel Seyman via Postfix-users is rumored to have said: Hello, all. Since yesterday, I've started seeing email from my servers getting rejected due to SPF problems. 550 5.7.23 : Sender address rejected: Message rejected

[pfx] Re: SPF format question

On June 9, 2024 12:17:38 PM UTC, Jeff Peng via Postfix-users wrote: >Hello > >If I have a mx server: mx.host.com whose ip is 1.2.3.4. > >The domain.com who use this mx server may have the following SPF. > >v=spf1 mx ~all >v=spf1 ip4:1.2.3.4 ~all >v=spf1 a:mx.host.com ~all >v=spf1 mx:domain.com

[pfx] Re: SPF questions

On 2023-06-12 at 04:19:12 UTC-0400 (Mon, 12 Jun 2023 20:19:12 +1200) Peter via Postfix-users is rumored to have said: > Technically it's an invalid MX record because MX records must point to a > hostname, not an IP address. > > They are probably trying (but failing) to implement a null MX record

[pfx] Re: SPF questions

Technically it's an invalid MX record because MX records must point to a hostname, not an IP address. They are probably trying (but failing) to implement a null MX record: https://www.rfc-editor.org/rfc/rfc7505 Peter On 12/06/23 19:50, wesley--- via Postfix-users wrote: Note there is also

[pfx] Re: SPF questions

I saw some domains have MX pointing to 127.0.0.1. what does this mean? This will tell the sender of the email to connect to 127.0.0.1 which is itself. It will send the mail program chasing its own tail. ___ Postfix-users mailing list -- postfix-users@

[pfx] Re: SPF questions

Note there is also RFC 7505 "Null MX" where you simply add "IN MX 0 ." to any DNS name you wish not to send or accept e-mail. (this is designed to work around implicie MX records when A record is present). On 12.06.23 07:50, wesley--- via Postfix-users wrote: I saw some domains have MX pointing

[pfx] Re: SPF questions

Dnia 10.06.2023 o godz. 17:33:06 Gerd Hoerst via Postfix-users pisze: my entry e.g.    600 IN TXT    "v=spf1 a mx -all" that mean all servers listet in MX enrties of my domain are allowed to send emails from my domain So if you receive an email from my domain which are not sent from on

[pfx] Re: SPF questions

Dnia 10.06.2023 o godz. 17:33:06 Gerd Hoerst via Postfix-users pisze: > my entry e.g. > >    600 IN TXT    "v=spf1 a mx -all" > > that mean all servers listet in MX enrties of my domain are allowed > to send emails from my domain > > So if you receive an email from my domain which are no

[pfx] Re: SPF questions

Hi ! The dns entry provides info from which mailservers the receiptient should only accpet email from entire domain... whta the receiptiten is doing with that information is up to your settings in postfix my entry e.g.    600 IN TXT    "v=spf1 a mx -all" that mean all servers listet in

[pfx] Re: SPF questions

wesley--- via Postfix-users skrev den 2023-06-09 02:17: Hello, for this spf setting, bar.org. 3600 IN TXT "v=spf1 -all" no ip addresses were provided. does it mean all IP are passed, or no IP can pass? no ip will pass essentially all mails is rejected from that domain if recipient enforc

[pfx] Re: SPF: HELO does not publish an SPF Record

Jaroslaw Rafa: > Dnia 12.04.2023 o godz. 15:43:07 Fourhundred Thecat via Postfix-users pisze: >> OK, I see. >> So should the client (mail.example.com) then have it's own SPF record, >> in addition to the domain itself (example.com) ? > > If you plan to send mail with senders addresses as > someth.

[pfx] Re: SPF: HELO does not publish an SPF Record

Dnia 12.04.2023 o godz. 15:43:07 Fourhundred Thecat via Postfix-users pisze: > OK, I see. > So should the client (mail.example.com) then have it's own SPF record, > in addition to the domain itself (example.com) ? If you plan to send mail with senders addresses as someth...@mail.example.com, then

[pfx] Re: SPF: HELO does not publish an SPF Record

On 2023-04-12 at 06:41:02 UTC-0400 (Wed, 12 Apr 2023 12:41:02 +0200) Fourhundred Thecat via Postfix-users <400the...@gmx.ch> is rumored to have said: Hello, I have domain mydomain.com, with mx record: $ host -t mx mydomain.com mail.mydomain.com and I have SPF record on my domain: host

[pfx] Re: SPF: HELO does not publish an SPF Record

Matus UHLAR - fantomas wrote in |fantomas.fantomas.sk descriptive text "v=spf1 a -all" On April 12, 2023 2:00:01 PM UTC, Steffen Nurpmeso via Postfix-users wrote: Interesting this still works for you. I had to change to ~all because some behind-alias-expansion-and-forward collocutor de-fact

[pfx] Re: SPF: HELO does not publish an SPF Record

On April 12, 2023 2:00:01 PM UTC, Steffen Nurpmeso via Postfix-users wrote: >Matus UHLAR - fantomas wrote in > : > |On 12.04.23 12:41, Fourhundred Thecat via Postfix-users wrote: > ... > |>Does it mean that I should either: > |> > |> 1) create SPF record for mail.mydomain.com > ... > |I would

[pfx] Re: SPF: HELO does not publish an SPF Record

Matus UHLAR - fantomas wrote in : |On 12.04.23 12:41, Fourhundred Thecat via Postfix-users wrote: ... |>Does it mean that I should either: |> |> 1) create SPF record for mail.mydomain.com ... |I would do the first: | |fantomas.fantomas.sk descriptive text "v=spf1 a -all" Interesting thi

[pfx] Re: SPF: HELO does not publish an SPF Record

Fourhundred Thecat via Postfix-users: > > On 2023-04-12 15:30, Wietse Venema via Postfix-users wrote: > > Fourhundred Thecat via Postfix-users: > >> > On 2023-04-12 14:48, Byung-Hee HWANG via Postfix-users wrote: > > > > The smtp_helo_name used in the Postfix SMTP client should resolve to the >

[pfx] Re: SPF: HELO does not publish an SPF Record

> On 2023-04-12 15:30, Wietse Venema via Postfix-users wrote: Fourhundred Thecat via Postfix-users: > On 2023-04-12 14:48, Byung-Hee HWANG via Postfix-users wrote: The smtp_helo_name used in the Postfix SMTP client should resolve to the client IP address that is seen by a remote SMTP server.

[pfx] Re: SPF: HELO does not publish an SPF Record

Fourhundred Thecat via Postfix-users: > > On 2023-04-12 14:48, Byung-Hee HWANG via Postfix-users wrote: > >>2) change smtp_helo_name to > >> > >> smtp_helo_name = $mydomain > > > > It is very strange, i think. > > what do you mean? > is it strange to use example.com, instead of mail.exam

[pfx] Re: SPF: HELO does not publish an SPF Record

> On 2023-04-12 14:48, Byung-Hee HWANG via Postfix-users wrote: 2) change smtp_helo_name to smtp_helo_name = $mydomain It is very strange, i think. what do you mean? is it strange to use example.com, instead of mail.example.com as smtp_helo_name, when the smtp client is actually mail

[pfx] Re: SPF: HELO does not publish an SPF Record

> 2) change smtp_helo_name to > > smtp_helo_name = $mydomain It is very strange, i think. Sincerely, -- ^고맙습니다 _地平天成_ 감사합니다_^))// ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@pos

[pfx] Re: SPF: HELO does not publish an SPF Record

On 12.04.23 12:41, Fourhundred Thecat via Postfix-users wrote: I have domain mydomain.com, with mx record: Use example.com unless you are real owner of mydomain.com I have no SPF record on mail.mydomain.com itself. Now, when I check my email score on mail-tester.com, it says: SPF_HELO_NONE

Re: SPF fail and domain fail, why?

Maurizio Caloro skrev den 2023-01-17 19:55: # opendmarc-check caloro.ch DMARC record for caloro.ch: Sample percentage: 100 DKIM alignment: strict SPF alignment: relaxed Domain policy: none Subdomain policy: unspecified Aggregate report URIs:

Re: SPF fail and domain fail, why?

On Tue, Jan 17, 2023 at 07:55:08PM +0100, Maurizio Caloro wrote: > > Am 17.01.2023 um 03:34 schrieb Scott Kitterman: > > > > On January 17, 2023 2:25:34 AM UTC, raf wrote: > > > On Mon, Jan 16, 2023 at 08:01:10PM +0100, Maurizio > > > Caloro wrote: > > > > > > > Hello > > > > > > > > Plea

Re: SPF fail and domain fail, why?

Am 17.01.2023 um 03:34 schrieb Scott Kitterman: On January 17, 2023 2:25:34 AM UTC, raf wrote: On Mon, Jan 16, 2023 at 08:01:10PM +0100, Maurizio Caloro wrote: Hello Please one more thing about Opendmarc, if send any email to any where i see in log SPF fail, domain.ch fail ? Jan 16 19:4

Re: SPF fail and domain fail, why?

On January 17, 2023 2:25:34 AM UTC, raf wrote: >On Mon, Jan 16, 2023 at 08:01:10PM +0100, Maurizio Caloro >wrote: > >> Hello >> >> Please one more thing about Opendmarc, if send any email to any where >> i see in log SPF fail, domain.ch fail ? >> >> Jan 16 19:43:39 nmail opendkim[16490]: B6

Re: SPF fail and domain fail, why?

On Mon, Jan 16, 2023 at 08:01:10PM +0100, Maurizio Caloro wrote: > Hello > > Please one more thing about Opendmarc, if send any email to any where > i see in log SPF fail, domain.ch fail ? > > Jan 16 19:43:39 nmail opendkim[16490]: B6090404C3: DKIM-Signature field > added (s=nmail, d=caloro.ch

Re: SPF questions

On November 18, 2022 3:04:44 AM UTC, linux...@gmx.net wrote: >Dear List, > >I have enabled policyd-spf in postfix: > >smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, >reject_unauth_destination, check_policy_service unix:private/policyd-spf > > >but can you help that

Re: SPF and policyd

On Sunday, February 20, 2022 10:26:56 AM EST Alex wrote: > Hi, I'm using the SPF policyd service recommended here some time ago. > I hoped I could ask some questions about how it works since it doesn't > appear to have any other direct support avenues available. > > I'm trying to understand the fo

Re: SPF still fails; Was: Echange virtual and local domain

On 7/4/21 5:37 AM, Markus Grunwald wrote: > And the error: > > SPF Alignment: Domain not found in SPF > I think you're perhaps just misunderstanding what an "SPF Alignment" error is (according to MXToolbox). If you view this page: https://mxtoolbox.

Re: [EXTERNAL] Re: SPF and DKIM and DMARC records for a relay, on my !

Paeps Date: Tuesday, June 29, 2021 at 00:51 To: Daniel White Cc: Postfix users Subject: [EXTERNAL] Re: SPF and DKIM and DMARC records for a relay, on my ! On 2021-06-29 02:09:10 (+0800), White, Daniel E. (GSFC-770.0)[NICS] wrote: > We are trying to understand all of these because

Re: SPF and DKIM and DMARC records for a relay, on my !

On 2021-06-29 02:09:10 (+0800), White, Daniel E. (GSFC-770.0)[NICS] wrote: We are trying to understand all of these because we will be required to use them eventually. I am getting my info at https://www.dmarcanalyzer.com/spf/ If we add an IP to our SPF record, is any additional action necessa

Re: SPF and DKIM and DMARC records for a relay, on my !

On 28.06.21 18:09, White, Daniel E. (GSFC-770.0)[NICS] wrote: We are trying to understand all of these because we will be required to use them eventually. I am getting my info at https://www.dmarcanalyzer.com/spf/ If we add an IP to our SPF record, is any additional action necessary for the D

Re: SPF guidance

On 2021-06-23 at 12:00:39 UTC-0400 (Wed, 23 Jun 2021 18:00:39 +0200) David Bürgin is rumored to have said: Alex: I've set up postfix to use policyd-spf using python-policyd-spf and have some questions. Hopefully this isn't off-topic, as my search returns results from only many years ago. Is th

Re: SPF guidance

Alex: I've set up postfix to use policyd-spf using python-policyd-spf and have some questions. Hopefully this isn't off-topic, as my search returns results from only many years ago. Is this still the best SPF policy service for postfix integration on Linux? You can verify SPF using a policy ser

Re: SPF/DMARC modified by host en route

On 27 Apr 2021, at 14:41, Jeff Abrahamson wrote: So you note "This perfectly valid signature is useless for DMARC unless the From header address is in p27.eu."   And, indeed, nantes-m1.p27.eu is MX for p27.eu and for mobilitains.fr.  I'd understood that DKIM/DMARC should match the MX hosts na

Re: SPF/DMARC modified by host en route

On 27/04/2021 19:33, Bill Cole wrote: [TBird goofy URL-ification of everything left intact because I'm too lazy to fix someone else's MUA garbage] Yes, sorry.  For some purposes it would be better that I use mutt. For work (where I am now), compatibility with others leaves me using thunderbird

Re: SPF/DMARC modified by host en route

[TBird goofy URL-ification of everything left intact because I'm too lazy to fix someone else's MUA garbage] On 26 Apr 2021, at 9:13, Jeff Abrahamson wrote: ARC-Authentication-Results: i=1; [mx.google.com](); dkim=pass header.i=@[p27.eu]() h

Re: SPF/DMARC modified by host en route

On 26/04/2021 14:46, Dominic Raferd wrote: > > On 26/04/2021 13:31, Jeff Abrahamson wrote: >> On 26/04/2021 12:56, Dominic Raferd wrote: >>> On 26/04/2021 10:16, Jeff Abrahamson wrote: I'm seeing a disturbing (but minority) number of hosts that class our mail is spam.  After some digging,

Re: SPF/DMARC modified by host en route

On 26/04/2021 13:31, Jeff Abrahamson wrote: On 26/04/2021 12:56, Dominic Raferd wrote: On 26/04/2021 10:16, Jeff Abrahamson wrote: I'm seeing a disturbing (but minority) number of hosts that class our mail is spam.  After some digging, I've found an interesting test case.  What I'm uncertain

Re: SPF/DMARC modified by host en route

On Mon, Apr 26, 2021 at 02:31:28PM +0200, Jeff Abrahamson wrote: > Thanks.  That's what I thought, too.  But this is the strange thing: > gmail reports that the DKIM signature is good even while complaining > that DMARC fails.  (And so gmail classes as spam, apparently.) This should only happen if

Re: SPF/DMARC modified by host en route

On 26/04/2021 12:56, Dominic Raferd wrote: > On 26/04/2021 10:16, Jeff Abrahamson wrote: >> >> I'm seeing a disturbing (but minority) number of hosts that class our >> mail is spam.  After some digging, I've found an interesting test >> case.  What I'm uncertain of is if this represents a config er

Re: SPF/DMARC modified by host en route

On 26/04/2021 10:16, Jeff Abrahamson wrote: I'm seeing a disturbing (but minority) number of hosts that class our mail is spam.  After some digging, I've found an interesting test case.  What I'm uncertain of is if this represents a config error on our side or a (grossly) misbehaving mail hos

Re: spf failures on forwarded emails

On 11.12.20 13:09, mj wrote: We started received SPF failures on forwarded emails, from our domainA to remote domainB. I have googled, and Sender Rewriting Scheme (SRS) comes up as a possible solution, but all the links and docs are old. (2015, 2014, not recent) I would just like to ask the

Re: [External] Re: SPF IP addresses limit question

On 2/23/2020 11:30 PM, Mohamed Lrhazi wrote: > > My question still was: Suppose I comply with all the > recommendations and best practices in composing my SPF records... Do I > still need to worry about the number of IP addresses (v4/v6/ciders) > that I put in each record? Yes. In the anti-spam wo

Re: SPF IP addresses limit question

On February 24, 2020 4:30:37 AM UTC, Mohamed Lrhazi wrote: >Thanks all, > >My question still was: Suppose I comply with all the recommendations >and >best practices in composing my SPF records... Do I still need to worry >about the number of IP addresses (v4/v6/ciders) that I put in each >recor

Re: SPF IP addresses limit question

Thanks all, My question still was: Suppose I comply with all the recommendations and best practices in composing my SPF records... Do I still need to worry about the number of IP addresses (v4/v6/ciders) that I put in each record? I guess if I could really stick with sub 512 bytes records, I coul

Re: SPF IP addresses limit question

On Sun, Feb 23, 2020 at 06:44:34PM -0500, Mohamed Lrhazi wrote: > record flattening is the process of replacing include, and other lookup > generating mechanisms, with their resulting ip addresses. > My question is how many IPs can one put in a single spf record? > > It appears the RFC does not t

Re: [External] Re: SPF IP addresses limit question

On 2/23/2020 7:08 PM, Scott Kitterman wrote: > The limits are a function of DNS, not SPF, which is why RFC 7208 Section 3.4. > was written. I would there is also a somewhat arbitrary limit that was picked that doesn't t match the real world.  See https://bz.apache.org/SpamAssassin/show_bug.cgi?id

Re: SPF IP addresses limit question

On Sunday, February 23, 2020 6:44:34 PM EST Mohamed Lrhazi wrote: > On Sun, Feb 23, 2020 at 3:23 PM Benny > > > https://dmarcian.com/spf-survey/?domain=spf.255.cuaemail.org > > > > see Record flattening > > record flattening is the process of replacing include, and other lookup > generating mech

Re: SPF IP addresses limit question

On Sun, Feb 23, 2020 at 3:23 PM Benny > > https://dmarcian.com/spf-survey/?domain=spf.255.cuaemail.org > > see Record flattening record flattening is the process of replacing include, and other lookup generating mechanisms, with their resulting ip addresses. My question is how many IPs can one p

Re: SPF IP addresses limit question

On Sunday, February 23, 2020 3:26:07 PM EST Benny Pedersen wrote: > Scott Kitterman skrev den 2020-02-23 21:03: > > There is no hard limit. See RFC 7208 Section 3.4. > > sadly :( > > even ip4:0.0.0.0/0 is valid > > could pypolicyd-spf break rfc so only domains under 255 ipv4 is valid > results

Re: SPF IP addresses limit question

Scott Kitterman skrev den 2020-02-23 21:03: There is no hard limit. See RFC 7208 Section 3.4. sadly :( even ip4:0.0.0.0/0 is valid could pypolicyd-spf break rfc so only domains under 255 ipv4 is valid results ?, imho its insane that its supported unlimited

Re: SPF IP addresses limit question

Mohamed Lrhazi skrev den 2020-02-23 20:53: Using addr...@spf.101.cuaemail.org, gmail also passes. The SPF for this domain has 101 addresses. https://dmarcian.com/spf-survey/?domain=spf.255.cuaemail.org see Record flattening

Re: SPF IP addresses limit question

On Sunday, February 23, 2020 2:53:28 PM EST Mohamed Lrhazi wrote: > Hello all, > > Sorry for a non-postfix specific question. > > I am running into an issue with a big SPF record I had been maintaining. I > went ahead a broke it up using the include: mechanism, but am still trying > to figure out

Re: "SPF no-mail record" clashing with reject_unknown_recipient_domain

Ehlers, Y.W. (Ydo): There is no MX record, there is no A record, so mail can not be delivered. And Microsoft tops it off by explicitely claiming no e-mail will be send from this domain for the record: one like to use RFC 7505 to express "this domain don't send / receive email" adding an

Re: "SPF no-mail record" clashing with reject_unknown_recipient_domain

Wietse, you're absolutely right. I thought I checked my findings correctly, but I missed this one. I'll direct my attention to my networking colleagues for a properly configured DNS server. Ydo Ehlers On 28-10-2019 12:11, Wietse Venema wrote: > Ehlers, Y.W. (Ydo): >> This usage of a single

Re: "SPF no-mail record" clashing with reject_unknown_recipient_domain

Ehlers, Y.W. (Ydo): > This usage of a single SPF record results in an existing domain from > Postfix's? perspective. Nope. It has nothing to do with SPF. Instead, it's a borked DNS server. reject_unknown_sender/recipient_domain looks for MX, A, and records (if compiled with IPv6 support). W

Re: SPF failure

On 15 Jul 2019, at 13:44, Phil Stracchino wrote: > > On 7/15/19 3:29 PM, Bill Cole wrote: >> On 15 Jul 2019, at 14:02, Phil Stracchino wrote: >>> And here's the log of the last failure: >> >> [...] >>> Jul 15 13:49:11 minbar policyd-spf[25139]: Starting >>> Jul 15 13:49:11 minbar policyd-spf[251

Re: SPF failure

On 7/15/19 4:56 PM, Bill Cole wrote: > On 15 Jul 2019, at 15:44, Phil Stracchino wrote: >> The question that comes to mind here is, if one should not reject mail >> based on SPF failures, then what is even the point of checking SPF? > > A test of SPF can have exactly one out of a fixed set of 7 p

Re: SPF failure

On 15 Jul 2019, at 15:44, Phil Stracchino wrote: On 7/15/19 3:29 PM, Bill Cole wrote: On 15 Jul 2019, at 14:02, Phil Stracchino wrote: And here's the log of the last failure: [...] Jul 15 13:49:11 minbar policyd-spf[25139]: Starting Jul 15 13:49:11 minbar policyd-spf[25139]: Config: {'debug

Re: SPF failure

On 7/15/19 4:08 PM, Noel Jones wrote: > On 7/15/2019 2:44 PM, Phil Stracchino wrote: >> >> The question that comes to mind here is, if one should not reject mail >> based on SPF failures, then what is even the point of checking SPF? > > Please distinguish between "SPF check failed because this is

Re: SPF failure

On 7/15/2019 2:44 PM, Phil Stracchino wrote: On 7/15/19 3:29 PM, Bill Cole wrote: On 15 Jul 2019, at 14:02, Phil Stracchino wrote: And here's the log of the last failure: [...] Jul 15 13:49:11 minbar policyd-spf[25139]: Starting Jul 15 13:49:11 minbar policyd-spf[25139]: Config: {'debugLevel

Re: SPF failure

According to this site, websitewelcome has 10 lookups on its own: https://emailstuff.org/spf/check The websitewelcome spf record includes the google spf record, so forevermetalroof.com shouldn't need the mx in their spf. The emailstuff.org tool has an SPF minimizer that looks interesting. Bu

Re: SPF failure

On 7/15/19 3:29 PM, Bill Cole wrote: > On 15 Jul 2019, at 14:02, Phil Stracchino wrote: >> And here's the log of the last failure: > > [...] >> Jul 15 13:49:11 minbar policyd-spf[25139]: Starting >> Jul 15 13:49:11 minbar policyd-spf[25139]: Config: {'debugLevel': 3, >> 'HELO_reject': 'SPF_Not_Pas

Re: SPF failure

On 7/15/19 3:12 PM, Fazzina, Angelo wrote: > When you plug your domain [forevermetalroof.com] in here you see too many > lookups explained better Yeah, that's what I figured out and several others pointed out. Looks like the problem is the company's mail hosting, and their IT guy is working on

Re: SPF failure

On 15 Jul 2019, at 14:02, Phil Stracchino wrote: I have mail from one specific domain (handled by Google) being rejected by pypolicyd-spf because of an apparent DNS lookup problem — 'SPF Permanent Error: Too many DNS lookups' That should not cause rejection. It should be the equivalent of not

RE: SPF failure

When you plug your domain [forevermetalroof.com] in here you see too many lookups explained better https://dmarcian.com/spf-survey/ limit is 10. -ANGELO FAZZINA ang...@uconn.edu University of Connecticut,  ITS, SSG, Server Systems 860-486-9075 -Original Message- From: owner-postfix-us

Re: SPF and Greylisting

On 5 Apr 2019, at 09:11, Viktor Dukhovni wrote: > Note that you SHOULD NOT ultimately refuse email on SPF softfail, > but greylisting would be OK, if you find it meets your needs. Is grey listing still effective? I know when I stopped using it it was not doing much of anything and I can't imagin

RE: SPF and Greylisting

or), eventually it will either be rejected by a following rule or greylisted by the final policy check. Steve -Original Message- From: owner-postfix-us...@postfix.org On Behalf Of Wietse Venema Sent: April 5, 2019 11:20 AM To: Postfix users Subject: Re: SPF and Greylisting st...@dou

Re: SPF and Greylisting

On April 5, 2019 2:55:38 PM UTC, st...@douville.net wrote: >Hi, > > > >policyd-spf and postgrey are implemented and working. > > > >With exim, I was able to check the spf result and greylist upon >receiving a >certain result. I'm using Mail_From_pass_restriction = mfrom_passed_spf >in >policy-

Re: SPF and Greylisting

st...@douville.net: > Hi, > > policyd-spf and postgrey are implemented and working. > > With exim, I was able to check the spf result and greylist upon receiving a > certain result. I'm using Mail_From_pass_restriction = mfrom_passed_spf in > policy-spf.conf. > > Is there any way I can defer or gre

Re: SPF and Greylisting

On Fri, Apr 05, 2019 at 10:55:38AM -0400, st...@douville.net wrote: > Hi, > > policyd-spf and postgrey are implemented and working. > > Is there any way I can defer or greylist based on an spf result of Softfail? Yes, by having the policy service return a 4XX response. Postfix will do whatever

Re: SPF Temperrors - minor thing

stfix-users@postfix.org Subject: Re: SPF Temperrors - minor thing Date: Wed, 27 Mar 2019 01:57:12 +0100 Thank you Scott K. I just read the RFC7208, very well written. My favorite line was at the end in the second to last paragraph, talking about TempError local policy considerations:  "..thi

Re: SPF Temperrors - minor thing

eived-SPF: Temperror (mailfrom) identity=mailfrom; client-ip=167.89.106.69; helo=o1.31qt.s2shared.sendgrid.net; envelope-from=bounces+9243903-ab61- esteban=little-beak@em8306.emailtester.org; receiver=esteban@little -beak.com -Original Message- From: Scott Kitterman To: postfix-users@po

  1   2   3   4   >