Unable to receive mails from domains that have an SPF fail '-all' policy

C

Cr4zyFl1x

New Member
May 25, 2020
2
0
1
24
Hey guys!

Recently I got a problem that I can't receive mails from email addresses whose domain has an SPF fail (-all) policy. (See Syslog:21)
All other mails are working perfectly but those not :(

So do you know what to change in my configuration that I'll be also able to receive the mails?


Code: 
Jan 10 19:47:35 mx-fra4 postfix/postscreen[68830]: PASS NEW [1.2.3.4]:43035
Jan 10 19:47:36 mx-fra4 postfix/smtpd[68839]: connect from example.org[1.2.3.4]
Jan 10 19:47:36 mx-fra4 postfix/smtpd[68839]: Anonymous TLS connection established from example.org[1.2.3.4]: TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
Jan 10 19:47:36 mx-fra4 postfix/smtpd[68839]: E46EE181124: client=example.org[1.2.3.4]
Jan 10 19:47:36 mx-fra4 postfix/cleanup[68843]: E46EE181124: message-id=<kDJ9oR5PJGB8wsbTr3hf634wgTUfF9NEnXSvoqGQo@example.de>
Jan 10 19:47:36 mx-fra4 postfix/qmgr[64318]: E46EE181124: from=<shop@example.de>, size=11141, nrcpt=1 (queue active)
Jan 10 19:47:36 mx-fra4 postfix/smtpd[68839]: disconnect from example.org[1.2.3.4] ehlo=2 starttls=1 mail=1 rcpt=1 data=1 quit=1 commands=7
Jan 10 19:47:36 mx-fra4 pmg-smtp-filter[66754]: 2022/01/10-19:47:36 CONNECT TCP Peer: "[127.0.0.1]:41088" Local: "[127.0.0.1]:10024"
Jan 10 19:47:36 mx-fra4 pmg-smtp-filter[66754]: 18113861DC7F48F1411: new mail message-id=<kDJ9oR5PJGB8wsbTr3hf634wgTUfF9NEnXSvoqGQo@example.de>
Jan 10 19:47:40 mx-fra4 pmg-smtp-filter[66754]: 18113861DC7F48F1411: SA score=0/5 time=3.531 bayes=undefined autolearn=ham autolearn_force=no hits=DKIM_SIGNED(0.1),DKIM_VALID(-0.1),DKIM_VALID_AU(-0.1),DKIM_VALID_EF(-0.1),HTML_MESSAGE(0.001),KAM_SHORT(0.001),RCVD_IN_DNSWL_BLOCKED(0.001),SPF_HELO_PASS(-0.001),SPF_PASS(-0.001),T_REMOTE_IMAGE(0.01),URIBL_BLOCKED(0.001)
Jan 10 19:47:40 mx-fra4 postfix/smtpd[68852]: connect from localhost.localdomain[127.0.0.1]
Jan 10 19:47:40 mx-fra4 postfix/smtpd[68852]: 8D8B618113B: client=localhost.localdomain[127.0.0.1], orig_client=example.org[1.2.3.4]
Jan 10 19:47:40 mx-fra4 postfix/cleanup[68843]: 8D8B618113B: message-id=<kDJ9oR5PJGB8wsbTr3hf634wgTUfF9NEnXSvoqGQo@example.de>
Jan 10 19:47:40 mx-fra4 postfix/qmgr[64318]: 8D8B618113B: from=<shop@example.de>, size=12474, nrcpt=1 (queue active)
Jan 10 19:47:40 mx-fra4 pmg-smtp-filter[66754]: 18113861DC7F48F1411: accept mail to <allgemein@example.com> (8D8B618113B) (rule: default-accept)
Jan 10 19:47:40 mx-fra4 postfix/smtpd[68852]: disconnect from localhost.localdomain[127.0.0.1] ehlo=1 xforward=1 mail=1 rcpt=1 data=1 commands=5
Jan 10 19:47:40 mx-fra4 pmg-smtp-filter[66754]: 18113861DC7F48F1411: processing time: 3.598 seconds (3.531, 0.032, 0)
Jan 10 19:47:40 mx-fra4 postfix/lmtp[68844]: E46EE181124: to=<allgemein@example.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=3.7, delays=0.03/0.02/0/3.6, dsn=2.5.0, status=sent (250 2.5.0 OK (18113861DC7F48F1411))
Jan 10 19:47:40 mx-fra4 postfix/qmgr[64318]: E46EE181124: removed
Jan 10 19:47:42 mx-fra4 postfix/smtp[68853]: Trusted TLS connection established to 5.6.7.8[5.6.7.8]:25: TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-384) server-signature RSA-PSS (4096 bits) server-digest SHA256
Jan 10 19:47:42 mx-fra4 postfix/smtp[68853]: 8D8B618113B: to=<allgemein@example.com>, relay=5.6.7.8[5.6.7.8]:25, delay=2.4, delays=0.01/0.02/1.9/0.44, dsn=5.7.23, status=bounced (host 5.6.7.8[5.6.7.8] said: 550 5.7.23 <allgemein@example.com>: Recipient address rejected: Message rejected due to: SPF fail - not authorized. Please see http://www.openspf.net/Why?s=mfrom;id=shop@example.de;ip=185.240.242.14;r=<UNKNOWN> (in reply to RCPT TO command))
Jan 10 19:47:42 mx-fra4 postfix/cleanup[68843]: E6CA3181138: message-id=<20220110184742.E6CA3181138@mx-fra4.pmg.example.net>
Jan 10 19:47:42 mx-fra4 postfix/bounce[68864]: 8D8B618113B: sender non-delivery notification: E6CA3181138
Jan 10 19:47:42 mx-fra4 postfix/qmgr[64318]: E6CA3181138: from=<>, size=15007, nrcpt=1 (queue active)
Jan 10 19:47:42 mx-fra4 postfix/qmgr[64318]: 8D8B618113B: removed
Jan 10 19:47:54 mx-fra4 postfix/smtp[68853]: Trusted TLS connection established to mail.example.de[1.2.3.4]:25: TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)
Jan 10 19:47:59 mx-fra4 postfix/smtp[68853]: E6CA3181138: to=<shop@example.de>, relay=mail.example.de[1.2.3.4]:25, delay=17, delays=0/0/11/5.4, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 56BD51405CD)
Jan 10 19:47:59 mx-fra4 postfix/qmgr[64318]: E6CA3181138: removed
 
it seems the server at '5.6.7.8' does itself spf checks but since your pmg will not be in that list is blocked
simply configure your downstream server to not do spf checks, pmg already does that
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back