HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   Server Operation (http://www.howtoforge.com/forums/forumdisplay.php?f=5)
-   -   Postfix mail server. Please help (http://www.howtoforge.com/forums/showthread.php?t=51457)

Scott.Paananen 15th February 2011 20:58

Postfix mail server. Please help
 
Hi everyone,
I am new to postfix, and i am having an issue.
We are not able to get mail from a certain company, our post fix logs show the following.

Note: i've removed personal information from the logs

Feb 14 15:10:54 SERVER02 postfix/smtpd[20199]: connect from mail.example.net[xx.xx.xxx.xxx]
Feb 14 15:11:10 SERVER02 postfix/policy-spf[20201]: handler sender_policy_framework: is decisive.
Feb 14 15:11:10 SERVER02 postfix/policy-spf[20201]: : Policy action=DEFER_IF_PERMIT SPF-Result=mail-server.eaxmple.net: 'SERVFAIL' error on DNS 'SPF' lookup of 'mail-server.eaxmple.net'
Feb 14 15:11:10 SERVER02 postfix/smtpd[20199]: warning: restriction `smtpd_data_restrictions' after `permit' is ignored
Feb 14 15:11:10 SERVER02 postfix/smtpd[20199]: NOQUEUE: reject: RCPT from mail.eaxmple.net[xx.xx.xxx.xxx]: 450 4.7.1 <me@us.com>: Recipient address rejected: SPF-Result=mail-server.eaxmple.net: 'SERVFAIL' error on DNS 'SPF' lookup of 'mail-server.eaxmple.net'; from=<them@example.net> to=<me@us.com> proto=ESMTP helo=<mail-server.eaxmple.net>
Feb 14 15:11:11 SERVER02 postfix/smtpd[20199]: disconnect from mail.example.net[xx.xx.xxx.xxx]


Now, their front end mail server is mail.example.net and their new back end server is mail-server.eaxmple.com

The first thing i noticed was the misspelling of their domain name in the mail-server (mail-server.eaxmple.com) So i told the it, was thier issue, and not ours. The problem is this.

eaxmple.net is in the domain example.net, The mistake was made a while ago, and never fixed.

Is there anyway i can get postfix to allow mail from this company with out them fixing their problem, as it they claim it is our problem.

here is a copy of my postfix config.


# Requirements for the HELO statement
smtpd_helo_restrictions = permit_mynetworks, warn_if_reject reject_non_fqdn_hostname, reject_invalid_hostname, permit
# Requirements for the sender details
smtpd_sender_restrictions = permit_mynetworks, warn_if_reject reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unauth_pipelining, permit
# Requirements for the connecting server
smtpd_client_restrictions = reject_rbl_client sbl.spamhaus.org, reject_rbl_client blackholes.easynet.nl, reject_rbl_client dnsbl.njabl.org
# Requirement for the recipient address
smtpd_recipient_restrictions = reject_unauth_pipelining, permit_mynetworks, reject_non_fqdn_recipient, reject_unknown_recipient_domain, reject_unauth_destination, check_policy_service unix:private/policy, check_policy_service inet:127.0.0.1:2525, permit smtpd_data_restrictions = reject_unauth_pipelining

# require proper helo at connections
smtpd_helo_required = yes


Can someone please help me out?
Apperenlty, we are the only place they can not send mail to, and I would like to make a work around so we can receive mail from them without waiting on them to fix thier problem.

Thank you in advance.

Hans 15th February 2011 21:38

Hi You've implemented SPF within Postfix which is fine.
Ik think the email of the sender can not pass as it seems that their domain DNS-settings does not contain a SPF-record.

If they define a SPF-record, i do think email will pass through.
So this is the best option.

The other possibility is that you remove the line:
check_policy_service unix:private/policy from your Postfix configuration file and restart Postfix afterwards.
In that case your system does not check for SPF-records anymore, but i don't recommend that.


All times are GMT +2. The time now is 12:10.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.