HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (
-   Server Operation (
-   -   Postfix mail server. Please help (

Scott.Paananen 15th February 2011 21:58

Postfix mail server. Please help
Hi everyone,
I am new to postfix, and i am having an issue.
We are not able to get mail from a certain company, our post fix logs show the following.

Note: i've removed personal information from the logs

Feb 14 15:10:54 SERVER02 postfix/smtpd[20199]: connect from[]
Feb 14 15:11:10 SERVER02 postfix/policy-spf[20201]: handler sender_policy_framework: is decisive.
Feb 14 15:11:10 SERVER02 postfix/policy-spf[20201]: : Policy action=DEFER_IF_PERMIT 'SERVFAIL' error on DNS 'SPF' lookup of ''
Feb 14 15:11:10 SERVER02 postfix/smtpd[20199]: warning: restriction `smtpd_data_restrictions' after `permit' is ignored
Feb 14 15:11:10 SERVER02 postfix/smtpd[20199]: NOQUEUE: reject: RCPT from[]: 450 4.7.1 <>: Recipient address rejected: 'SERVFAIL' error on DNS 'SPF' lookup of ''; from=<> to=<> proto=ESMTP helo=<>
Feb 14 15:11:11 SERVER02 postfix/smtpd[20199]: disconnect from[]

Now, their front end mail server is and their new back end server is

The first thing i noticed was the misspelling of their domain name in the mail-server ( So i told the it, was thier issue, and not ours. The problem is this. is in the domain, The mistake was made a while ago, and never fixed.

Is there anyway i can get postfix to allow mail from this company with out them fixing their problem, as it they claim it is our problem.

here is a copy of my postfix config.

# Requirements for the HELO statement
smtpd_helo_restrictions = permit_mynetworks, warn_if_reject reject_non_fqdn_hostname, reject_invalid_hostname, permit
# Requirements for the sender details
smtpd_sender_restrictions = permit_mynetworks, warn_if_reject reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unauth_pipelining, permit
# Requirements for the connecting server
smtpd_client_restrictions = reject_rbl_client, reject_rbl_client, reject_rbl_client
# Requirement for the recipient address
smtpd_recipient_restrictions = reject_unauth_pipelining, permit_mynetworks, reject_non_fqdn_recipient, reject_unknown_recipient_domain, reject_unauth_destination, check_policy_service unix:private/policy, check_policy_service inet:, permit smtpd_data_restrictions = reject_unauth_pipelining

# require proper helo at connections
smtpd_helo_required = yes

Can someone please help me out?
Apperenlty, we are the only place they can not send mail to, and I would like to make a work around so we can receive mail from them without waiting on them to fix thier problem.

Thank you in advance.

Hans 15th February 2011 22:38

Hi You've implemented SPF within Postfix which is fine.
Ik think the email of the sender can not pass as it seems that their domain DNS-settings does not contain a SPF-record.

If they define a SPF-record, i do think email will pass through.
So this is the best option.

The other possibility is that you remove the line:
check_policy_service unix:private/policy from your Postfix configuration file and restart Postfix afterwards.
In that case your system does not check for SPF-records anymore, but i don't recommend that.

All times are GMT +2. The time now is 13:45.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.