Originally Posted by Rocky
Please add both the domain and ip to your baruwa whitelist
As you predicted:
Apr 15 21:22:36 curve postfix/smtpd: warning: 18.104.22.168: address not listed for hostname mail.senderdomain.com
Apr 15 21:22:36 curve postfix/cleanup: 40A2B5E68D: hold: header Received: from mail.senderdomain.com (unknown [22.214.171.124])??by curve.domainservicehost.com (Postfix) with ESMTP id 40A2B5E68D??for <firstname.lastname@example.org>; Fri, 15 Apr 2011 21:22:36 -0 from unknown[126.96.36.199]; from=<email@example.com> to=<firstname.lastname@example.org> proto=ESMTP helo=<mail.senderdomain.com>
Apr 15 21:22:38 curve postfix/qmgr: 349705E6C8: from=<email@example.com>, size=12154, nrcpt=1 (queue active)
May I ask a related question?
It appears to me that the SPF lookup of the "helo" hostname is a problem here. Why would the SPF lookup the helo? Why not a DNS TXT/SPF lookup of the MAIL FROM:?
In this particular case, the sender's email is coming from a hosted account on godaddy, and the mail.senderdomain resolves to a CNAME, and that CNAME resolves to another CNAME, which finally resolves to an A record.
root@vector:~# dig @ns40.domaincontrol.com mail.senderdomain.com TXT
; <<>> DiG 9.7.0-P1 <<>> @ns40.domaincontrol.com mail.senderdomain.com TXT
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26012
;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0
;; QUESTION SECTION:
;mail.senderdomain.com. IN TXT
;; ANSWER SECTION:
mail.senderdomain.com. 3600 IN CNAME pop.secureserver.net.
;; AUTHORITY SECTION:
senderdomain.com. 3600 IN NS ns39.domaincontrol.com.
senderdomain.com. 3600 IN NS ns40.domaincontrol.com.
;; Query time: 47 msec
;; SERVER: 188.8.131.52#53(184.108.40.206)
;; WHEN: Fri Apr 15 21:34:56 2011
;; MSG SIZE rcvd: 126
I get a fully recursed response which clearly shows there is no TXT record for this domain (which is actually a hostname.)
However, if I do the same dig without the "@" (using my locally configured name server) I get a SRVFAIL:
root@vector:~# dig mail.senderdomain.com TXT
; <<>> DiG 9.7.0-P1 <<>> mail.senderdomain.com TXT
;; global options: +cmd
;; connection timed out; no servers could be reached
So firstly, thank you YET AGAIN for helping me resolve a problem... however, it seems to me there may still be some type of inconsistency with how SPF parses the SMTP conversation for processing the DNS query.
Deconn Technical Services