#1  
Old 13th July 2012, 07:36
jens jens is offline
Junior Member
 
Join Date: Jul 2012
Posts: 3
Thanks: 0
Thanked 0 Times in 0 Posts
Default postfix spf problems

Hi!

I've got some problem with my SPF. I'm running Debian 6, and postfix as mail server and would like to implement SPF as well, but it seems I can't get it to work.

here is my main.conf:
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no
# appending .domain is the MUA's job.
append_dot_mydomain = no
# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h
readme_directory = /usr/share/doc/postfix
# TLS parameters
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
smtpd_use_tls = yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.
myhostname = mail2.combiplate.se
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
mydomain = combiplate.com
myorigin = $mydomain
mydestination = mail2.combiplate.se
relayhost =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 192.168.1.0/24 192.168.10.0/24 192.168.42.0/24 46.235.233.0/24
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
html_directory = /usr/share/doc/postfix/html
smtpd_tls_auth_only = no
smtp_use_tls = yes
smtpd_tls_note_starttls_offer = yes
smtpd_tls_CAfile = /etc/postfix/ssl/cancert.pem
smtpd_tls_loglever = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_tiomeout = 3600s
smtpd_random_source = dev:/dev/urandom

smtpd_sasl_auth_enable = yes

smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject _unauth_destination,check_policy_service unixrivate/policy-spf
policy-spf_time_limit = 3600s

smtpd_sender_restrictions = permit_sasl_authenticated,permit_mynetworks


And here is my master.conf:
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
#
# Other external delivery methods.
#
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix - n n - 2 pipe
flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
mailman unix - n n - - pipe
flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
${nexthop} ${user}

policy unix - n n - - spawn
user=nobody argv=/usr/bin/perl /usr/sbin/postfix-policyd-spf-perl


After trying to send mail from my domain, the mail is received, but it the log there is nothing about SPF:

Jul 13 07:15:25 mail2 postfix/smtpd[27498]: DE7F8A06A: client=mail2.combiplate.se[192.168.1.36]
Jul 13 07:15:42 mail2 postfix/cleanup[27505]: DE7F8A06A: message-id=<20120713051525.DE7F8A06A@mail2.combiplate.se>
Jul 13 07:15:42 mail2 postfix/qmgr[27481]: DE7F8A06A: from=<jens@combiplate.com>, size=386, nrcpt=1 (queue active)
Jul 13 07:15:43 mail2 postfix/smtp[27506]: DE7F8A06A: enabling PIX workarounds: disable_esmtp delay_dotcrlf for aspmx.l.google.com[173.194.71.27]:25
Jul 13 07:15:43 mail2 postfix/smtpd[27498]: disconnect from mail2.combiplate.se[192.168.1.36]
Jul 13 07:15:44 mail2 postfix/smtp[27506]: DE7F8A06A: to=<jens@combiplate.com>, relay=aspmx.l.google.com[173.194.71.27]:25, delay=26, delays=24/0.01/0.85/0.76, dsn=2.0.0, status=sent (250 2.0.0 OK 1342156294 v6si9551035lab.20)
Jul 13 07:15:44 mail2 postfix/qmgr[27481]: DE7F8A06A: removed

I've also tryid sending mail to check-auth@verifier.port25.com, and it returns neutral. As if its not running?

Please help
Thanks!
Reply With Quote
Sponsored Links
  #2  
Old 13th July 2012, 10:20
TiTex TiTex is offline
Senior Member
 
Join Date: Aug 2011
Location: Cluj-Napoca,Romania
Posts: 125
Thanks: 0
Thanked 18 Times in 17 Posts
Send a message via Skype™ to TiTex
Default

do you have spf record for your domain ?
Reply With Quote
  #3  
Old 13th July 2012, 10:34
jens jens is offline
Junior Member
 
Join Date: Jul 2012
Posts: 3
Thanks: 0
Thanked 0 Times in 0 Posts
Default

I have..

combiplate.com. IN TXT "v=spf1 a mx ptr +all"

I've been testing around and changing the record, ended up with +all just for now, because I want to temporarily allow all in test purpose, to try to get SPF to give me anything in the log...

This I've put both in the forward and a similar record in reverse zone, is that correct or how should it be?
Reply With Quote
  #4  
Old 13th July 2012, 11:15
TiTex TiTex is offline
Senior Member
 
Join Date: Aug 2011
Location: Cluj-Napoca,Romania
Posts: 125
Thanks: 0
Thanked 18 Times in 17 Posts
Send a message via Skype™ to TiTex
Default

strange , it's working for me and all i have is a spf record for my domain , nothing spf related configured on my MTA

Code:
SPF check details:
----------------------------------------------------------
Result:         pass 
ID(s) verified: smtp.mailfrom=alex@ilogicgroup.org
DNS record(s):
    ilogicgroup.org. 86400 IN SPF "v=spf1 mx -all"
    ilogicgroup.org. 86400 IN MX 5 ns1.ilogicgroup.org.
    ns1.ilogicgroup.org. 86400 IN A 86.122.14.86
Reply With Quote
  #5  
Old 13th July 2012, 11:19
jens jens is offline
Junior Member
 
Join Date: Jul 2012
Posts: 3
Thanks: 0
Thanked 0 Times in 0 Posts
Default

how did you get that output?
So I can test and see what it gets me? (if I haven't already tried it)

Cant understand why this isent working for me.. I'm starting to have some suspicions but I dont know.
Reply With Quote
  #6  
Old 13th July 2012, 12:07
TiTex TiTex is offline
Senior Member
 
Join Date: Aug 2011
Location: Cluj-Napoca,Romania
Posts: 125
Thanks: 0
Thanked 18 Times in 17 Posts
Send a message via Skype™ to TiTex
 
Default

i've sent an email to check-auth@verifier.port25.com and got the reply
you can check if your spf record is valid here http://www.kitterman.com/spf/validate.html

Code:
This message is an automatic response from Port25's authentication verifier service at verifier.port25.com.  The service allows email senders to perform a simple check of various sender authentication mechanisms.  It is provided free of charge, in the hope that it is useful to the email community.  While it is not officially supported, we welcome any feedback you may have at <verifier-feedback@port25.com>.

Thank you for using the verifier,

The Port25 Solutions, Inc. team

==========================================================
Summary of Results
==========================================================
SPF check:          pass
DomainKeys check:   neutral
DKIM check:         neutral
Sender-ID check:    pass
SpamAssassin check: ham

==========================================================
Details:
==========================================================

HELO hostname:  ns1.ilogicgroup.org
Source IP:      86.122.14.86
mail-from:      alex@ilogicgroup.org

----------------------------------------------------------
SPF check details:
----------------------------------------------------------
Result:         pass 
ID(s) verified: smtp.mailfrom=alex@ilogicgroup.org
DNS record(s):
    ilogicgroup.org. 86400 IN SPF "v=spf1 mx -all"
    ilogicgroup.org. 86400 IN MX 5 ns1.ilogicgroup.org.
    ilogicgroup.org. 86400 IN MX 10 mail.ilogicgroup.org.
    ns1.ilogicgroup.org. 86400 IN A 86.122.14.86

----------------------------------------------------------
DomainKeys check details:
----------------------------------------------------------
Result:         neutral (message not signed)
ID(s) verified: header.From=alex@ilogicgroup.org DNS record(s):

----------------------------------------------------------
DKIM check details:
----------------------------------------------------------
Result:         neutral (message not signed)
ID(s) verified: 

NOTE: DKIM checking has been performed based on the latest DKIM specs (RFC 4871 or draft-ietf-dkim-base-10) and verification may fail for older versions.  If you are using Port25's PowerMTA, you need to use version 3.2r11 or later to get a compatible version of DKIM.

----------------------------------------------------------
Sender-ID check details:
----------------------------------------------------------
Result:         pass 
ID(s) verified: header.From=alex@ilogicgroup.org DNS record(s):
    ilogicgroup.org. 86400 IN SPF "v=spf1 mx -all"
    ilogicgroup.org. 86400 IN MX 5 ns1.ilogicgroup.org.
    ilogicgroup.org. 86400 IN MX 10 mail.ilogicgroup.org.
    ns1.ilogicgroup.org. 86400 IN A 86.122.14.86

----------------------------------------------------------
SpamAssassin check details:
----------------------------------------------------------
SpamAssassin v3.3.1 (2010-03-16)

Result:         ham  (-0.0 points, 5.0 required)

 pts rule name              description
---- ---------------------- --------------------------------------------------
-0.0 T_RP_MATCHES_RCVD      Envelope sender domain matches handover relay
                            domain
-0.0 BAYES_40               BODY: Bayes spam probability is 20 to 40%
                            [score: 0.2965]
 0.0 HTML_MESSAGE           BODY: HTML included in message

==========================================================

Last edited by TiTex; 13th July 2012 at 12:11.
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Postfix/courier/Centos 6 cant send email to external email servers maxtorzito Installation/Configuration 14 7th October 2011 10:56
Virtual Users And Domains With Postfix, Courier, MySQL And SquirrelMail-Problema jz_ HOWTO-Related Questions 9 14th September 2011 13:31
Postfix SMTP Auth to Dovecot Not Working -- HELP! Scratchpad Server Operation 6 12th April 2011 13:29
421 Unexpected failure Lizard King Installation/Configuration 20 7th July 2009 20:43
Help configure Postfix to use alt port 465 or 587 BoloMarkIII Installation/Configuration 10 16th March 2009 17:57


All times are GMT +2. The time now is 10:37.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.