Completely lost in SPF! please help

Discussion in 'Server Operation' started by phinex, Mar 18, 2012.

  1. phinex

    phinex New Member

    Hi there,

    My setup is as below:

    VPS (Debian,Postfix,Dovecot, System accounts as email address')
    Domain name:
    Host name:
    IP address:
    Email account: [email protected]
    Sending from: Evolution SMTP on port: 26
    Server: for sending and receiving emails & web server exclusively for one domain
    IP: one dedicated IP only
    DNS recrods:
    -/-          A	
    ftp 	      A 	  	  	
    mail 	      A 	  	  	
    -/-          MX	      1
    -/-          TXT                v=spf1 -all
    mail 	     TXT	  	v=spf1 -all 	  	  	
    imap        CNAME 	  	  	
    pop 	     CNAME 	  	  	
    smtp 	     CNAME 	  	  	
    www 	     CNAME
    <[email protected]>: host[] said:
    550 5.7.1 <[email protected]>: Recipient address rejected: SPF Tests:
    Mail-From Result="fail": Mail From="[email protected]" HELO
    name="" HELO Result="fail" Remote IP="" (in
    reply to RCPT TO command)

    I've tried almost everything, but getting fail.

    Please help.
    Last edited: Mar 18, 2012
  2. falko

    falko Super Moderator ISPConfig Developer

    Is the DNS server where you created the SPF record authoritative for the domain?

    Also, it can take up to 72 hours for DNS changes to propagate.
  3. phinex

    phinex New Member

    Hi Falko, and thanks for your reply.
    More than 72 hours have passed since I inserted the records.
    (these records I inserted in the Power Panel of the VPS provider)
    Sorry, but I don't know how to whether its authoritative or not, this may help? :


    Non-authoritative answer: name =

    Authoritative answers can be found from: nameserver = nameserver = internet address = internet address =

    #I checked with AOL and the SPF test passes there!, though I don't
    know why I'm still getting fail when testing with [email protected]
    #does that have anything to do with the IP number I'm getting from my ISP when sending from Evolution? though I'm using port 26
    to bypass there mail server...
    Last edited: Mar 19, 2012
  4. falko

    falko Super Moderator ISPConfig Developer

    dig txt
    show your SPF record?
  5. phinex

    phinex New Member

    Looks so:

    [email protected]:~$ dig txt
    ; <<>> DiG 9.7.3 <<>> txt
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33386
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
    ;			IN	TXT
    ;; ANSWER SECTION:		86400	IN	TXT	"v=spf1 -all"
    ;; AUTHORITY SECTION:		86400	IN	NS		86400	IN	NS
    ;; ADDITIONAL SECTION: 57454	IN	A 57454 IN	A
    ;; Query time: 503 msec
    ;; SERVER:
    ;; WHEN: Tue Mar 20 16:49:09 2012
    ;; MSG SIZE  rcvd: 161
    And exactly the same results if :
    [email protected]:~$ dig txt
    Last edited: Mar 20, 2012
  6. falko

    falko Super Moderator ISPConfig Developer

    That looks ok. Can you change the SPF record to
    v=spf1 [COLOR="Red"]+[/COLOR] -all
    and test again?
  7. erosbk

    erosbk New Member

    Try sending mail to [email protected]

    I have the same problem that you have, but I am ok for =/
  8. phinex

    phinex New Member

    ok, I'll give it a try, though by definition the '+' can be omitted.

    Could it be that I should include the ISP IP address in the record? because it presents in the header as " Send By"?
  9. phinex

    phinex New Member

    Thanks for the tip, my SPF also Passes with
    So either [email protected] has a bug which is highly unlikely, or it's
    that we are missing on something, for example " including the ISP IP address in the record" ... or ?
  10. erosbk

    erosbk New Member

    I think that there is no bug in "[email protected]". If you send a mail from gmail, you will see that it is working. I think that we have to do a little more researh in this, falko I think could help us to see what is happening.

    As I see, you are exactly in the same point that I am xD
  11. gapa

    gapa New Member

  12. joemiller

    joemiller New Member

    That could be worth looking at. I had a case like that a while ago, where the isp had basically hijacked all emails so they came from their server. It caused spf authentication to fail.

    I sorted it by looking at the email client settings (I think you said this was evolution) and changing it so they go directly to the mail server. I'm not sure if this applies in your case.

    The problem with adding the isp ip address to your spf record is you're then authorising anyone with an email account on that server to send emails as you.

    hope this helps.

Share This Page