Hi everyone, I am new to postfix, and i am having an issue. We are not able to get mail from a certain company, our post fix logs show the following. Note: i've removed personal information from the logs Feb 14 15:10:54 SERVER02 postfix/smtpd[20199]: connect from mail.example.net[xx.xx.xxx.xxx] Feb 14 15:11:10 SERVER02 postfix/policy-spf[20201]: handler sender_policy_framework: is decisive. Feb 14 15:11:10 SERVER02 postfix/policy-spf[20201]: : Policy action=DEFER_IF_PERMIT SPF-Result=mail-server.eaxmple.net: 'SERVFAIL' error on DNS 'SPF' lookup of 'mail-server.eaxmple.net' Feb 14 15:11:10 SERVER02 postfix/smtpd[20199]: warning: restriction `smtpd_data_restrictions' after `permit' is ignored Feb 14 15:11:10 SERVER02 postfix/smtpd[20199]: NOQUEUE: reject: RCPT from mail.eaxmple.net[xx.xx.xxx.xxx]: 450 4.7.1 <[email protected]>: Recipient address rejected: SPF-Result=mail-server.eaxmple.net: 'SERVFAIL' error on DNS 'SPF' lookup of 'mail-server.eaxmple.net'; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<mail-server.eaxmple.net> Feb 14 15:11:11 SERVER02 postfix/smtpd[20199]: disconnect from mail.example.net[xx.xx.xxx.xxx] Now, their front end mail server is mail.example.net and their new back end server is mail-server.eaxmple.com The first thing i noticed was the misspelling of their domain name in the mail-server (mail-server.eaxmple.com) So i told the it, was thier issue, and not ours. The problem is this. eaxmple.net is in the domain example.net, The mistake was made a while ago, and never fixed. Is there anyway i can get postfix to allow mail from this company with out them fixing their problem, as it they claim it is our problem. here is a copy of my postfix config. # Requirements for the HELO statement smtpd_helo_restrictions = permit_mynetworks, warn_if_reject reject_non_fqdn_hostname, reject_invalid_hostname, permit # Requirements for the sender details smtpd_sender_restrictions = permit_mynetworks, warn_if_reject reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unauth_pipelining, permit # Requirements for the connecting server smtpd_client_restrictions = reject_rbl_client sbl.spamhaus.org, reject_rbl_client blackholes.easynet.nl, reject_rbl_client dnsbl.njabl.org # Requirement for the recipient address smtpd_recipient_restrictions = reject_unauth_pipelining, permit_mynetworks, reject_non_fqdn_recipient, reject_unknown_recipient_domain, reject_unauth_destination, check_policy_service unixrivate/policy, check_policy_service inet:127.0.0.1:2525, permit smtpd_data_restrictions = reject_unauth_pipelining # require proper helo at connections smtpd_helo_required = yes Can someone please help me out? Apperenlty, we are the only place they can not send mail to, and I would like to make a work around so we can receive mail from them without waiting on them to fix thier problem. Thank you in advance.
Hi You've implemented SPF within Postfix which is fine. Ik think the email of the sender can not pass as it seems that their domain DNS-settings does not contain a SPF-record. If they define a SPF-record, i do think email will pass through. So this is the best option. The other possibility is that you remove the line: check_policy_service unixrivate/policy from your Postfix configuration file and restart Postfix afterwards. In that case your system does not check for SPF-records anymore, but i don't recommend that.
