SPF DNS Issues

Discussion in 'ISPConfig 3 Priority Support' started by Dextros, Sep 26, 2016.

  1. Dextros

    Dextros Member HowtoForge Supporter

    Hi Guys
    The server has been running great after the extra protection I put in place.
    SPF is causing me some hassle, and I want to know how to properly respond to such issues.
    Every now and again, we get domains that send emails from a seperate server to its parent domain.
    Im sure that this is a configuration problem their end, but I don't know what to say 100% back to my clients as to why some emails are not getting through to them.

    Sep 26 09:18:29 isc postfix/smtpd[28932]: warning: hostname drydensfairfax.com does not resolve to address 77.89.147.131
    Sep 26 09:18:29 isc postfix/smtpd[26785]: warning: hostname drydensfairfax.com does not resolve to address 77.89.147.131
    Sep 26 09:18:30 isc postfix/smtpd[28932]: NOQUEUE: reject: RCPT from unknown[77.89.147.131]: 450 4.7.1 Client host rejected: cannot find your hostname, [77.89.147.131]; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<mail1.drydensfairfax.com>
    Sep 26 09:18:30 isc postfix/smtpd[26785]: NOQUEUE: reject: RCPT from unknown[77.89.147.131]: 450 4.7.1 Client host rejected: cannot find your hostname, [77.89.147.131]; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<mail1.drydensfairfax.com>
    Please see dig of both dns with different IP addresses.
    Code:
     dig 77.89.147.131
    
    ; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> 77.89.147.131
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 45669
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
    
    ;; QUESTION SECTION:
    ;77.89.147.131.                 IN      A
    
    ;; AUTHORITY SECTION:
    .                       10800   IN      SOA     a.root-servers.net. nstld.verisign-grs.com. 2016092600 1800 900 604800 86400
    
    ;; Query time: 14 msec
    ;; SERVER: 127.0.0.1#53(127.0.0.1)
    ;; WHEN: Mon Sep 26 12:03:54 2016
    ;; MSG SIZE  rcvd: 106
    
    [email protected]:~# dig drydensfairfax.com
    
    ; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> drydensfairfax.com
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7555
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 4
    
    ;; QUESTION SECTION:
    ;drydensfairfax.com.            IN      A
    
    ;; ANSWER SECTION:
    drydensfairfax.com.     2809    IN      A       77.89.147.140
    
    ;; AUTHORITY SECTION:
    drydensfairfax.com.     26808   IN      NS      dns086.c.register.com.
    drydensfairfax.com.     26808   IN      NS      dns036.b.register.com.
    drydensfairfax.com.     26808   IN      NS      dns010.d.register.com.
    drydensfairfax.com.     26808   IN      NS      dns196.a.register.com.
    
    ;; ADDITIONAL SECTION:
    dns010.d.register.com.  26808   IN      A       216.21.236.10
    dns036.b.register.com.  26808   IN      A       216.21.232.36
    dns086.c.register.com.  26808   IN      A       216.21.235.86
    dns196.a.register.com.  26808   IN      A       216.21.231.196
    
    ;; Query time: 0 msec
    ;; SERVER: 127.0.0.1#53(127.0.0.1)
    ;; WHEN: Mon Sep 26 12:04:24 2016
    ;; MSG SIZE  rcvd: 217
    
    [email protected]:~# dig mail1.drydensfairfax.com
    
    ; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> mail1.drydensfairfax.com
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45831
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 4
    
    ;; QUESTION SECTION:
    ;mail1.drydensfairfax.com.      IN      A
    
    ;; ANSWER SECTION:
    mail1.drydensfairfax.com. 14400 IN      A       77.89.147.142
    
    ;; AUTHORITY SECTION:
    drydensfairfax.com.     26540   IN      NS      dns010.d.register.com.
    drydensfairfax.com.     26540   IN      NS      dns036.b.register.com.
    drydensfairfax.com.     26540   IN      NS      dns086.c.register.com.
    drydensfairfax.com.     26540   IN      NS      dns196.a.register.com.
    
    ;; ADDITIONAL SECTION:
    dns010.d.register.com.  26540   IN      A       216.21.236.10
    dns036.b.register.com.  26540   IN      A       216.21.232.36
    dns086.c.register.com.  26540   IN      A       216.21.235.86
    dns196.a.register.com.  26540   IN      A       216.21.231.196
    
    ;; Query time: 142 msec
    ;; SERVER: 127.0.0.1#53(127.0.0.1)
    ;; WHEN: Mon Sep 26 12:08:52 2016
    ;; MSG SIZE  rcvd: 223
    
    Thanks
    Lee
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    Did you check that 77.89.147.131 has a reverse dns record that resolves to the domain name?
     

Share This Page