Envelope emails rejected
Hi,
I am running the latest version 2.010 and I get rejections like http://
In the postfix logs I see: Oct 13 21:31:30 DiskStation postfix/
Is this a bug or a configuration issue?
Thanks, Horia
Question information
- Language:
- English Edit question
- Status:
- Solved
- Assignee:
- No assignee Edit question
- Solved by:
- Horia Miclea
- Solved:
- Last query:
- Last reply:
Revision history for this message
|
#1 |
The openspf.org Why message you sent relates to the Mail From address of the message. The postfix log snippet relates to the HELO identity (SPF can check both Mail From and HELO). Please provide the full logs of a relevant message as this isn't enough information to reliably evaluate the situation.
Revision history for this message
|
#2 |
Here is the full log:
Oct 13 21:31:27 DiskStation postfix/
Oct 13 21:31:27 DiskStation postfix/
Oct 13 21:31:30 DiskStation postfix/
Oct 13 21:31:30 DiskStation postfix/
Oct 13 21:31:30 DiskStation postfix/
Oct 13 21:31:31 DiskStation postfix/
Oct 13 21:31:31 DiskStation postfix/
Oct 13 21:31:31 DiskStation postfix/
Revision history for this message
|
#3 |
Unfortunately, I don't have a great answer for you. The openspf.org Why service and postfix-
The mailer.netflix.com SPF record is v=spf1 include:
"v=spf1 ip4:199.
The connect IP for this message (54.240.5.1) matches ip4:54.240.0.0/18, so this should have been an SPF pass based on the current records.
I think it's most likely that on the 13th their SPF record was broken and between when the rejection was logged and when you checked the Why URL it had been fixed so it (correctly) showed the SPF pass. There's no way to know for sure.
Given all the above, my diagnosis is most likely sender misconfiguration that's already been addressed.
If you want to experiment, https:/
Revision history for this message
|
#4 |
Hi Scott,
I noticed this issue several times over long time (months). It didn't bother me untilI I saw the same on twitter emails with similar logs from postfix. The behaviour remains consistent as long I keep the postfix configuration to check and reject on SPF.
What intrigues me is this part of the log: Oct 13 21:31:30 DiskStation postfix/
Are there other reasons that don't allow the Mail::SPF lib to fetch the policy? I can see the spa-policyd code is attempting to fetch both.
Here is the twitter log, with the same issue, missing SPF policy for the envelope.
t 16 15:21:19 DiskStation postfix/
Oct 16 15:21:19 DiskStation postfix/
Oct 16 15:21:19 DiskStation postfix/
Oct 16 15:21:19 DiskStation postfix/
Oct 16 15:21:21 DiskStation postfix/
Oct 16 15:21:21 DiskStation postfix/
Oct 16 15:21:21 DiskStation postfix/
Oct 16 15:21:21 DiskStation postfix/
Oct 16 15:21:21 DiskStation postfix/
Oct 16 15:21:21 DiskStation postfix/
Oct 16 15:21:21 DiskStation postfix/
Oct 16 15:21:21 DiskStation postfix/
Oct 16 15:21:21 DiskStation postfix/
Oct 16 15:21:21 DiskStation postfix/
Oct 16 15:21:21 DiskStation postfix/
Oct 16 15:21:21 DiskStation postfix/
Thanks, Horia
Revision history for this message
|
#5 |
To answer your first question, a5-1.smtp-
I agree that given it's happened with multiple domains there is an issue somewhere.
It would be interesting to me to see if you still see the same problem with the Python implementation I referenced earlier.
Revision history for this message
|
#6 |
The Mail::SPF library includes some command line tools for testing. What happens if you run this on the server in question:
spfquery --id bounce.twitter.com --ip 199.59.150.97
Revision history for this message
|
#7 |
Horia, I'm the author of Mail::SPF and a co-author of postfix-
Revision history for this message
|
#8 |
Julian, Scott,
The library version is 2.9 and spfquery report is wrong. My system is a Synology NAS, and while I raised a support case, I can't replace the SPF policy module with the python implementation. I updated the support team about our thread, and I am pretty sure they will issue an update for the Mail package as soon you fix the library, if the issue is really there.
Below the details, thanks, Horia
DiskStation> /usr/bin/perl -I /var/packages/
fail
Please see http://
bounce.twitter.com: Sender is not authorized by default to use 'bounce.
Received-SPF: fail (bounce.
DiskStation> more /var/packages/
#
# Mail::SPF
# An object-oriented Perl implementation of Sender Policy Framework.
# <http://
#
# (C) 2005-2012 Julian Mehnle <email address hidden>
# 2005 Shevek <email address hidden>
# $Id: SPF.pm 63 2013-07-22 03:52:21Z julian $
#
#######
package Mail::SPF;
=head1 NAME
Mail::SPF - An object-oriented implementation of Sender Policy Framework
=head1 VERSION
2.009
Revision history for this message
|
#9 |
With the same version, I get a correct result. Mail::SPF uses Net::DNS, Netaddr:IP, and URI. What versions of these modules do you have installed?
Revision history for this message
|
#10 |
Hi Scott,
I just learned that Synology support discovered issues in the rest of the perl package on my ppc platform and that an update fixes the issue.
I understood this impacted the NetAddress handling as you suspected.
I think we can close this question, thanks to you and Julian for the assistance and apologies if I wasted your time.
Thanks, Horia
> On 21 Oct 2015, at 07:21, Scott Kitterman <email address hidden> wrote:
>
> Your question #272463 on postfix-
> https:/
>
> Status: Open => Needs information
>
> Scott Kitterman requested more information:
> With the same version, I get a correct result. Mail::SPF uses Net::DNS,
> Netaddr:IP, and URI. What versions of these modules do you have
> installed?
>
> --
> To answer this request for more information, you can either reply to
> this email or enter your reply at the following page:
> https:/
>
> You received this question notification because you asked the question.
Revision history for this message
|
#11 |
The problem is in other perl packages and the vendor identified the fix. Closing the question.