Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
SPF and Postfix mail
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
musicweb
n00b
n00b


Joined: 30 Jan 2013
Posts: 36

PostPosted: Fri Feb 01, 2013 5:29 pm    Post subject: SPF and Postfix mail Reply with quote

Can anyone tell me how to set up SPF and Postfix?
I installed the libspf2 package and also a few perl modules that
are supposed to be there for SPF to work.

I get a reject message from another server I'm sending an email to:

Code:
The administrator of the domain wm-mw.org may have incorrectly configured its SPF record. This is a common cause of mistakes.

Here's what you can do: Contact the wm-mw.org postmaster and tell them that they need to change wm-mw.org's SPF record so that it authorizes smtp-o-1.netrevolution.com. For example, they could change the record to something like

v=spf1 a ptr a:smtp-o-1.netrevolution.com -all
If you refer your postmaster to this web page, they should be able to solve the problem.


I don't see anywhere in Postfix configuration about setting up SPF.
I use Webmin to manage my server...
Back to top
View user's profile Send private message
Evileye
l33t
l33t


Joined: 06 Aug 2003
Posts: 782
Location: Toronto

PostPosted: Sat Feb 02, 2013 5:50 am    Post subject: Reply with quote

I'm assuming you are using BIND for your DNS. If so can you post the SPF record(s) you have added to your zone/hosts file for your domain.
Back to top
View user's profile Send private message
musicweb
n00b
n00b


Joined: 30 Jan 2013
Posts: 36

PostPosted: Sat Feb 02, 2013 12:25 pm    Post subject: Reply with quote

Thanks, but I'm still not sure what you mean.
Should I add that domain to the Mail Server Records area?
Back to top
View user's profile Send private message
papahuhn
l33t
l33t


Joined: 06 Sep 2004
Posts: 626

PostPosted: Sat Feb 02, 2013 12:32 pm    Post subject: Reply with quote

What exactly do you want to do with your mailserver? Do you run a mailing list or try to send emails on wm-mw.org's behalf? Is wm-mw.org your domain? If not, you cannot configure the domain's SPF record.
_________________
Death by snoo-snoo!
Back to top
View user's profile Send private message
musicweb
n00b
n00b


Joined: 30 Jan 2013
Posts: 36

PostPosted: Sat Feb 02, 2013 12:45 pm    Post subject: Reply with quote

Yes, we are wm-mw.org... and we own our servers. We never had a problem til
now like this. I guess SPF is becoming more common now.
Anyway, we try to send email to certain people and we get the error message sent
back to us. The emails are sent to them from our server using Postfix.
I see under BIND there is a Mail Server category under localhost.
In there is a Add Mail Server Record area. Is that where I add the domain we
are trying to send to?
No, we are not a mailing list company. Just an affiliate program for musicians.
Back to top
View user's profile Send private message
papahuhn
l33t
l33t


Joined: 06 Sep 2004
Posts: 626

PostPosted: Sat Feb 02, 2013 1:11 pm    Post subject: Reply with quote

Well, then this is not a postfix issue, at least not your postfix.

smtp-o-1.netrevolution.com tried to send an email claiming it came from wm-mw.org, though your SPF record [1] states, that netrevolution's smtp is not authorized to do this.
This happens, when your mailserver tries to send an email to, lets say user@netrevolution.com, and this email address is an alias for, lets say user@otherdomain.com. Netrevolutions smtp then tried to forward this email, but kept the original "MAIL FROM: whatever@wm-mw.org". otherdomain.com's smtp then checked your SPF record [1] and decided to reject the email, because smtp-o-1.netrevolution.com is not authorized to send emails with an envelope FROM address which includes your domain.

It is a matter of debate which party has a misconfiguration here. Maybe netrevolution shouldn't use your domain as MAIL FROM address. Personally, I think, that otherdomain.com's mailserver is too strict by rejecting those emails directly. The only thing you can do, without debating with netrevolution's and/or otherdomain's IT staff, is to loosen up your SPF record, which is a nameserver issue, not postfix.

[1] wm-mw.org descriptive text "v=spf1 a ptr -all"
_________________
Death by snoo-snoo!
Back to top
View user's profile Send private message
musicweb
n00b
n00b


Joined: 30 Jan 2013
Posts: 36

PostPosted: Sat Feb 02, 2013 1:23 pm    Post subject: Reply with quote

I'm still confused... so I'm going to turn this over to someone else in Canada.
No idead where to add records or loosen things up. Thanks for help anyway.
Back to top
View user's profile Send private message
papahuhn
l33t
l33t


Joined: 06 Sep 2004
Posts: 626

PostPosted: Sat Feb 02, 2013 1:29 pm    Post subject: Reply with quote

musicweb, who is responsible for your domain? Isn't there a Webmin panel which allows you to configure wm-mw.org's DNS settings?
_________________
Death by snoo-snoo!
Back to top
View user's profile Send private message
musicweb
n00b
n00b


Joined: 30 Jan 2013
Posts: 36

PostPosted: Sat Feb 02, 2013 1:39 pm    Post subject: Reply with quote

Sorry I got frustrated....

Yes, I was in Webmin this morning and looking at the BIND DNS server.
I got as far as seeing Add Sender Permitted From Record under localhost.
I just have no idea what to enter there.
This is a screenshot:

http://wm-mw.org/image2.jpeg
Back to top
View user's profile Send private message
papahuhn
l33t
l33t


Joined: 06 Sep 2004
Posts: 626

PostPosted: Sat Feb 02, 2013 1:56 pm    Post subject: Reply with quote

Hi, "localhost" does not sound right, and +all does not match "-all" in the query result I get for your domain [1].
Your domain is handled by the nameservers ns1.no-ip.com to ns5.no-ip.com, so you seem to have an account at no-ip.com? If you don't know, ask the one who registered your domain. It is those nameservers which need to be configured appropriately.

[1] wm-mw.org descriptive text "v=spf1 a ptr -all"
_________________
Death by snoo-snoo!
Back to top
View user's profile Send private message
musicweb
n00b
n00b


Joined: 30 Jan 2013
Posts: 36

PostPosted: Sat Feb 02, 2013 2:02 pm    Post subject: Reply with quote

Yes we have a no-ip account, so that's probably it.
I'll have our guy in Canada check it out. Thanks.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum