View previous topic :: View next topic |
Author |
Message |
musicweb n00b
Joined: 30 Jan 2013 Posts: 36
|
Posted: Fri Feb 01, 2013 5:29 pm Post subject: SPF and Postfix mail |
|
|
Can anyone tell me how to set up SPF and Postfix?
I installed the libspf2 package and also a few perl modules that
are supposed to be there for SPF to work.
I get a reject message from another server I'm sending an email to:
Code: | The administrator of the domain wm-mw.org may have incorrectly configured its SPF record. This is a common cause of mistakes.
Here's what you can do: Contact the wm-mw.org postmaster and tell them that they need to change wm-mw.org's SPF record so that it authorizes smtp-o-1.netrevolution.com. For example, they could change the record to something like
v=spf1 a ptr a:smtp-o-1.netrevolution.com -all
If you refer your postmaster to this web page, they should be able to solve the problem. |
I don't see anywhere in Postfix configuration about setting up SPF.
I use Webmin to manage my server... |
|
Back to top |
|
|
Evileye l33t
Joined: 06 Aug 2003 Posts: 782 Location: Toronto
|
Posted: Sat Feb 02, 2013 5:50 am Post subject: |
|
|
I'm assuming you are using BIND for your DNS. If so can you post the SPF record(s) you have added to your zone/hosts file for your domain. |
|
Back to top |
|
|
musicweb n00b
Joined: 30 Jan 2013 Posts: 36
|
Posted: Sat Feb 02, 2013 12:25 pm Post subject: |
|
|
Thanks, but I'm still not sure what you mean.
Should I add that domain to the Mail Server Records area? |
|
Back to top |
|
|
papahuhn l33t
Joined: 06 Sep 2004 Posts: 626
|
Posted: Sat Feb 02, 2013 12:32 pm Post subject: |
|
|
What exactly do you want to do with your mailserver? Do you run a mailing list or try to send emails on wm-mw.org's behalf? Is wm-mw.org your domain? If not, you cannot configure the domain's SPF record. _________________ Death by snoo-snoo! |
|
Back to top |
|
|
musicweb n00b
Joined: 30 Jan 2013 Posts: 36
|
Posted: Sat Feb 02, 2013 12:45 pm Post subject: |
|
|
Yes, we are wm-mw.org... and we own our servers. We never had a problem til
now like this. I guess SPF is becoming more common now.
Anyway, we try to send email to certain people and we get the error message sent
back to us. The emails are sent to them from our server using Postfix.
I see under BIND there is a Mail Server category under localhost.
In there is a Add Mail Server Record area. Is that where I add the domain we
are trying to send to?
No, we are not a mailing list company. Just an affiliate program for musicians. |
|
Back to top |
|
|
papahuhn l33t
Joined: 06 Sep 2004 Posts: 626
|
Posted: Sat Feb 02, 2013 1:11 pm Post subject: |
|
|
Well, then this is not a postfix issue, at least not your postfix.
smtp-o-1.netrevolution.com tried to send an email claiming it came from wm-mw.org, though your SPF record [1] states, that netrevolution's smtp is not authorized to do this.
This happens, when your mailserver tries to send an email to, lets say user@netrevolution.com, and this email address is an alias for, lets say user@otherdomain.com. Netrevolutions smtp then tried to forward this email, but kept the original "MAIL FROM: whatever@wm-mw.org". otherdomain.com's smtp then checked your SPF record [1] and decided to reject the email, because smtp-o-1.netrevolution.com is not authorized to send emails with an envelope FROM address which includes your domain.
It is a matter of debate which party has a misconfiguration here. Maybe netrevolution shouldn't use your domain as MAIL FROM address. Personally, I think, that otherdomain.com's mailserver is too strict by rejecting those emails directly. The only thing you can do, without debating with netrevolution's and/or otherdomain's IT staff, is to loosen up your SPF record, which is a nameserver issue, not postfix.
[1] wm-mw.org descriptive text "v=spf1 a ptr -all" _________________ Death by snoo-snoo! |
|
Back to top |
|
|
musicweb n00b
Joined: 30 Jan 2013 Posts: 36
|
Posted: Sat Feb 02, 2013 1:23 pm Post subject: |
|
|
I'm still confused... so I'm going to turn this over to someone else in Canada.
No idead where to add records or loosen things up. Thanks for help anyway. |
|
Back to top |
|
|
papahuhn l33t
Joined: 06 Sep 2004 Posts: 626
|
Posted: Sat Feb 02, 2013 1:29 pm Post subject: |
|
|
musicweb, who is responsible for your domain? Isn't there a Webmin panel which allows you to configure wm-mw.org's DNS settings? _________________ Death by snoo-snoo! |
|
Back to top |
|
|
musicweb n00b
Joined: 30 Jan 2013 Posts: 36
|
Posted: Sat Feb 02, 2013 1:39 pm Post subject: |
|
|
Sorry I got frustrated....
Yes, I was in Webmin this morning and looking at the BIND DNS server.
I got as far as seeing Add Sender Permitted From Record under localhost.
I just have no idea what to enter there.
This is a screenshot:
http://wm-mw.org/image2.jpeg |
|
Back to top |
|
|
papahuhn l33t
Joined: 06 Sep 2004 Posts: 626
|
Posted: Sat Feb 02, 2013 1:56 pm Post subject: |
|
|
Hi, "localhost" does not sound right, and +all does not match "-all" in the query result I get for your domain [1].
Your domain is handled by the nameservers ns1.no-ip.com to ns5.no-ip.com, so you seem to have an account at no-ip.com? If you don't know, ask the one who registered your domain. It is those nameservers which need to be configured appropriately.
[1] wm-mw.org descriptive text "v=spf1 a ptr -all" _________________ Death by snoo-snoo! |
|
Back to top |
|
|
musicweb n00b
Joined: 30 Jan 2013 Posts: 36
|
Posted: Sat Feb 02, 2013 2:02 pm Post subject: |
|
|
Yes we have a no-ip account, so that's probably it.
I'll have our guy in Canada check it out. Thanks. |
|
Back to top |
|
|
|