Hi! I've got some problem with my SPF. I'm running Debian 6, and postfix as mail server and would like to implement SPF as well, but it seems I can't get it to work. here is my main.conf: smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU) biff = no # appending .domain is the MUA's job. append_dot_mydomain = no # Uncomment the next line to generate "delayed mail" warnings #delay_warning_time = 4h readme_directory = /usr/share/doc/postfix # TLS parameters smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key smtpd_use_tls = yes smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for # information on enabling SSL in the smtp client. myhostname = mail2.combiplate.se alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases mydomain = combiplate.com myorigin = $mydomain mydestination = mail2.combiplate.se relayhost = mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 192.168.1.0/24 192.168.10.0/24 192.168.42.0/24 46.235.233.0/24 mailbox_command = procmail -a "$EXTENSION" mailbox_size_limit = 0 recipient_delimiter = + inet_interfaces = all html_directory = /usr/share/doc/postfix/html smtpd_tls_auth_only = no smtp_use_tls = yes smtpd_tls_note_starttls_offer = yes smtpd_tls_CAfile = /etc/postfix/ssl/cancert.pem smtpd_tls_loglever = 1 smtpd_tls_received_header = yes smtpd_tls_session_cache_tiomeout = 3600s smtpd_random_source = dev:/dev/urandom smtpd_sasl_auth_enable = yes smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination,check_policy_service unixrivate/policy-spf policy-spf_time_limit = 3600s smtpd_sender_restrictions = permit_sasl_authenticated,permit_mynetworks And here is my master.conf: uucp unix - n n - - pipe flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient) # # Other external delivery methods. # ifmail unix - n n - - pipe flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient) bsmtp unix - n n - - pipe flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient scalemail-backend unix - n n - 2 pipe flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension} mailman unix - n n - - pipe flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py ${nexthop} ${user} policy unix - n n - - spawn user=nobody argv=/usr/bin/perl /usr/sbin/postfix-policyd-spf-perl After trying to send mail from my domain, the mail is received, but it the log there is nothing about SPF: Jul 13 07:15:25 mail2 postfix/smtpd[27498]: DE7F8A06A: client=mail2.combiplate.se[192.168.1.36] Jul 13 07:15:42 mail2 postfix/cleanup[27505]: DE7F8A06A: message-id=<[email protected]> Jul 13 07:15:42 mail2 postfix/qmgr[27481]: DE7F8A06A: from=<[email protected]>, size=386, nrcpt=1 (queue active) Jul 13 07:15:43 mail2 postfix/smtp[27506]: DE7F8A06A: enabling PIX workarounds: disable_esmtp delay_dotcrlf for aspmx.l.google.com[173.194.71.27]:25 Jul 13 07:15:43 mail2 postfix/smtpd[27498]: disconnect from mail2.combiplate.se[192.168.1.36] Jul 13 07:15:44 mail2 postfix/smtp[27506]: DE7F8A06A: to=<[email protected]>, relay=aspmx.l.google.com[173.194.71.27]:25, delay=26, delays=24/0.01/0.85/0.76, dsn=2.0.0, status=sent (250 2.0.0 OK 1342156294 v6si9551035lab.20) Jul 13 07:15:44 mail2 postfix/qmgr[27481]: DE7F8A06A: removed I've also tryid sending mail to [email protected], and it returns neutral. As if its not running? Please help Thanks!
I have.. combiplate.com. IN TXT "v=spf1 a mx ptr +all" I've been testing around and changing the record, ended up with +all just for now, because I want to temporarily allow all in test purpose, to try to get SPF to give me anything in the log... This I've put both in the forward and a similar record in reverse zone, is that correct or how should it be?
strange , it's working for me and all i have is a spf record for my domain , nothing spf related configured on my MTA Code: SPF check details: ---------------------------------------------------------- Result: pass ID(s) verified: [email protected] DNS record(s): ilogicgroup.org. 86400 IN SPF "v=spf1 mx -all" ilogicgroup.org. 86400 IN MX 5 ns1.ilogicgroup.org. ns1.ilogicgroup.org. 86400 IN A 86.122.14.86
how did you get that output? So I can test and see what it gets me? (if I haven't already tried it) Cant understand why this isent working for me.. I'm starting to have some suspicions but I dont know.
i've sent an email to [email protected] and got the reply you can check if your spf record is valid here http://www.kitterman.com/spf/validate.html Code: This message is an automatic response from Port25's authentication verifier service at verifier.port25.com. The service allows email senders to perform a simple check of various sender authentication mechanisms. It is provided free of charge, in the hope that it is useful to the email community. While it is not officially supported, we welcome any feedback you may have at <[email protected]>. Thank you for using the verifier, The Port25 Solutions, Inc. team ========================================================== Summary of Results ========================================================== SPF check: pass DomainKeys check: neutral DKIM check: neutral Sender-ID check: pass SpamAssassin check: ham ========================================================== Details: ========================================================== HELO hostname: ns1.ilogicgroup.org Source IP: 86.122.14.86 mail-from: [email protected] ---------------------------------------------------------- SPF check details: ---------------------------------------------------------- Result: pass ID(s) verified: [email protected] DNS record(s): ilogicgroup.org. 86400 IN SPF "v=spf1 mx -all" ilogicgroup.org. 86400 IN MX 5 ns1.ilogicgroup.org. ilogicgroup.org. 86400 IN MX 10 mail.ilogicgroup.org. ns1.ilogicgroup.org. 86400 IN A 86.122.14.86 ---------------------------------------------------------- DomainKeys check details: ---------------------------------------------------------- Result: neutral (message not signed) ID(s) verified: [email protected] DNS record(s): ---------------------------------------------------------- DKIM check details: ---------------------------------------------------------- Result: neutral (message not signed) ID(s) verified: NOTE: DKIM checking has been performed based on the latest DKIM specs (RFC 4871 or draft-ietf-dkim-base-10) and verification may fail for older versions. If you are using Port25's PowerMTA, you need to use version 3.2r11 or later to get a compatible version of DKIM. ---------------------------------------------------------- Sender-ID check details: ---------------------------------------------------------- Result: pass ID(s) verified: [email protected] DNS record(s): ilogicgroup.org. 86400 IN SPF "v=spf1 mx -all" ilogicgroup.org. 86400 IN MX 5 ns1.ilogicgroup.org. ilogicgroup.org. 86400 IN MX 10 mail.ilogicgroup.org. ns1.ilogicgroup.org. 86400 IN A 86.122.14.86 ---------------------------------------------------------- SpamAssassin check details: ---------------------------------------------------------- SpamAssassin v3.3.1 (2010-03-16) Result: ham (-0.0 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay domain -0.0 BAYES_40 BODY: Bayes spam probability is 20 to 40% [score: 0.2965] 0.0 HTML_MESSAGE BODY: HTML included in message ==========================================================
