|
### Postfix SPF Error - postfix-policyd-spf-perl and SERVFAIL ###
// Problem //
One day my Postfix started to reject mails from a specific domain. After some quick investigations, it turned out that the culprit was the SPF check script. As it appears, the DNS server that keeps all records of the remote domain is answering with a SERVFAIL error whenever one tries to fetch a TXT record from it. Since SPF relies on TXT records, the SPF check was failing with a soft fail (err 450), and after some time, the mail was getting bounced.
Obviously, the root problem lies in the crappy implementation of the remote domain. However, I still needed to find some way to make it work from my side.
Jan 20 19:34:01 mail postfix/policy-spf[6114]: : Policy action=DEFER_IF_PERMIT SPF-Result=example.com: 'SERVFAIL' error on DNS 'SPF' lookup of 'example.com'
Jan 20 19:34:01 mail postfix/smtpd[6102]: NOQUEUE: reject: RCPT from mail.example.com[212.212.212.212]: 450 4.7.1 email@example.com: Recipient address rejected: SPF-Result=example.com: 'SERVFAIL' error on DNS 'SPF' lookup of 'example.com'; from=sender@example.com to=email@mydomain.com proto=ESMTP helo=
// Workaround //
The workaround I found was to modify the SPF script. I changed the /usr/share/perl5/Mail/SPF/Server.pm file on my mail server, and modified this line:
$packet->header->rcode =~ /^(NOERROR|NXDOMAIN)$/
to make it look like this:
$packet->header->rcode =~ /^(NOERROR|NXDOMAIN|SERVFAIL)$/
What I did, is to change the error on TXT to be threated as an 'ok' situation. After a restart of postfix, mails from the remote domain got accepted.
|